CN114513302A - Data encryption and decryption method and equipment - Google Patents
Data encryption and decryption method and equipment Download PDFInfo
- Publication number
- CN114513302A CN114513302A CN202210081366.0A CN202210081366A CN114513302A CN 114513302 A CN114513302 A CN 114513302A CN 202210081366 A CN202210081366 A CN 202210081366A CN 114513302 A CN114513302 A CN 114513302A
- Authority
- CN
- China
- Prior art keywords
- data
- client
- user
- key
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Abstract
The method comprises the steps of obtaining plaintext data to be encrypted at a client, equipment identification of the client, biological characteristics of a user and a user password, and conducting key derivation based on the equipment identification of the client, the biological characteristics of the user and the user password to obtain an encryption key; then, generating a target random number for data encryption by a random number generator; and finally, based on the encryption key and the target random number, encrypting the plaintext data to obtain ciphertext data, and storing the ciphertext data and the target random number in a file system in a structured manner, so that the security of the ciphertext data is improved, and the encryption method has strong attack resistance and further ensures the security of the ciphertext data because the encryption key and the target random number can be locally stored and obtained.
Description
Technical Field
The present application relates to the field of data security technologies, and in particular, to a data encryption and decryption method and device.
Background
In the prior art, encryption and decryption do not only adopt a single encryption algorithm, and in order to ensure safety, most of the encryption algorithms are combined in a cross mode, so that the difficulty of cracking is increased. A conventional Password-Based Key Derivation method (PBKDF 2) derives a Key, and then performs private Key encryption using an encryption algorithm AES128 or AES 256. The PBKDF2 has the fatal defect, and although the PBKDF2 can improve the difficulty of password cracking by adjusting the number of loop traversal, a special processor can be developed for the PBKDF, and the PBKDF can be cracked only by a small amount of RAM. The encryption algorithms bcrypt and scrypt, etc. rely on a large amount of RAM, which results in the inefficient use of inexpensive ASIC processors. Although the AES is faster in operation, the disadvantage is that the secret key is kept secret, the whole core is calculated by using an error transfer formula, when a derived secret key or a secret key encrypted by the AES is attacked or damaged, a correct private key cannot be restored, and the AES is also a problem in management and is not suitable for a system with a plurality of secret keys.
Disclosure of Invention
An object of the present application is to provide a data encryption and decryption method and device, which can reduce the amount of similarity calculation while providing no recall, thereby greatly increasing the calculation speed.
According to an aspect of the present application, there is provided a data encryption method, wherein the method includes:
acquiring plaintext data to be encrypted of a client;
acquiring the equipment identification of the client, the biological characteristics of the user and the user password;
performing key derivation based on the device identification of the client, the biological characteristics of the user and the user password to obtain an encryption key;
generating a target random number for data encryption by a random number generator;
and encrypting the plaintext data to obtain ciphertext data based on the encryption key and the target random number, and storing the ciphertext data and the target random number to a file system in a structured manner.
Further, in the data encryption method, the deriving a key based on the device identifier of the client, the biometric characteristic of the user, and the user password to obtain an encryption key includes:
performing key derivation on the equipment identifier of the client, the biological characteristics of the user and the user password by adopting a key derivation function to obtain an encryption key;
the key derivation function comprises iteration times and a memory occupation value, wherein the iteration times are determined by the requirements of the user of the client.
Further, in the above data encryption method, the key derivation function includes a slow hash function Argon 2.
Further, in the data encryption method, the encrypting the plaintext data based on the encryption key and the target random number to obtain ciphertext data includes:
and inputting the encryption key and the target random number into an encryption library libsodium, and encrypting the plaintext data to obtain ciphertext data.
According to another aspect of the present application, there is also provided a data decryption method, wherein the method includes:
acquiring the equipment identification of the client, the biological characteristics of the user and the user password;
performing key derivation based on the device identification of the client, the biological characteristics of the user and the user password to obtain a decryption key;
acquiring structured ciphertext data and a target random number through a file system of a client;
and decrypting the ciphertext data based on the target random number and the decryption key to obtain plaintext data.
Further, in the data decryption method, the deriving a key based on the device identifier of the client, the biometric feature of the user, and the user password to obtain a decryption key includes:
performing key derivation on the equipment identifier of the client, the biological characteristics of the user and the user password by adopting a key derivation function to obtain a decryption key;
the key derivation function comprises iteration times and a memory occupation value, wherein the iteration times are determined by the requirements of the user of the client.
Further, in the above data decryption method, the key derivation function includes a slow hash function Argon 2.
Further, in the data decryption method, the decrypting the ciphertext data based on the target random number and the decryption key to obtain plaintext data includes:
and inputting the target random number and the decryption key into an encryption library libsodium, and decrypting the ciphertext data to obtain plaintext data.
According to another aspect of the present application, there is also provided a non-volatile storage medium having computer readable instructions stored thereon, which, when executed by a processor, cause the processor to implement the data encryption method as described above.
According to another aspect of the present application, there is also provided a data encryption apparatus, wherein the apparatus includes:
one or more processors;
a computer-readable medium for storing one or more computer-readable instructions,
when executed by the one or more processors, cause the one or more processors to implement the data encryption method described above.
According to another aspect of the present application, there is also provided a non-volatile storage medium having computer readable instructions stored thereon, which, when executed by a processor, cause the processor to implement the data decryption method as described above.
According to another aspect of the present application, there is also provided a data decryption apparatus, wherein the apparatus comprises:
one or more processors;
a computer-readable medium for storing one or more computer-readable instructions,
when executed by the one or more processors, cause the one or more processors to implement the data decryption method described above.
Compared with the prior art, the method and the device have the advantages that plaintext data to be encrypted of the client side is obtained firstly; then, the device identification of the client, the biological characteristics of the user and the user password are obtained, and key derivation is carried out based on the device identification of the client, the biological characteristics of the user and the user password to obtain an encryption key, so that the biological characteristics of the user of the client are introduced in the data encryption process, and the device identification of the client is added at the same time, thereby effectively improving the security of the encryption key; then, generating a target random number for data encryption by a random number generator; and finally, based on the encryption key and the target random number, encrypting the plaintext data to obtain ciphertext data, and storing the ciphertext data and the target random number in a file system in a structured manner, so that the security of the ciphertext data is improved, and the encryption method has strong attack resistance and further ensures the security of the ciphertext data because the encryption key and the target random number can be locally stored and obtained.
Further, the method comprises the steps of obtaining the equipment identification of the client, the biological characteristics of the user and the user password; performing key derivation based on the device identification of the client, the biological characteristics of the user and the user password to obtain a decryption key; acquiring structured ciphertext data and a target random number through a file system of a client; the ciphertext data is decrypted based on the target random number and the decryption key to obtain plaintext data, so that the ciphertext data can be decrypted only by depending on the local equipment identifier of the client, the stored target random number, the biological characteristics determined by the user and the user password, decryption of the ciphertext data is achieved, the server-dependent verification environment and the like in the prior art are not needed, decryption of the ciphertext data of the decentralized client is achieved, and meanwhile, the safety of the data is guaranteed.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings in which:
FIG. 1 illustrates a flow diagram of a data encryption method in accordance with an aspect of the subject application;
FIG. 2 illustrates a flow diagram of a data encryption method in a practical application scenario, according to an aspect of the present application;
FIG. 3 illustrates a flow diagram of a data decryption method in accordance with an aspect of the subject application;
fig. 4 shows a flow diagram of a data decryption method according to an aspect of the present application in a practical application scenario.
The same or similar reference numbers in the drawings identify the same or similar elements.
Detailed Description
The present application is described in further detail below with reference to the attached drawing figures.
In a typical configuration of the present application, the terminal, the device serving the network, and the trusted party each include one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-transitory computer readable media (transient media), such as modulated data signals and carrier waves.
As shown in fig. 1, an aspect of the present application provides a flow diagram of a data encryption method, where the method is applied to a decentralized client, and may also be applied to solve a problem of security of private key storage generated by asymmetric encryption in a blockchain application, so that the data encryption method of the present application may be effectively and securely stored locally at the client, and has a strong attack resistance. The data encryption method comprises a step S11, a step S12, a step S13, a step S14 and a step S15, and specifically comprises the following steps:
step S11, obtaining plaintext data to be encrypted by the client.
And step S12, acquiring the device identification of the client, the biological characteristics of the user and the user password. A device identification of the client for uniquely indicating an identification of hardware of the client, such as DeviceID; the biological characteristics BV of the user of the client include but are not limited to physiological characteristics and behavior characteristics inherent to the human body of the user, for example, the physiological characteristics include but are not limited to fingerprints, irises, faces, DNA and the like, and the behavior characteristics include but are not limited to gait, verve, habit and the like; the user password of the user of the client is set by the user and only known by the user, so that the safety of the user password is ensured.
And step S13, performing key derivation based on the device identifier of the client, the biological characteristics of the user and the user password to obtain an encryption key, so that the biological characteristics of the user of the client are introduced in the data encryption process, and the device identifier of the client is added, thereby effectively improving the security of the encryption key.
In step S14, a target random number for data encryption is generated by a random number generator.
And step S15, encrypting the plaintext data to obtain ciphertext data based on the encryption key and the target random number, and storing the ciphertext data and the target random number in a file system in a structured manner.
Through the steps S11 to S16, not only the security of the ciphertext data is improved, but also the encryption key and the target random number can be locally stored and acquired, so that the encryption method has strong attack resistance, and the security of the ciphertext data is further ensured.
Next to the foregoing embodiments of the present application, the step S13 performs key derivation based on the device identifier of the client, the biometric characteristic of the user, and the user password to obtain an encryption key, and specifically includes:
performing key derivation on the equipment identifier of the client, the biological characteristics of the user and the user password by adopting a key derivation function to obtain an encryption key;
the key derivation function comprises iteration times and a memory occupation value, wherein the iteration times are determined by the requirements of the user of the client.
For example, in order to ensure more effective encryption of plaintext data, before encrypting the plaintext data, a key derivation function for generating an encryption key is determined and obtained, and two parameters, namely an iteration number and a memory occupation value, included in the key derivation function are determined, where the greater the iteration number in the key derivation function is, the higher the security level of the derived encryption key is, and the iteration number depends on the requirements of users at client ends in order to meet the requirements of users at different security levels; after determining the key derivation function and the parameters of the corresponding iteration times and the memory occupation value, performing key derivation on the device identifier of the client, the biological characteristics of the user and the user password by using the key derivation function to obtain an encryption key, thereby ensuring the security of the encryption key.
Following the above embodiments of the present application, the key derivation function includes, but is not limited to, a slow hash function Argon2, and in a preferred embodiment of the present application, the key derivation function is preferably a slow hash function Argon2, and the slow hash function Argon2 is used to derive the encryption key, because the slow hash function Argon2 uses a large amount of memory to resist the cracking of the GPU and other custom hardware, so as to improve the security of the hash result; meanwhile, effective defense against tradeoff attack is still provided, so that the deficiency of the existing encryption algorithm PBKDF2 can be effectively made up, and the safety of the derived encryption key is ensured.
Next to the foregoing embodiment of the present application, the encrypting the plaintext data based on the encryption key and the target random number in step S15 to obtain ciphertext data specifically includes:
and inputting the encryption key and the target random number into an encryption library libsodium, and encrypting the plaintext data to obtain ciphertext data.
In this embodiment, the encryption and storage of the private key uses an encryption library: libsodium encryption algorithm: the crypto _ secretbox _ easy () method, in which libsodium is an all-new and easy-to-use encryption library and provides the core algorithm needed to build high-level cryptography tools, emphasizes security in the design, emphasizes that any "magic" constant number has a source basis (no unknown constant). Encryption algorithm in the encryption library libsodium: the crypto _ secretbox _ easy () method is a set of combined encryption modes, and comprises an encryption algorithm XSalsa20 stream cipher, identity tag verification Poly1305 MAC and the like, so that the cracking difficulty is higher; in the embodiment of the application, the plaintext data to be encrypted is encrypted by using the encryption key and the target random number through the encryption library, so that the security and confidentiality of the plaintext data to be encrypted are realized, and the identity authentication tag is calculated, wherein the identity authentication tag is used for ensuring that ciphertext data obtained after encryption is not tampered before decryption, so that the security of the encryption key is ensured, and the performance of each aspect is far superior to that of an encryption algorithm AES in the prior art. The actual use of crypto _ secretbox _ easy () only requires the encryption of the encryption key derived by the key derivation function Argon2 and the target random number nonce generated by the random number generator random _ buf (), and the generated encryption key will exist under the security path set in the encryption library libsodium. The key derivation function Argon2 is used in combination with the encryption algorithm in the encryption library libsodium: the crypto _ secretbox _ easy () method can satisfy the requirements of modern cryptography for encrypting plaintext data to be encrypted, thereby ensuring the security of the plaintext data.
As shown in fig. 2, in an actual application scenario, a data encryption method provided in the present application first obtains plaintext data to be encrypted; then, acquiring a device identification DeviceID of the client, a user Password set by a user of the client and a biological characteristic BV of the user of the client, which is acquired immediately; and acquiring two parameters of iteration time it and memory occupation value M in a key derivation function Argon2, and then calculating an encryption key by adopting the key derivation function: encrypt key is Argon2(Password, DeviceID, BV, it, M); then, generating a target random number Nonce for encrypting plaintext data by a random number generator; finally, by encrypting the library: the libsodium encrypts plaintext data to obtain ciphertext data: encrypt data is encrypted (data, encrypt key, Nonce), so as to realize encryption of plaintext data, and encrypt ciphertext data obtained after encryption: EncryptData and the target random number Nonce are stored to the file system in a structured manner.
As shown in fig. 3, an aspect of the present application provides a flow diagram of a data decryption method, where the method is applied to a decentralized client, and may also be applied to solve a problem of security of private key storage generated by asymmetric encryption in a blockchain application, so that the data decryption method of the present application may be effectively and securely stored locally at the client, and has a strong attack resistance. The data decryption method comprises a step S21, a step S22, a step S23 and a step S24, and specifically comprises the following steps:
when the client needs to decrypt the ciphertext data, step S21, acquiring the device identifier of the client, the biometric characteristic of the user, and the user password; a device identification of the client for uniquely indicating an identification of hardware of the client, such as DeviceID; the biological characteristics BV of the user of the client include but are not limited to physiological characteristics and behavior characteristics inherent to the human body of the user, for example, the physiological characteristics include but are not limited to fingerprints, irises, faces, DNA and the like, and the behavior characteristics include but are not limited to gait, verve, habit and the like; the user password of the user of the client is set by the user and only known by the user, so that the safety of the user password is ensured.
And step S22, performing key derivation based on the device identifier of the client, the biological characteristics of the user and the user password to obtain a decryption key, so that the biological characteristics of the user of the client are introduced in the data decryption process, and the device identifier of the client is added, thereby effectively improving the security of the decryption key and avoiding illegal acquisition.
Step S23, acquiring the structured ciphertext data and the target random number through the file system of the client;
step S24, based on the target random number and the decryption key, decrypts the ciphertext data to obtain plaintext data.
Through the steps S21 to S24, the decryption of the ciphertext data by the present application can be completed only by the device identifier local to the client, the stored target random number, the biometric feature determined by the user, and the user password, without relying on the authentication environment of the server in the prior art, so that the decryption of the ciphertext data of the decentralized client is realized, and meanwhile, the security of the data is ensured.
Next to the foregoing embodiments of the present application, the step S22 performs key derivation based on the device identifier of the client, the biometric characteristic of the user, and the user password to obtain a decryption key, and specifically includes:
performing key derivation on the equipment identifier of the client, the biological characteristics of the user and the user password by adopting a key derivation function to obtain a decryption key;
the key derivation function comprises iteration times and a memory occupation value, wherein the iteration times are determined by the requirements of the user of the client.
For example, in order to ensure that ciphertext data is decrypted correspondingly, before the ciphertext data is decrypted, a key derivation function for generating a decryption key is determined and obtained, and two parameters, namely an iteration number and a memory occupation value, included in the key derivation function are determined, wherein the more the iteration number in the key derivation function is, the higher the security level of the derived decryption key is, and the iteration number depends on the requirements of users at client ends in order to meet the requirements of users at different security levels; after determining the key derivation function and the parameters of the corresponding iteration times and the memory occupation value, performing key derivation on the device identifier of the client, the biological characteristics of the user and the user password by using the key derivation function to obtain a decryption key, thereby ensuring the security of the decryption key.
Following the above embodiments of the present application, the key derivation function includes, but is not limited to, a slow hash function Argon2, and in a preferred embodiment of the present application, the key derivation function is preferably a slow hash function Argon2, and a slow hash function Argon2 is used to derive the decryption key, since the slow hash function Argon2 uses a large amount of memory to resist the cracking of the graphics processor GPU and other customized hardware, so as to improve the security of the hash result; meanwhile, effective defense against tradeoff attack is still provided, so that the defects of the existing encryption algorithm PBKDF2 can be effectively made up, and the safety of the derived decryption key is ensured.
Next to the foregoing embodiment of the present application, the step S24 is to decrypt the ciphertext data based on the target random number and the decryption key to obtain plaintext data, and specifically includes:
and inputting the target random number and the decryption key into an encryption library libsodium, and decrypting the ciphertext data to obtain plaintext data.
In the embodiment of the application, the ciphertext data to be decrypted is decrypted by using the decryption key and the target random number through the encryption library lisodium, so that the ciphertext data to be decrypted is safe and confidential, and the identity verification tag is calculated, wherein the identity verification tag is used for ensuring that the plaintext data obtained after decryption is not tampered before decryption, and the performance of the identity verification tag is far superior to that of an encryption algorithm AES in the prior art in all aspects. The actual use of crypto _ secretbox _ easy () only needs to decrypt the decryption key derived by the key derivation function Argon2 and the target random number nonce stored in the file system structure, and the generated decryption key exists under the security path set in the library libsodium. The key derivation function Argon2 is used in combination with the encryption algorithm in the encryption library libsodium: the crypto _ ciphertext _ easy () method can meet the requirement of decrypting the ciphertext data to be decrypted, thereby ensuring the security of the ciphertext data.
As shown in fig. 4, in an actual application scenario, the data decryption method provided in the present application obtains a device identifier DeviceID of a client, a user Password set by a user of the client, and a biometric feature BV of the user of the client, which is obtained immediately; and acquiring two parameters of iteration time it and memory occupation value M in a key derivation function Argon2, and then calculating a decryption key by adopting the key derivation function: DecryptKey ═ Argon2(Password, DeviceID, BV, it, M); then, acquiring the ciphertext data encrypt data and the target random number Nonce which are structurally stored through the file system; finally, by encrypting the library: the libsodium decrypts the ciphertext data EncryptData to obtain plaintext data: DecryptData (DecryptData, DecryptKey, Nonce), and decryption of the ciphertext data is realized.
According to another aspect of the present application, there is also provided a non-volatile storage medium having computer readable instructions stored thereon, which, when executed by a processor, cause the processor to implement the data encryption method as described above.
According to another aspect of the present application, there is also provided a data encryption apparatus, wherein the apparatus includes:
one or more processors;
a computer-readable medium for storing one or more computer-readable instructions,
when executed by the one or more processors, cause the one or more processors to implement the data encryption method described above.
Here, for details of each embodiment in the data encryption device, reference may be specifically made to corresponding parts of the embodiments of the data encryption method, and details are not described here again.
According to another aspect of the present application, there is also provided a non-volatile storage medium having stored thereon computer readable instructions, which, when executed by a processor, cause the processor to implement the data decryption method as described above.
According to another aspect of the present application, there is also provided a data decryption apparatus, wherein the apparatus comprises:
one or more processors;
a computer-readable medium for storing one or more computer-readable instructions,
when executed by the one or more processors, cause the one or more processors to implement the data decryption method described above.
Here, the detailed content of each embodiment in the data decryption device may specifically refer to the corresponding part of the embodiment of the data decryption method, and is not described herein again.
In summary, the plaintext data to be encrypted at the client is obtained first; then, the device identification of the client, the biological characteristics of the user and the user password are obtained, and key derivation is carried out based on the device identification of the client, the biological characteristics of the user and the user password to obtain an encryption key, so that the biological characteristics of the user of the client are introduced in the data encryption process, and the device identification of the client is added at the same time, thereby effectively improving the security of the encryption key; then, generating a target random number for data encryption by a random number generator; and finally, based on the encryption key and the target random number, encrypting the plaintext data to obtain ciphertext data, and storing the ciphertext data and the target random number in a file system in a structured manner, so that the security of the ciphertext data is improved, and the encryption method has strong attack resistance and further ensures the security of the ciphertext data because the encryption key and the target random number can be locally stored and obtained.
Further, the method comprises the steps of obtaining the equipment identification of the client, the biological characteristics of the user and the user password; performing key derivation based on the device identification of the client, the biological characteristics of the user and the user password to obtain a decryption key; acquiring structured ciphertext data and a target random number through a file system of a client; the ciphertext data is decrypted based on the target random number and the decryption key to obtain plaintext data, so that the ciphertext data can be decrypted only by depending on the local equipment identifier of the client, the stored target random number, the biological characteristics determined by the user and the user password, decryption of the ciphertext data is achieved, the server-dependent verification environment and the like in the prior art are not needed, decryption of the ciphertext data of the decentralized client is achieved, and meanwhile, the safety of the data is guaranteed.
It should be noted that the present application may be implemented in software and/or a combination of software and hardware, for example, implemented using Application Specific Integrated Circuits (ASICs), general purpose computers or any other similar hardware devices. In one embodiment, the software programs of the present application may be executed by a processor to implement the steps or functions described above. Likewise, the software programs (including associated data structures) of the present application may be stored in a computer readable recording medium, such as RAM memory, magnetic or optical drive or diskette and the like. Further, some of the steps or functions of the present application may be implemented in hardware, for example, as circuitry that cooperates with the processor to perform various steps or functions.
In addition, some of the present application may be implemented as a computer program product, such as computer program instructions, which when executed by a computer, may invoke or provide methods and/or techniques in accordance with the present application through the operation of the computer. Program instructions which invoke the methods of the present application may be stored on a fixed or removable recording medium and/or transmitted via a data stream on a broadcast or other signal-bearing medium and/or stored within a working memory of a computer device operating in accordance with the program instructions. An embodiment according to the present application comprises an apparatus comprising a memory for storing computer program instructions and a processor for executing the program instructions, wherein the computer program instructions, when executed by the processor, trigger the apparatus to perform a method and/or a solution according to the aforementioned embodiments of the present application.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned. Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the apparatus claims may also be implemented by one unit or means in software or hardware. The terms first, second, etc. are used to denote names, but not any particular order.
Claims (12)
1. A method of data encryption, wherein the method comprises:
acquiring plaintext data to be encrypted at a client;
acquiring the equipment identification of the client, the biological characteristics of the user and the user password;
performing key derivation based on the device identification of the client, the biological characteristics of the user and the user password to obtain an encryption key;
generating a target random number for data encryption by a random number generator;
and encrypting the plaintext data to obtain ciphertext data based on the encryption key and the target random number, and storing the ciphertext data and the target random number to a file system in a structured manner.
2. The method of claim 1, wherein the deriving a cryptographic key based on the device identifier of the client, the biometric characteristic of the user, and the user password comprises:
performing key derivation on the equipment identifier of the client, the biological characteristics of the user and the user password by adopting a key derivation function to obtain an encryption key;
the key derivation function comprises iteration times and a memory occupation value, wherein the iteration times are determined by the requirements of the user of the client.
3. The method of claim 2, wherein the key derivation function comprises a slow hash function Argon 2.
4. The method of claim 1, wherein the encrypting the plaintext data based on the encryption key and the target random number to obtain ciphertext data comprises:
and inputting the encryption key and the target random number into an encryption library libsodium, and encrypting the plaintext data to obtain ciphertext data.
5. A method of data decryption, wherein the method comprises:
acquiring the equipment identification of the client, the biological characteristics of the user and the user password;
performing key derivation based on the device identification of the client, the biological characteristics of the user and the user password to obtain a decryption key;
acquiring structured ciphertext data and a target random number through a file system of a client;
and decrypting the ciphertext data based on the target random number and the decryption key to obtain plaintext data.
6. The method of claim 5, wherein the deriving a decryption key based on the device identifier of the client, the biometric characteristic of the user, and the user password comprises:
performing key derivation on the equipment identifier of the client, the biological characteristics of the user and the user password by adopting a key derivation function to obtain a decryption key;
the key derivation function comprises iteration times and a memory occupation value, wherein the iteration times are determined by the requirements of the user of the client.
7. The method of claim 6, wherein the key derivation function comprises a slow hash function, Argon 2.
8. The method of claim 7, wherein the decrypting the ciphertext data based on the target random number and a decryption key to obtain plaintext data comprises:
and inputting the target random number and the decryption key into an encryption library libsodium, and decrypting the ciphertext data to obtain plaintext data.
9. A non-transitory storage medium having stored thereon computer readable instructions which, when executed by a processor, cause the processor to implement the method of any one of claims 1 to 4.
10. A data encryption device, wherein the device comprises:
one or more processors;
a computer-readable medium for storing one or more computer-readable instructions,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-4.
11. A non-transitory storage medium having stored thereon computer readable instructions which, when executed by a processor, cause the processor to implement the method of any one of claims 5 to 8.
12. A data decryption device, wherein the device comprises:
one or more processors;
a computer-readable medium for storing one or more computer-readable instructions,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 5 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210081366.0A CN114513302A (en) | 2022-01-24 | 2022-01-24 | Data encryption and decryption method and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210081366.0A CN114513302A (en) | 2022-01-24 | 2022-01-24 | Data encryption and decryption method and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114513302A true CN114513302A (en) | 2022-05-17 |
Family
ID=81549958
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210081366.0A Pending CN114513302A (en) | 2022-01-24 | 2022-01-24 | Data encryption and decryption method and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114513302A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115268793A (en) * | 2022-08-03 | 2022-11-01 | 中国电子科技集团公司信息科学研究院 | Data safety deleting method based on data encryption and overwriting |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180152296A1 (en) * | 2015-04-28 | 2018-05-31 | Niip Limited | Electronic data protection method and device and terminal device |
| CN109510703A (en) * | 2018-11-23 | 2019-03-22 | 北京海泰方圆科技股份有限公司 | A kind of data encryption/decryption method and device |
| CN111865579A (en) * | 2020-07-10 | 2020-10-30 | 郑州信大捷安信息技术股份有限公司 | SM2 algorithm transformation-based data encryption and decryption method and device |
-
2022
- 2022-01-24 CN CN202210081366.0A patent/CN114513302A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180152296A1 (en) * | 2015-04-28 | 2018-05-31 | Niip Limited | Electronic data protection method and device and terminal device |
| CN109510703A (en) * | 2018-11-23 | 2019-03-22 | 北京海泰方圆科技股份有限公司 | A kind of data encryption/decryption method and device |
| CN111865579A (en) * | 2020-07-10 | 2020-10-30 | 郑州信大捷安信息技术股份有限公司 | SM2 algorithm transformation-based data encryption and decryption method and device |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115268793A (en) * | 2022-08-03 | 2022-11-01 | 中国电子科技集团公司信息科学研究院 | Data safety deleting method based on data encryption and overwriting |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zhang et al. | HealthDep: An efficient and secure deduplication scheme for cloud-assisted eHealth systems | |
| CN107959567B (en) | Data storage method, data acquisition method, device and system | |
| US8462955B2 (en) | Key protectors based on online keys | |
| US9673975B1 (en) | Cryptographic key splitting for offline and online data protection | |
| US8509449B2 (en) | Key protector for a storage volume using multiple keys | |
| Kaaniche et al. | A secure client side deduplication scheme in cloud storage environments | |
| JP5562687B2 (en) | Securing communications sent by a first user to a second user | |
| KR100737628B1 (en) | Attestation using both fixed token and portable token | |
| US7095859B2 (en) | Managing private keys in a free seating environment | |
| CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
| CN106452770B (en) | Data encryption method, data decryption method, device and system | |
| JP3871996B2 (en) | Data division management method and program | |
| US11212082B2 (en) | Ciphertext based quorum cryptosystem | |
| US10503915B2 (en) | Encrypted text verification system, method and recording medium | |
| JP2024511236A (en) | Computer file security encryption method, decryption method and readable storage medium | |
| WO2016072057A1 (en) | Encrypted text matching system, method, and storage medium | |
| CN109787747B (en) | Anti-quantum-computation multi-encryption cloud storage method and system based on multiple asymmetric key pools | |
| Mahalakshmi et al. | Effectuation of secure authorized deduplication in hybrid cloud | |
| CN114513302A (en) | Data encryption and decryption method and equipment | |
| CN112836240A (en) | Block chain-based electronic medical data security sharing method, system and medium | |
| CN109412788B (en) | Anti-quantum computing agent cloud storage security control method and system based on public key pool | |
| US9386017B2 (en) | Authentication device, system and method | |
| Sri et al. | SECURE FILE STORAGE USING HYBRID CRYPTOGRAPHY | |
| CN114567436B (en) | Biological characteristic data security access control method | |
| US11621848B1 (en) | Stateless system to protect data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |