CN114546959A - File processing method and device - Google Patents
File processing method and device Download PDFInfo
- Publication number
- CN114546959A CN114546959A CN202210242550.9A CN202210242550A CN114546959A CN 114546959 A CN114546959 A CN 114546959A CN 202210242550 A CN202210242550 A CN 202210242550A CN 114546959 A CN114546959 A CN 114546959A
- Authority
- CN
- China
- Prior art keywords
- file
- key
- original
- target
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/16—File or folder operations, e.g. details of user interfaces specifically adapted to file systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Human Computer Interaction (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a file processing method and a file processing device, wherein the file processing method comprises the following steps: acquiring an original file to be processed; setting an occlusion file for an original file; and setting the shielding file on the upper layer of the original file to obtain the target file. According to the technical scheme provided by the invention, the actual file content of the original file is shielded by using the shielding file, so that the data security of the file is conveniently ensured, and if the target file is checked by using a general file checking mode in the prior art without the capability of analyzing the target file, the actual file content of the original file cannot be checked because the shielding file arranged on the upper layer of the original file is checked, so that the difficulty of acquiring the original file by other people is increased, and the data security is effectively improved.
Description
Technical Field
The invention relates to the technical field of data processing, in particular to a file processing method and device.
Background
In the prior art, files stored in, for example, a mobile phone, a computer, etc. by a user are at risk of being maliciously acquired by others, and in addition, when the files need to be transmitted between the users, the files are also at risk of being maliciously acquired by others. In order to prevent the file from being maliciously acquired by others, the file is usually encrypted by a password. When the file needs to be transmitted to other people for use, the set password needs to be provided to a receiving party through oral notification or other communication modes such as a chat tool, an email and the like, so that the receiving party can decrypt the received file according to the password, and the content of the file can be checked. However, no matter the password is provided to the receiving party through oral notification or other communication modes, the password is easily acquired by others, and potential data safety hazards exist.
Disclosure of Invention
In view of the above, the present invention has been made to provide a file processing method, apparatus, computing device and storage medium that overcome or at least partially solve the above-mentioned problems.
According to an aspect of the present invention, there is provided a file processing method, including:
acquiring an original file to be processed;
setting an occlusion file for an original file;
and setting the shielding file on the upper layer of the original file to obtain a target file.
Further, the step of setting the occlusion file on the upper layer of the original file to obtain the target file further comprises:
randomly generating a file encryption key, and encrypting the file encryption key by using a preset key or a preset public key to obtain a key ciphertext;
encrypting the original file by using the file encryption key to obtain an original file ciphertext;
and integrating the shielding file, the key ciphertext and the original file ciphertext, and arranging the shielding file on the upper layers of the key ciphertext and the original file ciphertext to obtain the target file.
Furthermore, the number of the preset keys or the preset public keys is multiple, and each preset key or each preset public key has a corresponding key ID;
encrypting the file encryption key by using the preset key or the preset public key to obtain a key ciphertext further comprises:
and for each secret key ID, encrypting the file encryption secret key by using a preset secret key or a preset public key corresponding to the secret key ID to obtain a secret key ciphertext corresponding to the secret key ID.
Further, the step of setting the occlusion file on an upper layer of the original file to obtain the target file further includes:
setting a file integration template;
filling an occlusion file into a first area of a file integration template, filling an original file or an original file ciphertext into a second area of the file integration template, and setting the occlusion file on the upper layer of the original file or the original file ciphertext by using the file integration template to obtain a target file;
when a plurality of original files are available, filling the original files or the original file ciphertexts into a second area of the file integration template according to a preset sequence to obtain a target file; or when the original files are multiple, each original file or each original file ciphertext respectively corresponds to one file integration template, and each file integration template is utilized to respectively process the corresponding original file or the corresponding original file ciphertext to obtain multiple target files;
when the second area is filled with the original file ciphertext, the method further comprises: and filling the key ciphertext into a third area of the file integration template, or filling the key ciphertexts corresponding to the plurality of key IDs and the plurality of key IDs into the third area of the file integration template.
Further, the file format of the target file corresponds to the file integration template.
Further, the step of setting the occlusion file on an upper layer of the original file to obtain the target file further includes:
processing the original file to generate a corresponding thumbnail file;
and setting the occlusion file on the upper layer of the thumbnail file, and setting the thumbnail file on the upper layer of the original file or the ciphertext of the original file to obtain the target file.
Further, after obtaining the target file, the method further includes:
analyzing the target file, and extracting an occlusion file and an original file from the target file; or analyzing the target file and extracting the occlusion file, the original file and the thumbnail file from the target file.
Further, parsing the target file, and extracting the occlusion file and the original file from the target file further comprises:
analyzing the target file and judging whether the target file contains the original file ciphertext or not;
if so, extracting the occlusion file, the key ciphertext and the original file ciphertext from the target file, obtaining a private key corresponding to a preset key or a preset public key, decrypting the key ciphertext by using the preset key or the private key corresponding to the preset public key to obtain a file encryption key, and decrypting the original file ciphertext by using the file encryption key to obtain an original file;
if not, extracting the occlusion file and the original file from the target file.
Furthermore, the number of the preset keys or the preset public keys is multiple, and the target file also comprises multiple key IDs;
obtaining a private key corresponding to the preset secret key or the preset public key, and decrypting the secret key ciphertext by using the private key corresponding to the preset secret key or the preset public key to obtain the file encryption secret key further comprises:
extracting a plurality of key IDs from the target file, determining the target key ID from the plurality of key IDs, and searching a key ciphertext corresponding to the target key ID from the key ciphertext;
and acquiring a preset key corresponding to the target key ID or a private key corresponding to a preset public key corresponding to the target key ID, and decrypting a key ciphertext corresponding to the target key ID by using the preset key or the private key to obtain a file encryption key.
Analyzing the target file and judging whether the target file contains a thumbnail file or not;
if so, the thumbnail file is displayed.
Further, the method further comprises:
respectively displaying the occlusion files, the original files and/or the thumbnail files;
in response to the file editing request, the occlusion file, the original file, and/or the thumbnail file are edited.
According to another aspect of the present invention, there is provided a document processing apparatus including:
the acquisition module is suitable for acquiring an original file to be processed;
the setting module is suitable for setting an occlusion file for the original file;
and the file integration module is suitable for arranging the shielding file on the upper layer of the original file to obtain the target file.
According to yet another aspect of the present invention, there is provided a computing device comprising: the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the file processing method.
According to still another aspect of the present invention, there is provided a computer storage medium having at least one executable instruction stored therein, where the executable instruction causes a processor to perform operations corresponding to the file processing method.
According to the technical scheme provided by the invention, the shielding file is arranged on the upper layer of the original file, the real file content of the original file is shielded by using the shielding file, and the data security of the file is conveniently ensured; if the target file is checked by using a general file checking mode in the prior art without the capability of analyzing the target file, the checked target file is a shielding file arranged on the upper layer of the original file, and the real file content of the original file cannot be checked; the original file can be checked only by further analyzing the target file, so that the difficulty of acquiring the original file by others is increased, and the data security is effectively improved.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 is a flowchart illustrating a file processing method according to a first embodiment of the invention;
FIG. 2 is a flowchart illustrating a file processing method according to a second embodiment of the present invention;
FIG. 3 is a block diagram showing a configuration of a file processing apparatus according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of a computing device according to a fourth embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Fig. 1 is a schematic flowchart illustrating a file processing method according to a first embodiment of the present invention, and as shown in fig. 1, the method includes the following steps:
step S101, acquiring an original file to be processed.
The method may be performed by an integrated parser running on a user terminal. The method can be applied to integration processing of an original file of a user so as to integrate an occlusion file on an upper layer of the original file, and thus an integrated file, namely a target file, is obtained. After the target file is obtained, the target file can be stored, or the target file can be shared with other users. The file sharing may be implemented by social platforms such as WeChat, QQ, microblog and forum, and mails, and a person skilled in the art may select other sharing modes to transmit the target file, which is not limited specifically here.
In the present invention, a user who provides an original file is referred to as a first user, and a user who obtains a target file is referred to as a second user, where the second user and the first user may be different users or the same user. Specifically, in a scenario where the first user provides the target file to another user, the second user is a different user from the first user, and in a scenario where the first user stores the file by itself, for example, when the first user wants to save the file by integration or transmit the file to itself by way of wechat, email, or the like, the second user is the same user as the first user, that is, the second user is also the first user.
When a first user wants to integrate an original file to protect file data security, the original file to be processed can be obtained from a user terminal or the internet and the like. The user terminal refers to a device having file storage and file transmission functions, such as a mobile phone, a notebook Computer, a Personal Computer (PC), and a Personal Digital Assistant (PDA) of a user. The original file may include a picture file, an audio/video file, a document file, and the like, and specifically, the document file may include a word file, a pdf file, a txt file, an epub (Electronic Publication) file, chat information between users, a mail text, and the like.
Step S102, setting an occlusion file for the original file.
In order to integrate the original file, after the original file is acquired, an occlusion file needs to be set for the original file. Specifically, an existing occlusion file may be used as an occlusion file of the original file, for example, an occlusion file may be selected for the original file from an occlusion file library including the occlusion file; in addition, the occlusion file can also be generated by using an original file, the original file is taken as a picture file for example, the picture file can be subjected to fuzzy processing to generate the occlusion file, and the original file is taken as an audio/video file for example, a certain frame of picture in the audio/video file can be taken as the occlusion file. Those skilled in the art can set the file content and the file format of the occlusion file according to actual needs, which is not limited herein. For example, the occlusion files may include picture files, audio-video files, document files, and the like. In practical application, the occlusion file may be a landscape picture, a cartoon picture, a small video, or the like.
And step S103, setting the shielding file on the upper layer of the original file to obtain a target file.
After the original file and the occlusion file are obtained, the original file and the occlusion file can be integrated, and the occlusion file is arranged on the upper layer of the original file through integration processing to obtain a target file. That is to say, the actual file content of the original file is blocked by using the blocking file, so that the effect of protecting the file data safety is achieved.
In this embodiment, the integration of the original file and the occlusion file can be realized by the set file integration template. Specifically, a file integration template is provided in the integration analysis program or may also be generated by using the integration analysis program, and in step S103, the file integration template may be set, where the file integration template includes a plurality of regions, and each region is used to fill in a different file; filling the shielding file into a first area of the file integration template, filling the original file into a second area of the file integration template, and then arranging the shielding file on the upper layer of the original file by using the file integration template, thereby obtaining the target file.
When the original files are multiple, the integration analysis program can be used for integrating the multiple original files in batch. In an alternative embodiment, a plurality of original files may be batch processed through one file integration template, specifically, the plurality of original files may be respectively filled into the second area of the file integration template according to a preset order, and the mask file is disposed on the upper layer of the original files by using the file integration template, so as to obtain one target file, that is, the plurality of original files are filled in the second area of the file integration template, and the obtained target file is also one in number, which is equivalent to the batch integration processing of the plurality of original files. In another optional embodiment, a corresponding file integration template may be respectively set for each original file to perform respective operations, and each file integration template is utilized to process the corresponding original file, so as to obtain a plurality of target files, specifically, for each original file, the original file is filled into the second region of the corresponding file integration template, and then the occlusion file is set on the upper layer of the original file by using the file integration template, so as to obtain the target file. The batch integration processing of a plurality of original files can be conveniently completed through the two modes.
In an alternative embodiment, the target file may be generated using the original file directly without processing the original file. In another alternative embodiment, the original file may be encrypted to obtain an original file ciphertext (i.e., the encrypted original file), and then the original file ciphertext may be utilized to generate the target file.
Alternatively, the file format of the target file may correspond to a file integration template. For example, if the file integration template is a template in a picture format, the integrated target file is in the picture format; for another example, if the document integration template is a pdf format template, the integrated target document is in pdf format.
If the target file is checked by using a general file checking mode in the prior art without the capability of analyzing the target file, the checked target file is a shielding file arranged on the upper layer of the original file in the target file, and the real file content of the original file cannot be checked; if the original file in the target file is desired to be viewed, the target file needs to be parsed, and the parsing process can be implemented through step S104.
And step S104, analyzing the target file, extracting the shielding file and the original file from the target file, and respectively displaying the shielding file and the original file.
After obtaining the target file, the first user may store the target file, or may share the target file to the second user. When a second user wants to view the real file content of the original file in the target file, the target file can be analyzed through the integrated analysis program, and the shielding file and the original file are respectively extracted from the target file, so that the target file is effectively analyzed, and the shielding file and the original file are conveniently separated from the target file. In addition, the occlusion file and the original file can be respectively displayed so as to be conveniently viewed by a user.
Optionally, the second user may also edit the occlusion file and/or the original file after the occlusion file and the original file are separately presented. Specifically, in response to a file editing request, an occlusion file and/or an original file are edited. The integration analysis program provides a file editing function, such as pointing and drawing an original file, adding a text, modifying file content, and replacing a blocking file. The technical personnel in the field can also set other editing operations according to the actual needs, and the method is not limited here.
According to the file processing method provided by the embodiment, the shielding file is arranged on the upper layer of the original file, the real file content of the original file is shielded by using the shielding file, and the data security of the file is conveniently ensured; if the target file is checked by using a general file checking mode in the prior art without the capability of analyzing the target file, the checked target file is a shielding file arranged on the upper layer of the original file, and the real file content of the original file cannot be checked; the original file can be checked only by further analyzing the target file, so that the difficulty of acquiring the original file by others is increased, and the data security is effectively improved.
Fig. 2 is a flowchart illustrating a file processing method according to a second embodiment of the present invention, which may be executed by an integrated parser running on a user terminal, as shown in fig. 2, and the method includes the following steps:
step S201, an original file to be processed is acquired.
Step S202, setting an occlusion file for the original file.
Step S203, a file integration template is set.
The integration analysis program is provided with a file integration template or can be used for generating a file integration template, and the file integration template is a template for integrating the original file and the shielding file. The document integration template includes a plurality of regions, each region for filling in a different document. The plurality of regions may specifically include a first region, a second region, and a third region, where the first region is used to fill the occlusion file, the second region is used to fill the original file or the original file ciphertext, and if the original file ciphertext is filled in the second region, the third region needs to be filled with encryption information related to the original file ciphertext, such as a key ciphertext, a key ID, and the like. Furthermore, the file integration template further includes other areas for storing other information, such as original file digest information, key version information, version information of the integration parser, and the like, for the integration parser to use.
Step S204, the occlusion file is filled into the first area of the file integration template.
Step S205, the original file is filled into the second area of the file integration template, and the occlusion file is disposed on the upper layer of the original file by using the file integration template, so as to obtain the target file.
In this example, the original file may be directly filled into the second area of the file integration template without processing the original file, and then the occlusion file is disposed on the upper layer of the original file by using the file integration template, so as to obtain the target file. The actual file content of the original file is shielded by using the shielding file, so that the effect of protecting the data security of the file is achieved.
In addition, the original file can be encrypted to obtain the original file ciphertext, then the shielding file and the original file ciphertext are integrated, and the shielding file is arranged on the upper layer of the original file ciphertext to obtain the target file, so that the data security is further improved. Specifically, the implementation can be performed by step S206 to step S208.
Step S206, a file encryption key is randomly generated, a preset key or a preset public key is used for encrypting the file encryption key to obtain a key ciphertext, and the key ciphertext is filled into a third area of the file integration template.
The processing can be performed by using a random generation algorithm, the current time and the like, and a file encryption key is randomly generated and is a key for encrypting the original file. The specific content of the file encryption key can be set by those skilled in the art according to actual needs, and is not limited herein. In view of the inconvenience and the potential data safety hazard if the file encryption key is provided to the second user directly through oral notification or other communication modes, the file encryption key is easy to be acquired by others, and the original file ciphertext can be easily decrypted, in order to solve the problem, the file encryption key is encrypted. Specifically, the second user is required to generate a preset secret key or a preset public key of the second user and a private key corresponding to the preset public key in advance, where the preset secret key or the preset public key is used to encrypt the file encryption key, and the preset secret key or the private key corresponding to the preset public key is used to decrypt the encrypted file encryption key (i.e., a secret key ciphertext in the following text). The preset secret key or the preset public key and the private key corresponding to the preset public key can be generated by using software or external hardware equipment, and the external hardware equipment comprises: the device with the key generation function comprises a terminal encryption card, terminal safety equipment, a terminal password device and the like. The preset key or the preset public key and the private key corresponding to the preset public key are generated by using the external hardware equipment, so that the security of key or private key storage can be effectively improved, and the key or private key can be prevented from being easily and maliciously acquired by others.
After the preset public key of the second user and the private key corresponding to the preset public key are generated, the preset public key can be made into a personal business card such as a two-dimensional code and the like and is provided for other users to use, or the personal business card is provided for a server to be stored, the server can add the acquired preset public key of the second user into user information of the second user as a component of the user information, the preset public key can be publicly displayed for each user, and the preset public key can also be stored in the server without being publicly displayed for the user. For the private key corresponding to the preset secret key or the preset public key, the private key can be stored by the second user, for example, the private key corresponding to the preset secret key or the preset public key is generated into a two-dimensional code to be stored, the two-dimensional code is obtained in a code scanning mode when the second user needs to use the preset secret key or the private key, the operation can be performed through a preset encryption and decryption algorithm after the preset secret key or the private key is obtained, and in order to improve the safety of the preset secret key or the private key, the preset secret key or the private key can be immediately discarded after the operation is completed; in addition, the preset secret key or the private key corresponding to the preset public key may be stored in the user terminal or the external hardware device, or the relevant derivative factors for generating the preset public key and the private key corresponding to the preset public key may be stored in the user terminal or the external hardware device without directly storing the private key. Through the processing mode, the safety of the private key corresponding to the preset public key can be ensured, and the difficulty of malicious acquisition by other people is increased.
The preset public key of the second user can be inquired from the user information of the second user recorded by the server, and the file encryption key is encrypted by using the inquired preset public key to obtain a key ciphertext. Specifically, a preset public key can be used to encrypt the file encryption key according to an asymmetric encryption algorithm, so as to obtain a key ciphertext. And after the key ciphertext is obtained, filling the key ciphertext into a third area of the file integration template. The asymmetric encryption algorithm may be an RSA algorithm, an SM2 algorithm, an Elgamal algorithm, a knapsack algorithm, a Rabin algorithm, a D-H algorithm, an ECC (elliptic curve encryption) algorithm, and the like, and those skilled in the art can select the algorithm according to actual needs.
In a file mass-sending scenario, a target file is transmitted to a user group including a plurality of second users, in this scenario, each second user needs to generate a preset private key of itself or generate a preset public key of itself and a private key corresponding to the preset public key in advance, that is, the number of the second users is multiple, the number of the preset private keys or the preset public keys is multiple, the second users correspond to the preset private keys or the preset public keys, and in order to facilitate distinguishing, each preset private key or each preset public key has a corresponding key ID. Then, for each key ID, the file encryption key may be encrypted by using the preset key or the preset public key corresponding to the key ID to obtain a key ciphertext corresponding to the key ID. By the processing method, the key ciphertexts corresponding to the plurality of key IDs can be obtained conveniently, and then the key ciphertexts corresponding to the plurality of key IDs and the plurality of key IDs are filled into the third area of the file integration template. And the key ID, the preset key (or the preset public key), the key ciphertext and the second user have a corresponding relation.
Step S207, the original file is encrypted by using the file encryption key to obtain an original file ciphertext, and the original file ciphertext is filled into a second area of the file integration template.
Specifically, the original file can be encrypted according to a symmetric encryption algorithm by using the file encryption key to obtain an original file ciphertext. The symmetric encryption algorithm can be DES algorithm, 3DES algorithm, SM4 algorithm, TDEA algorithm, Blowfish algorithm, RC5 algorithm, IDEA algorithm and the like, and those skilled in the art can select the algorithm according to actual needs.
And S208, integrating the occlusion file, the key ciphertext and the original file ciphertext by using the file integration template, and arranging the occlusion file on the upper layer of the key ciphertext and the original file ciphertext to obtain the target file.
After the occlusion file, the key ciphertext and the original file ciphertext are obtained, the occlusion file, the key ciphertext and the original file ciphertext are integrated by using a file integration template, and the occlusion file is arranged on the upper layer of the key ciphertext and the upper layer of the original file ciphertext to obtain a target file. That is to say, the original file ciphertext is blocked by using the blocking file, even if the blocking file is successfully separated by other people, the true file content of the original file can be checked only by successfully decrypting the original file ciphertext, so that the difficulty that the true file content of the original file is acquired by other people is increased, multiple protection on file data is realized, and the data security is effectively improved.
When the original file or the original file ciphertext is multiple, the integration analysis program can be used for integrating the multiple original files or the multiple original file ciphertexts in batches. In an optional implementation manner, a plurality of original files or a plurality of original file ciphertexts may be batch processed through a file integration template, specifically, the plurality of original files or the plurality of original file ciphertexts may be respectively filled into a second region of the file integration template according to a preset order, and an occlusion file is disposed on an upper layer of the original files or the original file ciphertexts by using the file integration template, so as to obtain a target file, that is, the plurality of original files or the plurality of original file ciphertexts may be filled in the second region of the file integration template, and the number of the obtained target files is also one, which is equivalent to batch integration processing of the plurality of original files or the plurality of original file ciphertexts. In another optional implementation manner, a corresponding file integration template may be respectively set for each original file or each original file ciphertext to perform respective operations, and each file integration template is utilized to respectively process the corresponding original file or the corresponding original file ciphertext, so as to obtain a plurality of target files, specifically, for each original file or each original file ciphertext, the original file or the original file ciphertext is filled into the second region of the corresponding file integration template, and then an occlusion file is set on the upper layer of the original file or the original file ciphertext by using the file integration template, so as to obtain the target file, in this case, each original file or each original file ciphertext may be quickly filled into the second region of the corresponding file integration template in batch, and the occlusion files filled in the first region of each file integration template may be the same occlusion file, a plurality of different occlusion files may also be provided, which is not limited herein.
Alternatively, the file format of the target file may correspond to a file integration template.
Optionally, to facilitate file preview, the method may further include: processing the original file to generate a corresponding thumbnail file; and setting the shielding file on the upper layer of the thumbnail file, and setting the thumbnail file on the upper layer of the original file or the ciphertext of the original file to obtain the target file. Taking an original file as an image file as an example, the image file can be subjected to fuzzy processing to generate a thumbnail file; taking an original file as an audio and video file as an example, a certain frame of picture in the audio and video file can be taken as a thumbnail file. Specifically, the thumbnail file may be filled into the fourth area of the file integration template.
If the target file is checked by using a general file checking mode in the prior art without the capability of analyzing the target file, the checked target file is a blocking file arranged on the upper layer of the original file or the ciphertext of the original file, and the real file content of the original file cannot be checked; if the original file in the target file is desired to be viewed, the target file needs to be parsed, and the parsing process can be implemented through steps S209 to S211.
Step S209, analyzing the target file, and judging whether the target file contains the original file ciphertext; if yes, go to step S210; if not, step S211 is executed.
After obtaining the target file, the first user may store the target file for use by the first user, or may share the target file with the second user. When the second user wants to view the real file content of the original file in the target file, the target file can be analyzed through the integrated analysis program. Considering that if the target file is integrated with the original file ciphertext, the actual file content can be checked only by decrypting the original file ciphertext stage by stage, and if the target file is integrated with the original file, the original file can be directly extracted from the target file. Therefore, the processing is performed in different ways for the two cases. Specifically, if the target file obtained through parsing includes the original file ciphertext, which indicates that the encrypted original file is packaged in the target file and needs to be decrypted, step S210 is executed; if the target file obtained through the parsing does not include the original file ciphertext, it indicates that the original file is packaged in the target file, and decryption is not required, step S211 is executed.
Step S210, extracting the occlusion file, the key ciphertext, and the original file ciphertext from the target file, obtaining a private key corresponding to the preset key or the preset public key, decrypting the key ciphertext by using the preset key or the private key corresponding to the preset public key to obtain a file encryption key, decrypting the original file ciphertext by using the file encryption key to obtain an original file, and respectively displaying the occlusion file and the original file.
And respectively extracting the shielding file, the key ciphertext and the original file ciphertext from the target file, wherein the key ciphertext is obtained by encrypting the file encryption key by using a preset key or a preset public key according to a preset encryption algorithm, and the key ciphertext is decrypted by using a private key corresponding to the preset key or the preset public key so as to obtain the file encryption key. Specifically, a preset secret key or a private key corresponding to a preset public key input by a second user may be obtained; or, if the private key corresponding to the preset secret key or the preset public key is stored in the user terminal or the integration analysis program, the integration analysis program may obtain the locally stored private key corresponding to the preset secret key or the preset public key according to a preset method.
Because the original file ciphertext is obtained by encrypting the original file according to the symmetric encryption algorithm by using the file encryption key, the original file ciphertext can be decrypted by using the file encryption key obtained by decryption according to the inverse algorithm of the symmetric encryption algorithm, so that the original file is conveniently obtained.
In a file group sending scenario, the number of the preset keys or the preset public keys is multiple, the target file also includes multiple key IDs, in this case, the number of the key ciphertexts included in the target file is also multiple, that is, each key ID has a key cipher text corresponding thereto, multiple key IDs can be extracted from the target file, the target key ID of the current second user is determined from the multiple key IDs, then, the key cipher text corresponding to the target key ID is searched from the key cipher text, the preset key corresponding to the target key ID or the private key corresponding to the preset public key corresponding to the target key ID is obtained, the key cipher text corresponding to the target key ID is decrypted by using the preset key or the private key to obtain a file encryption key, and then, the original file cipher text is decrypted by using the file encryption key to obtain the original file. Any second user in the user group can conveniently determine the own secret key ID from the secret key ID, finds out the corresponding secret key ciphertext according to the secret key ID, and completes decryption of the original file ciphertext step by using the private key corresponding to the preset public key of the second user to obtain the original file, so that mass data sending is conveniently completed in an encryption transmission mode, any second user in the user group can conveniently decrypt the original file ciphertext in the target file, the plaintext of the file encryption key is not stored and/or transmitted, the difficulty of obtaining the file encryption key by other people is increased, the original file is prevented from being easily and maliciously obtained by other people, and the data security is effectively improved.
Step S211, extracting the occlusion file and the original file from the target file, and respectively displaying the occlusion file and the original file.
Considering that the target file may also contain the thumbnail file, the parsing process may also include parsing the thumbnail file. Specifically, analyzing a target file, and judging whether the target file contains a thumbnail file; if so, extracting the thumbnail file from the target file and displaying the thumbnail file.
The following describes the present solution by taking a specific scenario as an example. The method comprises the steps of assuming that an original file is an audio and video of a segment of people, a thumbnail file is a certain frame of picture after fuzzy processing in the audio and video, an occlusion file is an animal picture, the occlusion file is arranged on the upper layer of the thumbnail file, and the thumbnail file is arranged on the upper layer of the original file or the ciphertext of the original file to obtain a target file. If the target file is checked by using a general file checking mode in the prior art but the target file does not have the capability of analyzing the target file, the checked target file is an occlusion file, namely an animal picture is seen; if the target file is checked by using the integration analysis program, the original file or the original file ciphertext, the shielding file and the thumbnail file can be checked, and for the original file ciphertext, if the original file plaintext is to be checked, a second user needs to decrypt the key ciphertext by using a private key of the second user to obtain a file encryption key, and then decrypt the original file ciphertext by using the file encryption key to obtain the original file.
Optionally, the method may further comprise: in response to the file editing request, the occlusion file, the original file, and/or the thumbnail file are edited. The second user can edit the files contained in the target file according to the requirements of the second user. If the target file comprises two files, namely an occlusion file and an original file, the second user can edit any one of the two files or both the two files; if the target file contains three files, namely an occlusion file, an original file and a thumbnail file, the second user can edit any one or more of the three files.
In addition, in the process of sharing the picture file or the audio/video file, third-party software such as WeChat or QQ and the like may compress the picture file or the audio/video file, so that a second user cannot successfully analyze the picture file or the audio/video file after receiving the file, since the third-party software usually does not compress the files in pdf format, doc format, ppt format, etc., the occlusion file and the original file (or the original file ciphertext) may be integrated by using the file integration template in pdf format, doc format, ppt format, etc. to obtain the corresponding target files in pdf format, doc format, ppt format, etc., after the second user receives the target file, if the second user uses a general file viewing mode in the prior art to view the target file, the second user views the blocked file in the target file in pdf format, doc format, ppt format, and the like, and if the second user uses an integrated analysis program to view the actual file content of the original file in the target file.
According to the file processing method provided by the embodiment, the integration of the file can be conveniently and efficiently realized by adopting the file integration template, the original file or the ciphertext of the original file is shielded by utilizing the shielding file, the data safety of the file is conveniently ensured, and the shielding file in the target file can only be viewed but the real file content of the original file cannot be viewed by utilizing a general file viewing mode in the prior art; the original file can be checked only by further analyzing the target file, if the target file contains the original file ciphertext, the decryption of the original file ciphertext is completed step by using a private key corresponding to a preset secret key or a preset public key of a second user, so that the original file is obtained, the data transmission or the data mass transmission is conveniently completed in an encryption transmission mode, the second user can conveniently decrypt the original file ciphertext in the target file, the plaintext of the file encryption key is not stored and/or transmitted, the difficulty of obtaining the file encryption key by other people is increased, the content of the original file is prevented from being easily and maliciously obtained by other people, and the data security is greatly improved.
Fig. 3 is a block diagram showing a configuration of a file processing apparatus according to a third embodiment of the present invention, and as shown in fig. 3, the apparatus includes: an acquisition module 310, a setup module 320, and a file integration module 330.
The acquisition module 310 is adapted to: and acquiring an original file to be processed.
The setup module 320 is adapted to: and setting an occlusion file for the original file.
The file integration module 330 is adapted to: and setting the shielding file on the upper layer of the original file to obtain the target file.
Optionally, the file integration module 330 is further adapted to: randomly generating a file encryption key, and encrypting the file encryption key by using a preset key or a preset public key to obtain a key ciphertext; encrypting the original file by using the file encryption key to obtain an original file ciphertext; and integrating the shielding file, the key ciphertext and the original file ciphertext, and arranging the shielding file on the upper layers of the key ciphertext and the original file ciphertext to obtain the target file.
Optionally, the number of the preset keys or the preset public keys is multiple, and each preset key or each preset public key has a corresponding key ID. The file integration module 330 is further adapted to: and for each secret key ID, encrypting the file encryption secret key by using a preset secret key or a preset public key corresponding to the secret key ID to obtain a secret key ciphertext corresponding to the secret key ID.
Optionally, the file integration module 330 is further adapted to: setting a file integration template; filling an occlusion file into a first area of a file integration template, filling an original file or an original file ciphertext into a second area of the file integration template, and setting the occlusion file on the upper layer of the original file or the original file ciphertext by using the file integration template to obtain a target file; when a plurality of original files are available, filling the original files or the original file ciphertexts into a second area of the file integration template according to a preset sequence to obtain a target file; or when the original files are multiple, each original file or each original file ciphertext respectively corresponds to one file integration template, and each file integration template is utilized to respectively process the corresponding original file or the corresponding original file ciphertext to obtain multiple target files; when the original file ciphertext is filled in the second area, the key ciphertext needs to be filled in a third area of the file integration template, or the key ciphertexts corresponding to the plurality of key IDs and the plurality of key IDs are filled in the third area of the file integration template.
Optionally, the file format of the target file corresponds to a file integration template.
Optionally, the file integration module 330 is further adapted to: processing the original file to generate a corresponding thumbnail file; and setting the shielding file on the upper layer of the thumbnail file, and setting the thumbnail file on the upper layer of the original file or the ciphertext of the original file to obtain the target file.
Optionally, the apparatus further comprises: the analysis module 340 is suitable for analyzing the target file and extracting an occlusion file and an original file from the target file; or analyzing the target file and extracting the occlusion file, the original file and the thumbnail file from the target file.
Optionally, the parsing module 340 is further adapted to: analyzing the target file and judging whether the target file contains the original file ciphertext or not; if so, extracting the occlusion file, the key ciphertext and the original file ciphertext from the target file, obtaining a private key corresponding to a preset key or a preset public key, decrypting the key ciphertext by using the preset key or the private key corresponding to the preset public key to obtain a file encryption key, and decrypting the original file ciphertext by using the file encryption key to obtain an original file; and if not, extracting the occlusion file and the original file from the target file.
Optionally, the number of the preset keys or the preset public keys is multiple, and the target file further includes multiple key IDs. The parsing module 340 is further adapted to: extracting a plurality of key IDs from the target file, determining the target key ID from the plurality of key IDs, and searching a key ciphertext corresponding to the target key ID from the key ciphertext; and acquiring a preset key corresponding to the target key ID or a private key corresponding to a preset public key corresponding to the target key ID, and decrypting a key ciphertext corresponding to the target key ID by using the preset key or the private key to obtain a file encryption key.
Optionally, the apparatus further comprises: an editing module 350 adapted to display the occlusion file, the original file, and/or the thumbnail file, respectively; in response to the file editing request, the occlusion file, the original file, and/or the thumbnail file are edited.
According to the file processing device provided by the embodiment, the file integration template is adopted to conveniently and efficiently realize the integration of the file, the original file or the ciphertext of the original file is shielded by using the shielding file, the data safety of the file is conveniently ensured, and the shielding file in the target file can only be viewed by using a general file viewing mode in the prior art, but the real file content of the original file cannot be viewed; the original file can be checked only by further analyzing the target file, if the target file contains the original file ciphertext, the decryption of the original file ciphertext is completed step by using a private key corresponding to a preset secret key or a preset public key of a second user, so that the original file is obtained, the data transmission or the data mass transmission is conveniently completed in an encryption transmission mode, the second user can conveniently decrypt the original file ciphertext in the target file, the plaintext of the file encryption key is not stored and/or transmitted, the difficulty of obtaining the file encryption key by other people is increased, the content of the original file is prevented from being easily and maliciously obtained by other people, and the data security is greatly improved.
The invention also provides a nonvolatile computer storage medium, and the computer storage medium stores at least one executable instruction which can execute the file processing method in any method embodiment.
Fig. 4 is a schematic structural diagram of a computing device according to a fourth embodiment of the present invention, and the specific embodiment of the present invention does not limit the specific implementation of the computing device.
As shown in fig. 4, the computing device may include: a processor (processor)402, a Communications Interface 404, a memory 406, and a Communications bus 408.
Wherein:
the processor 402, communication interface 404, and memory 406 communicate with each other via a communication bus 408.
A communication interface 404 for communicating with network elements of other devices, such as clients or other servers.
The processor 402 is configured to execute the program 410, and may specifically perform relevant steps in the foregoing file processing method embodiment.
In particular, program 410 may include program code comprising computer operating instructions.
The processor 402 may be a central processing unit CPU or an application Specific Integrated circuit asic or one or more Integrated circuits configured to implement embodiments of the present invention. The computing device includes one or more processors, which may be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
And a memory 406 for storing a program 410. Memory 406 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 410 may specifically be configured to cause the processor 402 to execute a file processing method in any of the above-described method embodiments. For specific implementation of each step in the program 410, reference may be made to corresponding steps and corresponding descriptions in units in the foregoing file processing embodiments, which are not described herein again. It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described devices and modules may refer to the corresponding process descriptions in the foregoing method embodiments, and are not described herein again.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components in accordance with embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
Claims (10)
1. A method of file processing, the method comprising:
acquiring an original file to be processed;
setting an occlusion file for the original file;
and setting the shielding file on the upper layer of the original file to obtain a target file.
2. The method of claim 1, wherein placing the occlusion file on top of the original file, resulting in a target file further comprises:
randomly generating a file encryption key, and encrypting the file encryption key by using a preset key or a preset public key to obtain a key ciphertext;
encrypting the original file by using the file encryption key to obtain an original file ciphertext;
and integrating the occlusion file, the key ciphertext and the original file ciphertext, and setting the occlusion file on the upper layers of the key ciphertext and the original file ciphertext to obtain a target file.
3. The method according to claim 2, wherein the number of the preset secret keys or the preset public keys is plural, and each preset secret key or each preset public key has a corresponding secret key ID;
the encrypting the file encryption key by using the preset key or the preset public key to obtain a key ciphertext further comprises:
and for each secret key ID, encrypting the file encryption secret key by using a preset secret key or a preset public key corresponding to the secret key ID to obtain a secret key ciphertext corresponding to the secret key ID.
4. The method according to any one of claims 1-3, wherein the placing the occlusion file on top of the original file, and obtaining the target file further comprises:
setting a file integration template;
filling the occlusion file into a first region of the file integration template, filling the original file or the original file ciphertext into a second region of the file integration template, and setting the occlusion file on an upper layer of the original file or the original file ciphertext by using the file integration template to obtain a target file;
when a plurality of original files are available, respectively filling the original files or the original file ciphertexts into a second area of the file integration template according to a preset sequence to obtain a target file; or, when the original files are multiple, each original file or each original file ciphertext respectively corresponds to one file integration template, and each file integration template is utilized to respectively process the corresponding original file or original file ciphertext to obtain multiple target files;
when the second region is filled with the original file ciphertext, the method further comprises: and filling a key ciphertext into a third area of the file integration template, or filling a plurality of key IDs and key ciphertexts corresponding to the plurality of key IDs into the third area of the file integration template.
5. The method according to any one of claims 1-4, wherein the placing the occlusion file on an upper layer of the original file, and obtaining the target file further comprises:
processing the original file to generate a corresponding thumbnail file;
and setting the shielding file on the upper layer of the thumbnail file, and setting the thumbnail file on the upper layer of the original file or the ciphertext of the original file to obtain a target file.
6. The method of any of claims 1-5, wherein after obtaining the target file, the method further comprises:
analyzing the target file, and extracting the occlusion file and the original file from the target file; or analyzing the target file, and extracting the occlusion file, the original file and the thumbnail file from the target file.
7. The method of claim 6, wherein parsing the target file, extracting the occlusion file and the original file from the target file further comprises:
analyzing the target file and judging whether the target file contains an original file ciphertext or not;
if so, extracting the shielding file, the key ciphertext and the original file ciphertext from the target file, obtaining a private key corresponding to a preset key or a preset public key, decrypting the key ciphertext by using the preset key or the private key corresponding to the preset public key to obtain a file encryption key, and decrypting the original file ciphertext by using the file encryption key to obtain an original file;
and if not, extracting the occlusion file and the original file from the target file.
8. The method according to claim 7, wherein the number of the predetermined secret keys or the predetermined public keys is plural, and the target file further includes plural secret key IDs;
the obtaining of the private key corresponding to the preset secret key or the preset public key, and the decrypting of the secret key ciphertext by using the private key corresponding to the preset secret key or the preset public key to obtain the file encryption key further includes:
extracting a plurality of key IDs from the target file, determining a target key ID from the plurality of key IDs, and searching a key ciphertext corresponding to the target key ID from the key ciphertext;
and acquiring a preset key corresponding to the target key ID or a private key corresponding to a preset public key corresponding to the target key ID, and decrypting a key ciphertext corresponding to the target key ID by using the preset key or the private key to obtain a file encryption key.
9. The method according to any one of claims 6-8, further comprising:
respectively displaying the occlusion file, the original file and/or the thumbnail file;
and responding to a file editing request, and editing the occlusion file, the original file and/or the thumbnail file.
10. A document processing apparatus, characterized in that the apparatus comprises:
the acquisition module is suitable for acquiring an original file to be processed;
the setting module is suitable for setting an occlusion file for the original file;
and the file integration module is suitable for arranging the shielding file on the upper layer of the original file to obtain a target file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210242550.9A CN114546959A (en) | 2022-03-11 | 2022-03-11 | File processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210242550.9A CN114546959A (en) | 2022-03-11 | 2022-03-11 | File processing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114546959A true CN114546959A (en) | 2022-05-27 |
Family
ID=81663478
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210242550.9A Pending CN114546959A (en) | 2022-03-11 | 2022-03-11 | File processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114546959A (en) |
-
2022
- 2022-03-11 CN CN202210242550.9A patent/CN114546959A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112235289B (en) | Data encryption and decryption method and device, computing equipment and storage medium | |
| US10506428B2 (en) | Wireless network connection method, apparatus, and system | |
| US8782392B1 (en) | Privacy-protective data transfer and storage | |
| CN113364760A (en) | Data encryption processing method and device, computer equipment and storage medium | |
| US8271424B2 (en) | Privacy and confidentiality preserving reporting of URLs | |
| CN104660589B (en) | Method, system and terminal for encrypting control and information analysis of information | |
| US20120226823A1 (en) | Document distribution system and method | |
| EP2940959A1 (en) | Information processing method, retrieving method, device, user terminal and server | |
| CN109067739B (en) | Communication data encryption method and device | |
| US20170371625A1 (en) | Content delivery method | |
| CN111460503B (en) | Data sharing method, device, equipment and storage medium | |
| CN106911712B (en) | Encryption method and system applied to distributed system | |
| US10063655B2 (en) | Information processing method, trusted server, and cloud server | |
| CN109886047B (en) | File encryption processing method and device | |
| CN106789008B (en) | Method, device and system for decrypting sharable encrypted data | |
| CN106203141A (en) | The data processing method of a kind of application and device | |
| CN109120576B (en) | Data sharing method and device, computer equipment and storage medium | |
| CN111181905B (en) | File encryption method and device | |
| WO2018171302A1 (en) | Method and apparatus for use in information processing | |
| CN114546959A (en) | File processing method and device | |
| KR101751971B1 (en) | Image processing method and apparatus for encoded image | |
| CN102387181A (en) | Login method and device | |
| CN115242779A (en) | File transmission method and system based on small program and electronic equipment | |
| WO2016091210A1 (en) | Content delivery method | |
| CN113672954A (en) | Feature extraction method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |