CN114629643A - Key processing method, device and medium - Google Patents
Key processing method, device and medium Download PDFInfo
- Publication number
- CN114629643A CN114629643A CN202210302345.7A CN202210302345A CN114629643A CN 114629643 A CN114629643 A CN 114629643A CN 202210302345 A CN202210302345 A CN 202210302345A CN 114629643 A CN114629643 A CN 114629643A
- Authority
- CN
- China
- Prior art keywords
- key
- otp
- stored
- identity
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 32
- 238000012545 processing Methods 0.000 claims abstract description 26
- 238000000034 method Methods 0.000 claims abstract description 24
- 239000012634 fragment Substances 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 13
- 239000006185 dispersion Substances 0.000 description 10
- 238000013507 mapping Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Abstract
The application discloses a method, a device and a medium for processing a secret key, which comprise the following steps: when the key storage instruction is obtained, the key to be stored is obtained, and the first identity identification of the key to be stored is generated, so that the key to be stored is encrypted. And acquiring an OTP key from an OTP key library according to the first identity identifier, and encrypting different keys to be stored by selecting different OTP keys, thereby improving the security of the keys. And encrypting the key to be stored by utilizing the OTP key to generate encrypted information, storing the encrypted information, and encrypting the key to prevent the key from being illegally acquired. Therefore, the key processing method provided by the application encrypts the key by adopting the OTP key, so that the key is prevented from being leaked when the storage device is illegally read, and the data security is improved.
Description
Technical Field
The present application relates to the field of data security, and in particular, to a method, an apparatus, and a medium for processing a key.
Background
Data encryption refers to a method for protecting information by converting plaintext into ciphertext through an encryption algorithm and an encryption key. With the development of computer technology, data encryption technology is also applied in computer systems, and computers utilize cryptographic technology to encrypt and store data so as to protect the security of related data.
At present, the key used for data encryption is often stored in a storage device of a computer, for example: flash chips, hard disks, etc. When the storage device is illegally read, the key may be leaked, the data security may be affected, and the potential safety hazard may be caused.
Therefore, how to provide a method for preventing a secret key from being leaked to ensure data security when a storage device is illegally read is a problem that needs to be solved by those skilled in the art.
Disclosure of Invention
The application aims to provide a key processing method, a device and a medium, so as to achieve the purpose of ensuring data security when a storage device is illegally read.
In order to solve the above technical problem, the present application provides a key processing method, including:
when a key storage instruction is obtained, obtaining a key to be stored and generating a first identity of the key to be stored;
acquiring an OTP key from an OTP key library according to the first identity identifier;
and encrypting the key to be stored by using the OTP key to generate encrypted information, and storing the encrypted information.
Preferably, the saving the encryption information includes:
and storing the encrypted information to different memory areas in a scattered manner.
Preferably, before the step of obtaining the OTP key from the OTP key repository according to the first identity, the method further includes:
judging whether the OTP key library contains an OTP key or not;
if the OTP key is contained, the step of obtaining the OTP key from the OTP key bank according to the first identity identifier is executed;
and if the OTP key is not contained, writing the OTP key into the OTP key database, and executing the step of obtaining the OTP key from the OTP key database according to the first identity.
Preferably, the generating the first identity of the key to be stored includes:
recording the serial number of the key to be stored;
and generating the first identity mark according to the sequence number.
Preferably, the writing the OTP key into the OTP key repository includes:
dividing the OTP key into M information fragments, and respectively storing each information fragment;
and generating a second identity of the OTP key, and writing the second identity and the storage address of each information fragment into the OTP key library.
Preferably, the acquiring the OTP key according to the first identity includes:
determining the storage address of each information fragment of the OTP key corresponding to the key to be stored according to the corresponding relation between the first identity mark and the second identity mark;
acquiring each information segment according to the storage address of each information segment;
and generating the OTP key according to the information fragment.
Preferably, after the step of storing the encryption information, the method further includes:
after a key reading instruction is obtained, analyzing the key reading instruction to obtain a third identity of a target key;
acquiring the encryption information and the corresponding OTP key according to the third identity;
and decrypting the encrypted information according to the OTP key to obtain a target key.
In order to solve the above technical problem, the present application further provides a key processing apparatus, including:
the first acquisition module is used for acquiring a key to be stored and generating a first identity identifier of the key to be stored when a key storage instruction is acquired;
the second acquisition module is used for acquiring the OTP key from the OTP key library according to the first identity identifier;
and the generating module is used for encrypting the key to be stored by utilizing the OTP key to generate encrypted information and storing the encrypted information.
In order to solve the above technical problem, the present application further provides a key processing apparatus, including a memory for storing a computer program;
a processor for implementing the steps of the key processing method when executing the computer program.
In order to solve the above technical problem, the present application further provides a computer-readable storage medium, on which a computer program is stored, and the computer program realizes the steps of the key processing method when executed by a processor.
The application provides a key processing method, which comprises the following steps: when the key storage instruction is obtained, the key to be stored is obtained, and the first identity identification of the key to be stored is generated, so that the key to be stored is encrypted. And acquiring an OTP key from an OTP key library according to the first identity identifier, and encrypting different keys to be stored by selecting different OTP keys, thereby improving the security of the keys. And encrypting the key to be stored by utilizing the OTP key to generate encrypted information, storing the encrypted information, and encrypting the key to prevent the key from being illegally acquired. Therefore, the key processing method provided by the application encrypts the key by adopting the OTP key, so that the key is prevented from being leaked when the storage device is illegally read, and the data security is improved.
In addition, the application also provides a key processing device and a medium, which correspond to the key processing method and have the same effects.
Drawings
In order to more clearly illustrate the embodiments of the present application, the drawings needed for the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.
Fig. 1 is a flowchart of a key processing method according to an embodiment of the present application;
fig. 2 is a schematic view of an application scenario of a key processing method according to an embodiment of the present application;
fig. 3 is a block diagram of a key processing apparatus according to an embodiment of the present application;
fig. 4 is a structural diagram of a key processing apparatus according to another embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without any creative effort belong to the protection scope of the present application.
The core of the application is to provide a key processing method, a device and a medium.
In order that those skilled in the art will better understand the disclosure, the following detailed description will be given with reference to the accompanying drawings.
In an application scenario of encrypting and storing data, a key for encrypting and decrypting important data is usually stored in a storage device such as a flash memory or a hard disk, and when the storage device is illegally read, the key may be leaked, which affects data security. In order to improve data security and prevent a secret key from being illegally read, the application provides a secret key processing method, when a secret key storage instruction is obtained, a secret key to be stored is obtained, and a first identity mark of the secret key to be stored is generated, so that the secret key to be stored is encrypted. And acquiring an OTP key from an OTP key library according to the first identity identifier, and encrypting different keys to be stored by selecting different OTP keys, thereby improving the security of the keys. And encrypting the key to be stored by utilizing the OTP key to generate encrypted information, storing the encrypted information, and encrypting the key to prevent the key from being illegally obtained. Therefore, the key processing method provided by the application encrypts the key by adopting the OTP key, so that the key is prevented from being leaked when the storage device is illegally read, and the data security is improved.
Fig. 1 is a flowchart of a key processing method according to an embodiment of the present application, and as shown in fig. 1, the key processing method includes:
s10: and when the key storage instruction is obtained, obtaining the key to be stored and generating a first identity identifier of the key to be stored.
In specific implementation, when a control instruction is acquired, the control instruction is analyzed, wherein the control instruction comprises a key reading instruction and a key storage instruction, the key storage instruction comprises two contents of a keyword and a key to be stored, and the keyword is used for indicating that the current operation is a storage operation. When the control instruction is detected to be a key storage instruction, generating a first identity identifier of a key to be stored, wherein the first identity identifier can be a randomly generated character; the first identity identification of the key to be stored can also be generated according to the times of executing the key storage operation; the first identity may also be generated based on a date and time, which is not limited herein.
It should be noted that there may be a situation that the key is already stored when the key is stored, and in order to reduce the waste of computing resources, when the key storage instruction is obtained, it may be determined in advance whether the key to be stored carried in the control instruction is stored in the storage device, and if there is no key, the storage operation is continuously performed.
It will be appreciated that when a key is required, the key may be obtained using a key reading instruction, which in particular embodiments typically includes a "key" and a first identity of the key to be read.
S11: and acquiring the OTP key from the OTP key library according to the first identity identification.
In specific implementation, in order to prevent the data leakage caused by illegal reading of the key, the key is encrypted by a One Time Password (OTP). In order to reduce the use risk of using the OTP key and further improve the security, a plurality of OTP keys may be selected to encrypt the key to be stored. In this embodiment, a preset OTP key is stored in an OTP key library, and a corresponding OTP key is obtained from the OTP key library during use. It is understood that the OTP key may be stored in the local database, or may be stored in the cloud database.
Before the OTP key is acquired according to the first identity, whether the OTP key exists in the key bank or not needs to be judged, and if the OTP key exists, the operation of acquiring the OTP key is executed; if not, the OTP key is written into an OTP key bank. In order to prevent the OTP keys from being illegally read, each OTP key may be stored in multiple copies.
When the OTP key is obtained according to the first identity, the correspondence between the first identity and the OTP key may be set by the user, where the first identity and the OTP key may be in one-to-one correspondence, or multiple first identities may correspond to one OTP key.
S12: and encrypting the key to be stored by using the OTP key to generate encrypted information, and saving the encrypted information.
The to-be-stored key is encrypted with the OTP key to generate encrypted information. It is to be understood that the generated encryption information may be stored in a plurality of different areas, or may be stored in the same area, which is not limited herein. Further, the encrypted information may be stored in the local storage device, or may be stored in the cloud storage device.
The application provides a key processing method, which comprises the following steps: when the key storage instruction is obtained, the key to be stored is obtained, and the first identity identification of the key to be stored is generated, so that the key to be stored is encrypted. And acquiring an OTP key from an OTP key library according to the first identity identifier, and encrypting different keys to be stored by selecting different OTP keys, thereby improving the security of the keys. And encrypting the key to be stored by utilizing the OTP key to generate encrypted information, storing the encrypted information, and encrypting the key to prevent the key from being illegally acquired. Therefore, the key processing method provided by the application encrypts the key by adopting the OTP key, so that the key is prevented from being leaked when the storage device is illegally read, and the data security is improved.
In a specific implementation, in order to improve the security of the key, the encryption information generated by encrypting the key to be stored with the OTP key may be stored in different memory areas in a distributed manner.
In a specific implementation, the encrypted information is randomly divided into a plurality of distributed information, the length of each distributed information can be the same or different, and each distributed information is written into different areas in the storage device. In order to facilitate subsequent searching, when the encrypted information is written into the storage device, the number of the encrypted information and the data of each piece of distributed information (the start address and the information length of each piece of distributed information storage area) need to be recorded. The number of the encrypted information may be a first identity of the key to be stored corresponding to the encrypted information, or may be a number determined according to the storage sequence, and the second scheme is adopted in this embodiment. The number of the first encryption information is 1, the number of the second encryption information is 2, and so on. When the total number of the encrypted information is P, the number of the encrypted information and P parts of the distributed information need to be recorded, when the Q-th encrypted information is written, the storage area of the P parts of the distributed information of the Q-th encrypted information is calculated according to the distributed information of the first Q-1 encrypted information, for example, when the 1-th encrypted information is written, the first group of distributed information addresses in the P parts of the distributed information are addr1 and d1, when the 2-th encrypted information is written, the first group of distributed information addresses in the P parts of the distributed information are addr2 and d2, and so on, when the Q-th encrypted information is written, the first group of distributed information addresses in the P parts of the distributed information are addr1+ d1+ d2+ … + d (Q-1), the length is d (Q-Q), and the calculation methods of the rest P-1 groups of distributed information are similar.
In this embodiment, the encrypted information is divided into a plurality of pieces of distributed information, and the distributed information is stored in different memory areas, so as to improve the security of the encrypted information.
In a specific implementation, in order to ensure that the encryption operation can be performed normally, it is further required to determine whether the OTP key exists in the key store.
On the basis of the foregoing embodiment, before the step of obtaining the OTP key from the OTP key repository according to the first identity, the method further includes:
judging whether the OTP key bank contains an OTP key or not;
if the OTP key is contained, executing the step of acquiring the OTP key from the OTP key library according to the first identity;
and if the OTP key is not contained, writing the OTP key into the OTP key bank, and executing the step of acquiring the OTP key from the OTP key bank according to the first identity.
Further, writing the OTP key into the OTP key repository includes:
dividing the OTP key into M information fragments, and respectively storing each information fragment;
and generating a second identity of the OTP key, and writing the second identity and the storage address of each information fragment into an OTP key library.
In this embodiment, before encrypting the key to be stored, whether the OTP key exists in the OTP key library is detected, and if the OTP key does not exist in the OTP key library, the OTP key is written into the OTP key library. Furthermore, in order to improve the security of the OTP key, the OTP key may be divided into M pieces of information, and the pieces of information are distributed and stored.
In a specific implementation, a randomly generated character can be used as the first identity; the first identity identifier of the key to be stored can also be generated according to the times of executing the key storage operation; the first identity may also be generated based on a date and time.
On the basis of the above embodiment, generating a first identity of the key to be stored includes:
recording the serial number of the key to be stored;
and generating a first identity mark according to the sequence number.
In this embodiment, a first identity identifier is generated through a sequence number of a key to be stored, so that the OTP key is obtained according to the first identity identifier, and subsequent operations are facilitated. Compared with other schemes, the scheme does not need to generate and calculate, and can reflect the number of the keys to be stored.
When the OTP key in the OTP key store is divided into a plurality of pieces of information, on the basis of the foregoing embodiment, the obtaining the OTP key according to the first identity identifier includes:
determining the storage address of each information fragment of the OTP key corresponding to the key to be stored according to the corresponding relation between the first identity mark and the second identity mark;
acquiring each information segment according to the storage address of each information segment;
and generating the OTP key according to the information fragment.
The corresponding relationship between the first identity identifier and the second identity identifier may be a random corresponding relationship, or may be a relationship set by the user, for example: determining an OTP key corresponding to the first identity by using the remainder of the quotient of the first identity and the second identity, specifically, if the remainder is 0, selecting the OTP key of which the second identity is 0; if the remainder is 1, selecting the OTP key with the second identity identifier of 1. After the OTP key is determined, the storage addresses of the information fragments of the OTP key are obtained, and the information fragments are obtained from the storage addresses to generate the OTP key.
In this embodiment, when the OTP key is stored in different storage addresses in a segmented manner, the OTP key is determined according to the correspondence between the first identity and the second identity, and the storage address of the OTP key is obtained to generate the OTP key, so that the OTP key is prevented from being leaked, and the security of the OTP key is improved.
It can be understood that after the key is stored in the storage device, when the encrypted file needs to be read, the stored key needs to be obtained and a decryption operation needs to be performed by using the key.
On the basis of the above embodiment, after the step of storing the encrypted information, the method further includes:
after the key reading instruction is obtained, the key reading instruction is analyzed to obtain a third identity of the target key;
acquiring encryption information and a corresponding OTP key according to the third identity;
and decrypting the encrypted information according to the OTP key to obtain a target key.
In specific implementation, a third identity needs to be obtained to determine a storage location of the encrypted information and an OTP key corresponding to the target key, and obtain the distributed information from each storage location, and perform a decryption operation on the merged distributed information by using the OTP key, thereby obtaining the target key.
Fig. 2 is a schematic view of an application scenario of a key processing method provided in an embodiment of the present application, and as shown in fig. 2, the key processing method includes:
s201: the OTP read operation unit reads the OTP memory cell information.
S202: the OTP read operation unit judges whether the OTP key has been written according to the read information, if so, performs S205, and if not, performs S203.
S203: the OTP key mapping unit generates a mapping relation of N groups of OTP keys, wherein the mapping relation of each key comprises two parts of information, namely an OTP key number and the OTP key storage position information (each OTP key is stored by dividing into M parts, so the storage position information comprises M fragment storage position information, and each fragment storage position information comprises the starting address of the fragment and the number of bytes of the fragment.
S204: and the OTP writing operation unit writes the N groups of OTP keys into the OTP storage unit according to the OTP key mapping relationship generated in the step S203.
S205: the instruction analysis unit analyzes the instruction content to obtain the operation words.
S206: and judging whether the operation word is a storage operation, if so, executing S207, and if not, executing to S214.
S207: the key numbering unit generates a key number C to be stored according to the number of keys which are currently stored, wherein C is a positive integer.
S208: the OTP read operation unit performs a remainder operation using C in S207 and N in S203, and obtains R, that is, R is equal to C% N.
S209: the OTP read operation unit reads the OTP key numbered R +1 according to the OTP key mapping relationship in S203.
S210: the key encryption and decryption module performs encryption operation on the key to be stored by using the OTP key obtained in S209, and generates encrypted information with a length D.
S211: the random dispersion generation unit generates P random positive integers, and the sum of the P random positive integers is D.
S212: the dispersion information recording unit records the number C in S207, and generates and records P-set dispersion information from P random positive integers in S211. Each of the dispersion information includes a start address and an information length (the information length in the pth-group dispersion information is a value of a pth random positive integer, where 1 ≦ P), the pth-group dispersion information being in an incremental form, for example, when the qth encrypted information is written, the P-sets of dispersion information are calculated from the first Q-1 dispersion information, such as when writing the 1 st encrypted information, the first group of the P-group dispersion information has an address addr1, a length d1, when writing the 2 nd encrypted information, the first group of distributed information in the P groups of distributed information has address addr2, length d2, and so on, then when writing the Q-th encrypted message, the first group of distributed messages in the P group of distributed messages has the address addr1+ d1+ d2+ … + d (Q-1) and the length d (Q), and the calculation method of the other P-1 groups of distributed messages is similar.
S213: the storage read-write operation unit writes the encrypted information in S210 in the information storage unit according to the P-set dispersion information in S212.
S214: and the instruction analysis unit outputs the key number S to be read.
S215: the OTP read operation unit performs a remainder operation using S in S214 and N in S203 to obtain T, that is, T equals S% N.
S216: the OTP read operation unit reads the OTP key numbered T +1 according to the OTP key mapping relationship in S203.
S217: the distributed information recording unit obtains P groups of distributed information corresponding to the encrypted information according to S in S214.
S218: the storage read-write operation unit reads out the P encrypted information segments according to the P groups of scattered information in the S217 and combines the P encrypted information segments into complete encrypted information.
S219: the key encryption/decryption module decrypts the encrypted information of S218 according to the OTP key in S216, and finally outputs the key to be read.
In the above embodiments, the key processing method is described in detail, and the present application also provides embodiments corresponding to the key processing apparatus. It should be noted that the present application describes the embodiments of the apparatus portion from two perspectives, one is from the perspective of the function module, and the other is from the perspective of the hardware.
Fig. 3 is a structural diagram of a key processing apparatus according to an embodiment of the present application, and as shown in fig. 3, the apparatus includes:
the first obtaining module 10 is configured to obtain the key to be stored and generate a first identity of the key to be stored when the key storage instruction is obtained;
a second obtaining module 11, configured to obtain an OTP key from an OTP key library according to the first identity;
and a generating module 12, configured to encrypt the to-be-stored key with the OTP key to generate encrypted information, and store the encrypted information.
Since the embodiment of the apparatus portion and the embodiment of the method portion correspond to each other, please refer to the description of the embodiment of the method portion for the embodiment of the apparatus portion, and details are not repeated here.
The present embodiment provides a key processing apparatus, including: when the key storage instruction is obtained, the key to be stored is obtained, and the first identity identification of the key to be stored is generated, so that the key to be stored is encrypted. And acquiring an OTP key from an OTP key library according to the first identity identifier, and encrypting different keys to be stored by selecting different OTP keys, thereby improving the security of the keys. And encrypting the key to be stored by utilizing the OTP key to generate encrypted information, storing the encrypted information, and encrypting the key to prevent the key from being illegally acquired. Therefore, the key processing device provided by the embodiment encrypts the key by using the OTP key, so as to prevent the key from being leaked when the storage device is illegally read, and improve the security of data.
Fig. 4 is a structural diagram of a key processing device according to another embodiment of the present application, and as shown in fig. 4, the key processing device according to this embodiment includes: a memory 20 for storing a computer program;
a processor 21 for implementing the steps of the method of generating encryption information as described in the above embodiments when executing the computer program.
The terminal device provided by the embodiment may include, but is not limited to, a smart phone, a tablet computer, a notebook computer, or a desktop computer.
The processor 21 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the like. The processor 21 may be implemented in at least one hardware form of Digital Signal Processing (DSP), Field-Programmable Gate Array (FPGA), and Programmable Logic Array (PLA). The processor 21 may also include a main processor and a coprocessor, where the main processor is a processor for Processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 21 may be integrated with a Graphics Processing Unit (GPU) which is responsible for rendering and drawing the content required to be displayed by the display screen. In some embodiments, the processor 21 may further include an Artificial Intelligence (AI) processor for processing computing operations related to machine learning.
The memory 20 may include one or more computer-readable storage media, which may be non-transitory. Memory 20 may also include high speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 20 is at least used for storing the following computer program 201, wherein after being loaded and executed by the processor 21, the computer program can implement the relevant steps of the key processing method disclosed in any of the foregoing embodiments. In addition, the resources stored in the memory 20 may also include an operating system 202, data 203, and the like, and the storage manner may be a transient storage manner or a permanent storage manner. Operating system 202 may include, among other things, Windows, Unix, Linux, etc. The data 203 may include, but is not limited to, encryption information, a first identity, etc.
In some embodiments, the key processing device may further include a display 22, an input/output interface 23, a communication interface 24, a power supply 25, and a communication bus 26.
Those skilled in the art will appreciate that the configuration shown in fig. 4 does not constitute a limitation of the key processing apparatus and may include more or fewer components than those shown.
The key processing device provided by the embodiment of the application comprises a memory and a processor, and when the processor executes a program stored in the memory, the following method can be realized:
when a key storage instruction is obtained, obtaining a key to be stored and generating a first identity of the key to be stored;
acquiring an OTP key from an OTP key library according to a first identity;
and encrypting the key to be stored by using the OTP key to generate encrypted information, and saving the encrypted information.
Finally, the application also provides a corresponding embodiment of the computer readable storage medium. The computer-readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps as set forth in the above-mentioned method embodiments.
It is to be understood that if the method in the above embodiments is implemented in the form of software functional units and sold or used as a stand-alone product, it can be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium and executes all or part of the steps of the methods described in the embodiments of the present application, or all or part of the technical solutions. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The key processing method, device and medium provided by the present application are described in detail above. The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A method of key processing, comprising:
when a key storage instruction is obtained, obtaining a key to be stored, and generating a first identity of the key to be stored;
acquiring an OTP key from an OTP key library according to the first identity identifier;
and encrypting the key to be stored by using the OTP key to generate encrypted information, and storing the encrypted information.
2. The key processing method of claim 1, wherein the saving the encryption information comprises:
and storing the encrypted information to different memory areas in a scattered manner.
3. The key processing method according to claim 1, further comprising, before the step of obtaining an OTP key from an OTP key repository according to the first identity, the steps of:
judging whether the OTP key library contains an OTP key or not;
if the OTP key is contained, the step of obtaining the OTP key from the OTP key bank according to the first identity identifier is executed;
and if the OTP key is not contained, writing the OTP key into the OTP key database, and executing the step of obtaining the OTP key from the OTP key database according to the first identity.
4. The key processing method according to claim 1, wherein the generating a first identity of the key to be stored comprises:
recording the serial number of the key to be stored;
and generating the first identity mark according to the sequence number.
5. The key processing method of claim 3, wherein the writing the OTP key into the OTP key repository comprises:
dividing the OTP key into M information fragments, and respectively storing each information fragment;
and generating a second identity of the OTP key, and writing the second identity and the storage address of each information fragment into the OTP key library.
6. The key processing method according to claim 5, wherein the obtaining an OTP key according to the first identity comprises:
determining the storage address of each information fragment of the OTP key corresponding to the key to be stored according to the corresponding relationship between the first identity and the second identity;
acquiring each information segment according to the storage address of each information segment;
and generating the OTP key according to the information fragment.
7. The key processing method according to claim 1, further comprising, after the step of saving the encryption information:
after a key reading instruction is obtained, analyzing the key reading instruction to obtain a third identity of a target key;
acquiring the encrypted information and the corresponding OTP key according to the third identity;
and decrypting the encrypted information according to the OTP key to obtain a target key.
8. A key processing apparatus, comprising:
the first acquisition module is used for acquiring a key to be stored and generating a first identity identifier of the key to be stored when a key storage instruction is acquired;
the second acquisition module is used for acquiring the OTP key from the OTP key library according to the first identity identifier;
and the generating module is used for encrypting the key to be stored by utilizing the OTP key to generate encrypted information and storing the encrypted information.
9. A key processing apparatus comprising a memory for storing a computer program;
a processor for implementing the steps of the key processing method according to any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the key processing method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210302345.7A CN114629643A (en) | 2022-03-25 | 2022-03-25 | Key processing method, device and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210302345.7A CN114629643A (en) | 2022-03-25 | 2022-03-25 | Key processing method, device and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114629643A true CN114629643A (en) | 2022-06-14 |
Family
ID=81903124
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210302345.7A Pending CN114629643A (en) | 2022-03-25 | 2022-03-25 | Key processing method, device and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114629643A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130051552A1 (en) * | 2010-01-20 | 2013-02-28 | Héléna Handschuh | Device and method for obtaining a cryptographic key |
| US20150349958A1 (en) * | 2013-01-08 | 2015-12-03 | Bar-Ilan University | A method for providing security using secure computation |
| CN105284072A (en) * | 2013-08-12 | 2016-01-27 | 德国邮政股份公司 | Support for decryption of encrypted data |
| CN109088729A (en) * | 2018-09-28 | 2018-12-25 | 北京金山安全软件有限公司 | Key storage method and device |
| US20200342121A1 (en) * | 2017-12-18 | 2020-10-29 | Beijing Sankuai Online Technology Co., Ltd | Encrypted storage of data |
| DE102020002423A1 (en) * | 2020-01-20 | 2021-07-22 | HENSOLDT Cyber GmbH | Device and method for data storage |
| CN113408017A (en) * | 2021-06-30 | 2021-09-17 | 湖南国科微电子股份有限公司 | Method, device, equipment and storage medium for protecting data in OTP (one time programmable) memory |
| KR20220002059A (en) * | 2020-06-30 | 2022-01-06 | 삼성전자주식회사 | Mobile payment method, appratus and mobile payment verification method |
-
2022
- 2022-03-25 CN CN202210302345.7A patent/CN114629643A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130051552A1 (en) * | 2010-01-20 | 2013-02-28 | Héléna Handschuh | Device and method for obtaining a cryptographic key |
| US20150349958A1 (en) * | 2013-01-08 | 2015-12-03 | Bar-Ilan University | A method for providing security using secure computation |
| CN105284072A (en) * | 2013-08-12 | 2016-01-27 | 德国邮政股份公司 | Support for decryption of encrypted data |
| US20200342121A1 (en) * | 2017-12-18 | 2020-10-29 | Beijing Sankuai Online Technology Co., Ltd | Encrypted storage of data |
| CN109088729A (en) * | 2018-09-28 | 2018-12-25 | 北京金山安全软件有限公司 | Key storage method and device |
| DE102020002423A1 (en) * | 2020-01-20 | 2021-07-22 | HENSOLDT Cyber GmbH | Device and method for data storage |
| KR20220002059A (en) * | 2020-06-30 | 2022-01-06 | 삼성전자주식회사 | Mobile payment method, appratus and mobile payment verification method |
| CN113408017A (en) * | 2021-06-30 | 2021-09-17 | 湖南国科微电子股份有限公司 | Method, device, equipment and storage medium for protecting data in OTP (one time programmable) memory |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106778283B (en) | Method and system for protecting key data of system partition | |
| JP3579154B2 (en) | Method and system for protected distribution of multimedia titles | |
| JP2020502648A (en) | Systems and methods for detecting cryptoware | |
| KR101434860B1 (en) | Method for Verifying Integrity of Dynamic Code Using Hash | |
| US7818567B2 (en) | Method for protecting security accounts manager (SAM) files within windows operating systems | |
| CN115238286A (en) | Data protection method and device, computer equipment and storage medium | |
| CN111324916A (en) | Data destruction method, device, equipment and readable storage medium | |
| CN111967065A (en) | Data protection method, processor and electronic equipment | |
| CN101447013A (en) | Method, device and system for running software | |
| US7508938B1 (en) | Method and apparatus for generating and using a tamper-resistant encryption key | |
| CN109324843B (en) | Fingerprint processing system and method and fingerprint equipment | |
| CN114629643A (en) | Key processing method, device and medium | |
| CN111104693A (en) | Android platform software data cracking method, terminal device and storage medium | |
| CN116010360A (en) | Similarity-based electric power text data storage method and device | |
| CN111639353B (en) | Data management method and device, embedded equipment and storage medium | |
| CN112016336B (en) | Method, device, equipment and storage medium for detecting copy card | |
| KR101556908B1 (en) | Apparatus For Protecting Binary Code | |
| CN111291387B (en) | File protection method and file processing system thereof | |
| CN110659509B (en) | Memory snapshot file generation method and device, electronic equipment and medium | |
| CN110324150B (en) | Data storage method and device, computer readable storage medium and electronic equipment | |
| CN112632571B (en) | Data encryption method, data decryption device and storage device | |
| CN116992495B (en) | Office file encryption storage method, system, storage medium and electronic equipment | |
| US20130036474A1 (en) | Method and Apparatus for Secure Data Representation Allowing Efficient Collection, Search and Retrieval | |
| CN109598154B (en) | Credible full-disk encryption and decryption method | |
| RU2099779C1 (en) | Device for protecting information stored in personal computers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |