CN114900285A - Secret key filling method, system, computer equipment and storage medium - Google Patents

Secret key filling method, system, computer equipment and storage medium Download PDF

Info

Publication number
CN114900285A
CN114900285A CN202210349282.0A CN202210349282A CN114900285A CN 114900285 A CN114900285 A CN 114900285A CN 202210349282 A CN202210349282 A CN 202210349282A CN 114900285 A CN114900285 A CN 114900285A
Authority
CN
China
Prior art keywords
key
matrix
temporary
private
secret
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210349282.0A
Other languages
Chinese (zh)
Inventor
张正萍
张安驰
唐如意
张军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing Jinkang Sailisi New Energy Automobile Design Institute Co Ltd
Original Assignee
Chongqing Jinkang Sailisi New Energy Automobile Design Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing Jinkang Sailisi New Energy Automobile Design Institute Co Ltd filed Critical Chongqing Jinkang Sailisi New Energy Automobile Design Institute Co Ltd
Priority to CN202210349282.0A priority Critical patent/CN114900285A/en
Publication of CN114900285A publication Critical patent/CN114900285A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Abstract

The application relates to a key filling method, a system, a computer device and a storage medium. The method comprises the following steps: acquiring a first private key and a second private key, and acquiring a temporary secret key according to the first private key and the second private key; acquiring a first key, copying the first key to obtain a second key, encrypting the second key through a temporary key to obtain and output a third key; receiving a third key, and decrypting the received third key through the temporary key to obtain a fourth key; wherein the first key is used to verify the fourth key. By adopting the method, the first key can be encrypted through the temporary key to obtain the third key, and the first key is encrypted into the third key for transmission, so that the third key can be effectively prevented from being reversely deduced into the second key, the second key is stolen, and the security guarantee of key transmission is improved.

Description

Secret key filling method, system, computer equipment and storage medium
Technical Field
The present application relates to the field of information security technologies, and in particular, to a key filling method, a key filling system, a computer device, and a storage medium.
Background
The safety algorithm commonly used by the vehicle controller at present is a symmetric algorithm, and in most of the symmetric algorithms, a key needs to be determined before a sender and a receiver communicate, wherein the key is a parameter and is data input in an algorithm for converting a plaintext into a ciphertext or converting the ciphertext into the plaintext; the sender encrypts the plaintext to be sent through the key to obtain a ciphertext and sends the ciphertext to the receiver; and the receiver decrypts the received ciphertext through the key to obtain the plaintext. Therefore, the security of the symmetric algorithm almost depends on the key, and the leakage of the key means the leakage of the message, whereas the confidentiality of the message is shifted to the confidentiality of the key. The secret key used in the algorithm is obtained through artificial participation and offline release or simple transmission, and the secret key is possibly artificially leaked or stolen, so that the safety of the secret key is insufficient.
Disclosure of Invention
Based on the key filling method, the key filling system, the computer equipment and the storage medium, the key is ensured to be safe.
In one aspect, a method for key filling is provided, the method including:
acquiring a first private key and a second private key, and acquiring a temporary secret key according to the first private key and the second private key;
acquiring a first key, copying the first key to obtain a second key, encrypting the second key through the temporary key to obtain and output a third key;
receiving the third key, and decrypting the received third key through the temporary key to obtain a fourth key; wherein the first key is used to verify the fourth key.
In one embodiment, the obtaining a temporary key according to the first private key and the second private key includes:
acquiring prime numbers and primitive roots corresponding to the prime numbers;
obtaining and sending a first public key according to the first private key, the prime number and the primitive root corresponding to the prime number, wherein the mathematical expression of obtaining the first public key is as follows:
A=g a mod p,
wherein, a is the first public key, a is the first private key, p is the prime number, and g is the primitive root corresponding to the prime number p;
obtaining and sending a second public key according to the second private key, the prime number and the primitive root corresponding to the prime number, wherein the mathematical expression of obtaining the second public key is as follows:
B=g b mod p,
wherein, B is the first public key, B is the first private key, p is the prime number, and g is the primitive root corresponding to the prime number p;
receiving the second public key, and obtaining a fifth secret key according to the second public key, the first private key and the prime number, wherein the mathematical expression of the fifth secret key is as follows:
K1=B a mod p,
wherein K1 is the fifth key, B is the second public key, a is the first private key, and p is the prime number;
receiving the first public key, and obtaining a sixth secret key according to the first public key, the second private key and the prime number, wherein the mathematical expression of the sixth secret key is as follows:
K2=A b mod p,
wherein, K2 is the sixth secret key, a is the first public key, b is the second private key, and p is the prime number;
wherein the temporary key comprises the fifth key and the sixth key, and the values of the fifth key and the sixth key are equal.
In one embodiment, the encrypting the second key by the temporary key to obtain and output a third key includes:
converting the second key into a first matrix, converting the temporary key into a second matrix, and performing exclusive-or operation on the first matrix and the second matrix to obtain a third matrix;
obtaining a byte substitution table, substituting bytes in the third matrix through the byte substitution table so as to map the third matrix into a fourth matrix, moving an Nth row of the fourth matrix to the left by N-1 bytes to obtain a fifth matrix, calculating a product of a preset matrix and the fifth matrix on a finite field to obtain a sixth matrix, expanding the second matrix to obtain a seventh matrix, and carrying out exclusive-or operation on the sixth matrix and the seventh matrix to obtain an eighth matrix;
and replacing bytes in the eighth matrix through the byte replacement table so as to map the eighth matrix into a ninth matrix, moving the Nth row of the ninth matrix by N-1 bytes to the left to obtain a tenth matrix, expanding the seventh matrix to obtain an eleventh matrix, performing XOR operation on the tenth matrix and the eleventh matrix to obtain a ciphertext matrix, and obtaining and outputting the third key according to the ciphertext matrix.
In one embodiment, the method further comprises the following steps:
verifying the first key to obtain a first verification result, verifying the fourth key to obtain a second verification result, comparing the first verification result with the second verification result, and judging whether the first verification result is the same as the second verification result,
if yes, filling is correct;
if not, the filling is wrong.
In one embodiment, the verifying the first key to obtain a first verification result, and the verifying the fourth key to obtain a second verification result includes:
performing hash operation on the temporary secret key and the first secret key to obtain a first message verification code, and outputting the first message verification code as the first verification result;
and receiving the first verification result, performing hash operation on the temporary key and the fourth key to obtain a second message verification code, and taking the second message verification code as the second verification result.
In one embodiment, the obtaining the first key includes:
establishing a secure channel for transmitting the first key through secure authentication of a public key infrastructure;
sending a request message for acquiring the first key;
receiving the request message, comparing a first key to be acquired in the request message with keys in a key bank, and acquiring and outputting the first key;
and acquiring the first secret key through the secure channel.
In one embodiment, the keys in the keystore are derived from generated true random numbers.
In another aspect, a key filling system is provided, the system comprising a filling module and a receiving module, wherein:
the device comprises a filling module, a receiving module and a sending module, wherein the filling module is used for obtaining a first private key, the receiving module is used for obtaining a second private key, and the filling module and the receiving module obtain a temporary secret key according to the first private key and the second private key;
the filling module is further used for acquiring a first secret key, copying the first secret key to obtain a second secret key, encrypting the second secret key through the temporary secret key to obtain and output a third secret key;
the receiving module is further configured to receive the third key, and decrypt the received third key through the temporary key to obtain a fourth key; wherein the first key is used to verify the fourth key.
In another aspect, a computer device is provided, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and the processor implements the following steps when executing the computer program:
acquiring a first private key and a second private key, and acquiring a temporary secret key according to the first private key and the second private key;
acquiring a first key, copying the first key to obtain a second key, encrypting the second key through the temporary key to obtain and output a third key;
receiving the third key, and decrypting the received third key through the temporary key to obtain a fourth key; wherein the first key is used to verify the fourth key.
In yet another aspect, a computer-readable storage medium is provided, having stored thereon a computer program which, when executed by a processor, performs the steps of:
acquiring a first private key and a second private key, and acquiring a temporary secret key according to the first private key and the second private key;
acquiring a first key, copying the first key to obtain a second key, encrypting the second key through the temporary key to obtain and output a third key;
receiving the third key, and decrypting the received third key through the temporary key to obtain a fourth key; wherein the first key is used to verify the fourth key.
According to the key filling method, the key filling system, the computer equipment and the storage medium, the temporary key is obtained by obtaining the first private key and the second private key according to the first private key and the second private key; acquiring a first key, copying the first key to obtain a second key, encrypting the second key through the temporary key to obtain and output a third key; receiving the third key, and decrypting the received third key through the temporary key to obtain a fourth key; wherein the first key is used to verify the fourth key; the temporary key is obtained through the first private key and the second private key, the first key is encrypted through the temporary key to obtain the third key, and the encrypted third key is transmitted, so that the situation that the third key is reversely deduced to be the second key can be effectively avoided, the second key is stolen, and the security guarantee of the key is improved.
Drawings
FIG. 1 is a schematic flow chart of a key filling method according to an embodiment;
FIG. 2 is a flow diagram illustrating the step of obtaining a temporary key in one embodiment;
FIG. 3 is a flowchart illustrating the step of encrypting the second key in one embodiment;
FIG. 4 is a schematic flow chart illustrating the steps for determining whether filling is correct in one embodiment;
FIG. 5 is a flowchart illustrating the steps of verifying the first key and the fourth key in one embodiment;
FIG. 6 is a flowchart illustrating the step of obtaining a first key in one embodiment;
FIG. 7 is a timing diagram illustrating the execution of the key filling system in one embodiment;
FIG. 8 is a timing diagram illustrating the execution of another embodiment of a key locker system;
FIG. 9 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The vehicle controller often adopts a symmetric algorithm to encrypt a plaintext for communication into a ciphertext for transmission, and in most symmetric algorithms, a sender and a receiver performing communication need to determine a shared key in advance, the sender encrypts the plaintext into the ciphertext through the shared key and transmits the ciphertext to the receiver, and the receiver decrypts the ciphertext into the plaintext through the shared key, so that the plaintext transmission is completed. Therefore, in order to prevent plaintext from leaking, the key needs to be encrypted, and most of the existing keys are manually sent or transmitted, so that the key is manually stolen or leaked, and the security of the key is reduced. Therefore, the application provides a key filling method, a system, a computer device and a storage medium, a temporary key is obtained according to a first private key and a second private key, the obtained first key is copied to obtain a second key, the second key is encrypted through the temporary key to obtain a third key, the second key is encrypted to be the third key for transmission, the third key can be effectively prevented from being reversely deduced to be the second key, the second key is stolen, and the security guarantee of the key is improved.
In one embodiment, as shown in fig. 1, there is provided a key infusion method comprising the steps of:
s1: acquiring a first private key and a second private key, and acquiring a temporary secret key according to the first private key and the second private key;
s2: acquiring a first key, copying the first key to obtain a second key, encrypting the second key through the temporary key to obtain and output a third key;
s3: receiving the third key, and decrypting the received third key through the temporary key to obtain a fourth key; wherein the first key is used to verify the fourth key.
Obtaining a temporary secret key according to the first private key and the second private key; the method comprises the steps of copying an obtained first secret key to obtain a second secret key, caching the copied second secret key, encrypting the second secret key by using a temporary secret key to obtain a third secret key, encrypting the second secret key into the third secret key and transmitting the third secret key, wherein the temporary secret key is obtained by using a first private key and a second private key, so that the temporary secret key can be effectively prevented from being reversely deduced, the third secret key obtained by encrypting the temporary secret key is reversely deduced into the second secret key, and the second secret key is stolen; and after the transmission is finished, the temporary secret key is utilized to decrypt the third secret key to obtain a fourth secret key, and whether the decryption of the fourth secret key is correct is verified according to the first secret key, so that whether the filling of the first secret key is finished is judged, and the safety guarantee of the secret key is improved.
In one embodiment, as shown in fig. 2, the obtaining a temporary key according to the first private key and the second private key includes:
s11: acquiring prime numbers and primitive roots corresponding to the prime numbers;
s12: obtaining and sending a first public key according to the first private key, the prime number and the primitive root corresponding to the prime number, wherein the mathematical expression of obtaining the first public key is as follows:
A=g a mod p,
wherein, a is the first public key, a is the first private key, p is the prime number, and g is the primitive root corresponding to the prime number p;
s13: obtaining and sending a second public key according to the second private key, the prime number and the primitive root corresponding to the prime number, wherein the mathematical expression of obtaining the second public key is as follows:
B=g b mod p,
wherein, B is the first public key, B is the first private key, p is the prime number, and g is the primitive root corresponding to the prime number p;
s14: receiving the second public key, and obtaining a fifth secret key according to the second public key, the first private key and the prime number, wherein the mathematical expression of the fifth secret key is as follows:
K1=B a mod p,
wherein K1 is the fifth key, B is the second public key, a is the first private key, and p is the prime number;
s15: receiving the first public key, and obtaining a sixth secret key according to the first public key, the second private key and the prime number, wherein the mathematical expression of the sixth secret key is as follows:
K2=A b mod p,
wherein K2 is the sixth key, a is the first public key, b is the second private key, and p is the prime number;
wherein the temporary key comprises the fifth key and the sixth key, and the values of the fifth key and the sixth key are equal.
It should be noted that, by the above method, two parties communicating with the first key may obtain a shared temporary key, where the temporary key includes the fifth key and the sixth key, a sender of the key may encrypt the second key by using the fifth key, and a receiver of the key decrypts the received third key by using the sixth key, and since the values of the fifth key and the sixth key are equal, sharing of the temporary key is achieved; because the temporary secret key is obtained through the first private key and the second private key, the temporary secret key can be effectively prevented from being reversely deduced, so that a third secret key obtained by encrypting the temporary secret key is reversely deduced to be the second secret key, the second secret key is stolen, and the safety of the third secret key is ensured. And the value of the temporary key depends on the prime number to some extent, when the prime number is larger, the process of sending the first public key and the second public key is safer, and the security of the obtained temporary key is higher.
In an embodiment, as shown in fig. 3, the encrypting the second key by the temporary key to obtain and output a third key includes:
s21: and converting the second key into a first matrix, converting the temporary key into a second matrix, and performing exclusive-or operation on the first matrix and the second matrix to obtain a third matrix.
It should be noted that, when the second key is converted into the first matrix and the temporary key is converted into the second matrix, the arrangement order of the bytes in the matrix is from top to bottom and from left to right, for example, it is assumed that the second key is (P) 0 P 1 ……P 15 ) Then the first column of the first matrix is (P) 0 ~P 3 ) The second column is (P) 4 ~P 7 ) The third column is (P) 8 ~P 11 ) The fourth column is (P) 12 ~P 15 ) (ii) a And performing exclusive-or operation on the first matrix and the second matrix according to bytes to obtain a result, namely the third matrix.
S22: the method comprises the steps of obtaining a byte substitution table, substituting bytes in a third matrix through the byte substitution table to map the third matrix to a fourth matrix, moving an Nth row of the fourth matrix to the left by N-1 bytes to obtain a fifth matrix, calculating a product of a preset matrix and the fifth matrix on a finite field to obtain a sixth matrix, expanding a second matrix to obtain a seventh matrix, and carrying out exclusive OR operation on the sixth matrix and the seventh matrix to obtain an eighth matrix.
It should be noted that, taking the high byte of the byte in the third matrix as a row value and the low byte as a column value, performing table lookup operation in the byte substitution table, and mapping the found byte to the corresponding byte in the third matrix, thereby obtaining the fourth matrix; performing a leftward shift operation on the fourth matrix, specifically, moving the nth row by N-1 bytes to the left, for example, moving the 1 st row of the fourth matrix by 1 byte to the left, moving the 3 rd row by 2 bytes to the left, until all rows of the fourth matrix are moved, and obtaining a result, that is, a fifth matrix;
and expanding the second matrix, specifically, forming bytes of each column of the second matrix into one word, and naming the 4 words as (W) assuming that the second matrix has 4 columns 0 、W 1 、W 2 、W 3 ) Then the word of the expanded ith column is W i ,W i The mathematical expression of (a) is:
Figure BDA0003578742350000091
wherein T is a function comprising: w is to be [i-1] Moving a byte to the left, performing table look-up operation on the moved result in the byte representation table, performing exclusive OR operation on the table look-up result and a preset round constant, and obtaining a final result which is T (W[i-1])
In addition, step S22 needs to be executed in a loop for a plurality of times, where the number of times of the loop depends on the length of the second key, for example, if the length of the second key is 128 bits, the number of times of the loop is 9 times; if the length of the second key is 192 bits, the number of cycles is 11; if the length of the second key is 256 bits, the number of cycles is 13; i.e. the number of rounds increases twice for every 64 bits increase in the length of the second key.
S23: and replacing bytes in the eighth matrix through the byte replacement table so as to map the eighth matrix into a ninth matrix, moving the Nth row of the ninth matrix by N-1 bytes to the left to obtain a tenth matrix, expanding the seventh matrix to obtain an eleventh matrix, performing XOR operation on the tenth matrix and the eleventh matrix to obtain a ciphertext matrix, and obtaining and outputting the third key according to the ciphertext matrix.
It should be noted that, step S23 is executed in the same manner as step S22, specifically, the eighth matrix is mapped to the ninth matrix, the method of mapping the third matrix to the fourth matrix is the same as the method of mapping the ninth matrix to the fourth matrix, the method of moving the ninth matrix is the same as the method of moving the fourth matrix, and the method of expanding the seventh matrix is the same as the method of expanding the second matrix, and therefore details are not repeated herein; in addition, the third key is obtained according to the ciphertext matrix, and the conversion process of the third key is the reverse of the process of converting the key into the matrix, which is not described herein again.
In addition, the decryption process of decrypting the third key by using the temporary key is the reverse of the process of encrypting the second key by using the temporary key, and is not described herein again.
In one embodiment, as shown in fig. 4, the method further comprises:
s41: verifying the first key to obtain a first verification result, verifying the fourth key to obtain a second verification result, comparing the first verification result with the second verification result, and judging whether the first verification result is the same as the second verification result,
s42: if yes, filling is correct;
s43: if not, the filling is wrong.
After the fourth key is decrypted, the fourth key needs to be verified, and since the fourth key is obtained by decrypting the third key, the third key is obtained by encrypting the second key through the temporary key, and the second key is obtained by copying the first key, the first key and the fourth key are verified, the obtained first verification result is compared with the second verification result, and whether the fourth key is the same as the first key or not is judged, so that whether the second key is successfully transmitted or not is determined.
In an embodiment, as shown in fig. 5, the verifying the first key to obtain a first verification result, and the verifying the fourth key to obtain a second verification result includes:
s411: performing hash operation on the temporary secret key and the first secret key to obtain a first message verification code, and outputting the first message verification code as the first verification result;
s412: and receiving the first verification result, performing hash operation on the temporary key and the fourth key to obtain a second message verification code, and taking the second message verification code as the second verification result.
It should be noted that the sender and the receiver communicating the first key share the temporary key, the sender performs Hash (Hash) operation on the temporary key and the first key to obtain the first message authentication code, the first message authentication code is output to the receiver as a first authentication result, the receiver performs Hash operation on the temporary key and the fourth key to obtain the second message authentication code, the second message authentication code is compared with the first authentication result as the second authentication result, if the first authentication result is the same as the second authentication result, the first key and the fourth key are the same, and the fourth key is not tampered or destroyed. In other embodiments, the first key and the fourth key may be directly compared word by word, and the embodiment performs verification through the foregoing hash operation with the key from the viewpoint of security of the verification process and reliability of the verification result.
In one embodiment, as shown in fig. 6, the obtaining the first key includes:
s201: establishing a secure channel for transmitting the first key through secure authentication of a public key infrastructure;
s202: sending a request message for acquiring the first key;
s203: receiving the request message, comparing a first key in the request message with a key in a key bank, and obtaining and outputting the first key;
s204: and acquiring the first secret key through the secure channel.
A Public Key Infrastructure (PKI) is a system or platform that provides Public Key encryption and digital signature services, and aims to manage keys and certificates, and to establish a secure network environment through the security authentication of the PKI when communicating keys, and to establish a secure channel, so that the first Key is transmitted in a more secure environment, thereby ensuring the security of the first Key to a certain extent, and further avoiding the first Key from being leaked or stolen.
In one embodiment, further comprising:
s2031: the keys in the keystore are derived from the generated true random numbers.
Compared with the method of setting keys according to rules, the method has the advantages that the true random numbers generated randomly are used as keys in the key bank, and have randomness and immeasurability, so that the keys are effectively prevented from being reversely deduced, and the security of the keys is further improved.
It should be understood that although the various steps in the flow charts of fig. 1-6 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 1-6 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternating with other steps or at least some of the sub-steps or stages of other steps.
In one embodiment, as shown in fig. 7, there is provided a key filling system comprising: filling module and receiving module, wherein:
the device comprises a filling module, a receiving module and a sending module, wherein the filling module is used for obtaining a first private key, the receiving module is used for obtaining a second private key, and the filling module and the receiving module obtain a temporary secret key according to the first private key and the second private key;
the filling module is further used for acquiring a first secret key, copying the first secret key to obtain a second secret key, encrypting the second secret key through the temporary secret key to obtain and output a third secret key;
the receiving module is further configured to receive the third key, and decrypt the received third key through the temporary key to obtain a fourth key; wherein the first key is used to verify the fourth key.
In one embodiment, the obtaining, by the filling module and the receiving module, a temporary key according to the first private key and the second private key includes:
the filling module and the receiving module acquire prime numbers and primitive roots corresponding to the prime numbers;
the filling module obtains and sends a first public key to the receiving module according to the first private key, the prime number and the primitive root corresponding to the prime number, and the mathematical expression of the obtained first public key is as follows:
A=g a mod p,
wherein, a is the first public key, a is the first private key, p is the prime number, and g is the primitive root corresponding to the prime number p;
the receiving module obtains and sends a second public key to the filling module according to the second private key, the prime number and the primitive root corresponding to the prime number, and the mathematical expression of the obtained second public key is as follows:
B=g b mod p,
wherein, B is the first public key, B is the first private key, p is the prime number, and g is the primitive root corresponding to the prime number p;
the filling module receives the second public key, and obtains a fifth key according to the second public key, the first private key and the prime number, wherein the mathematical expression of the fifth key is as follows:
K1=B a mod p,
wherein K1 is the fifth key, B is the second public key, a is the first private key, and p is the prime number;
the receiving module receives the first public key, and obtains a sixth secret key according to the first public key, the second private key and the prime number, wherein the mathematical expression of the sixth secret key is as follows:
K2=A b mod p,
wherein K2 is the sixth key, a is the first public key, b is the second private key, and p is the prime number;
wherein the temporary key comprises the fifth key and the sixth key, and the values of the fifth key and the sixth key are equal.
In one embodiment, the filling module encrypts the second key by using the temporary key, and obtaining and outputting a third key includes:
converting the second key into a first matrix, converting the temporary key into a second matrix, and performing exclusive-or operation on the first matrix and the second matrix to obtain a third matrix;
obtaining a byte substitution table, substituting bytes in the third matrix through the byte substitution table so as to map the third matrix into a fourth matrix, moving an Nth row of the fourth matrix to the left by N-1 bytes to obtain a fifth matrix, calculating a product of a preset matrix and the fifth matrix on a finite field to obtain a sixth matrix, expanding the second matrix to obtain a seventh matrix, and carrying out exclusive-or operation on the sixth matrix and the seventh matrix to obtain an eighth matrix;
and replacing bytes in the eighth matrix through the byte replacement table so as to map the eighth matrix into a ninth matrix, moving the Nth row of the ninth matrix by N-1 bytes to the left to obtain a tenth matrix, expanding the seventh matrix to obtain an eleventh matrix, performing XOR operation on the tenth matrix and the eleventh matrix to obtain a ciphertext matrix, and obtaining and outputting the third key according to the ciphertext matrix.
In one embodiment, further comprising:
the filling module is further configured to verify the first key to obtain a first verification result, the receiving module is further configured to verify the fourth key to obtain a second verification result, the filling module is in communication with the receiving module, compares the first verification result with the second verification result, and determines whether the first verification result is the same as the second verification result,
if yes, filling is correct;
if not, the filling is wrong.
In an embodiment, the filling module is further configured to verify the first key to obtain a first verification result, and the receiving module is further configured to verify the fourth key to obtain a second verification result, where the obtaining of the second verification result includes:
the filling module performs hash operation on the temporary secret key and the first secret key to obtain a first message verification code, and the first message verification code is used as the first verification result to be output;
and the receiving module receives the first verification result, performs hash operation on the temporary key and the fourth key to obtain a second message verification code, and takes the second message verification code as the second verification result.
In one embodiment, the system further comprises a key module, and the obtaining of the first key by the filling module comprises:
the key module and the filling module establish a secure channel for transmitting the first key through the security certification of a public key infrastructure;
the filling module sends a request message for acquiring the first secret key;
the key module receives the request message, compares a first key to be acquired in the request message with a key in a key bank, and acquires and outputs the first key;
and the filling module acquires the first secret key through the secure channel.
In one embodiment, the keys in the keystore are derived from true random numbers generated by the key module.
As shown in fig. 8, for a process of processing a key by a key filling system in an embodiment, the filling module obtains a first private key, the receiving module obtains a second private key, and the filling module and the receiving module negotiate to obtain a temporary key through the first private key and the second private key; the filling module and the key module establish a security channel for transmitting a first key through bidirectional security authentication of a public key infrastructure, the filling module sends a request message for acquiring the first key to the key module, the key module takes the generated true random number as a key and generates a key bank according to each key, the first key in the received request message is compared with the key in the key bank to acquire and output the first key; the filling module acquires the first secret key through the secure channel; the filling module copies the first key to obtain a second key, and encrypts the second key through the temporary key to obtain and output a third key; the receiving module decrypts the received third key through the temporary key to obtain a fourth key; the filling module verifies the first secret key and sends a first verification result to the receiving module, and the receiving module verifies the fourth secret key and compares a second verification result with the received first verification result to judge whether filling is correct. The key filling system fills the key, certain protection measures are taken in the key generation, acquisition and filling processes, the temporary key is obtained through the first private key and the second private key, the second key is encrypted through the temporary key to obtain the third key, the encrypted third key is transmitted, the situation that the third key is pushed back to be the second key due to the fact that the temporary key is stolen is effectively avoided, the second key is stolen and leaked, and the security guarantee of the key is improved.
For specific limitations of the key filling system, reference may be made to the above limitations of the key filling method, which are not described in detail herein. The above modules in the key filling may be implemented wholly or partially by software, hardware, and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 9. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a key filling method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
It will be appreciated by those skilled in the art that the structure shown in figure Y is a block diagram of only a portion of the structure associated with the present application, and is not intended to limit the scope of the application as such, and that a particular computing device may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program:
s1: acquiring a first private key and a second private key, and acquiring a temporary secret key according to the first private key and the second private key;
s2: acquiring a first key, copying the first key to obtain a second key, encrypting the second key through the temporary key to obtain and output a third key;
s3: receiving the third key, and decrypting the received third key through the temporary key to obtain a fourth key; wherein the first key is used to verify the fourth key.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
s11: acquiring prime numbers and primitive roots corresponding to the prime numbers;
s12: obtaining and sending a first public key according to the first private key, the prime number and the primitive root corresponding to the prime number, wherein the mathematical expression of obtaining the first public key is as follows:
A=g a mod p,
wherein, a is the first public key, a is the first private key, p is the prime number, and g is the primitive root corresponding to the prime number p;
s13: obtaining and sending a second public key according to the second private key, the prime number and the primitive root corresponding to the prime number, wherein the mathematical expression of obtaining the second public key is as follows:
B=g b mod p,
wherein, B is the first public key, B is the first private key, p is the prime number, and g is the primitive root corresponding to the prime number p;
s14: receiving the second public key, and obtaining a fifth secret key according to the second public key, the first private key and the prime number, wherein the mathematical expression of the fifth secret key is as follows:
K1=B a mod p,
wherein K1 is the fifth key, B is the second public key, a is the first private key, and p is the prime number;
s15: receiving the first public key, and obtaining a sixth secret key according to the first public key, the second private key and the prime number, wherein the mathematical expression of the sixth secret key is as follows:
K2=A b mod p,
wherein K2 is the sixth key, a is the first public key, b is the second private key, and p is the prime number;
wherein the temporary key comprises the fifth key and the sixth key, and the values of the fifth key and the sixth key are equal.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
the encrypting the second key by the temporary key to obtain and output a third key includes:
s21: converting the second key into a first matrix, converting the temporary key into a second matrix, and performing exclusive-or operation on the first matrix and the second matrix to obtain a third matrix;
s22: acquiring a byte substitution table, substituting bytes in the third matrix through the byte substitution table to map the third matrix to a fourth matrix, moving an Nth row of the fourth matrix to the left by N-1 bytes to obtain a fifth matrix, calculating a product of a preset matrix and the fifth matrix on a finite field to obtain a sixth matrix, expanding the second matrix to obtain a seventh matrix, and performing exclusive-or operation on the sixth matrix and the seventh matrix to obtain an eighth matrix;
s23: and replacing bytes in the eighth matrix through the byte replacement table so as to map the eighth matrix into a ninth matrix, moving the Nth row of the ninth matrix by N-1 bytes to the left to obtain a tenth matrix, expanding the seventh matrix to obtain an eleventh matrix, performing XOR operation on the tenth matrix and the eleventh matrix to obtain a ciphertext matrix, and obtaining and outputting the third key according to the ciphertext matrix.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
s41: verifying the first key to obtain a first verification result, verifying the fourth key to obtain a second verification result, comparing the first verification result with the second verification result, and judging whether the first verification result is the same as the second verification result,
s42: if yes, filling is correct;
s43: if not, the filling is wrong.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
the verifying the first key to obtain a first verification result, and the verifying the fourth key to obtain a second verification result include:
s411: performing hash operation on the temporary secret key and the first secret key to obtain a first message verification code, and outputting the first message verification code as the first verification result;
s412: and receiving the first verification result, performing hash operation on the temporary key and the fourth key to obtain a second message verification code, and taking the second message verification code as the second verification result.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
s201: establishing a secure channel for transmitting the first key through secure authentication of a public key infrastructure;
s202: sending a request message for acquiring the first key;
s203: receiving the request message, comparing a first key to be acquired in the request message with keys in a key bank, and acquiring and outputting the first key;
s204: and acquiring the first secret key through the secure channel.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
s2031: the keys in the keystore are derived from the generated true random numbers.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
s1: acquiring a first private key and a second private key, and acquiring a temporary secret key according to the first private key and the second private key;
s2: acquiring a first key, copying the first key to obtain a second key, encrypting the second key through the temporary key to obtain and output a third key;
s3: receiving the third key, and decrypting the received third key through the temporary key to obtain a fourth key; wherein the first key is used to verify the fourth key.
In one embodiment, the computer program when executed by the processor further performs the steps of:
s11: acquiring prime numbers and primitive roots corresponding to the prime numbers;
s12: obtaining and sending a first public key according to the first private key, the prime number and the primitive root corresponding to the prime number, wherein the mathematical expression of obtaining the first public key is as follows:
A=g a mod p,
wherein, a is the first public key, a is the first private key, p is the prime number, and g is the primitive root corresponding to the prime number p;
s13: obtaining and sending a second public key according to the second private key, the prime number and the primitive root corresponding to the prime number, wherein the mathematical expression of obtaining the second public key is as follows:
B=g b mod p,
wherein, B is the first public key, B is the first private key, p is the prime number, and g is the primitive root corresponding to the prime number p;
s14: receiving the second public key, and obtaining a fifth secret key according to the second public key, the first private key and the prime number, wherein the mathematical expression of the fifth secret key is as follows:
K1=B a mod p,
wherein K1 is the fifth key, B is the second public key, a is the first private key, and p is the prime number;
s15: receiving the first public key, and obtaining a sixth secret key according to the first public key, the second private key and the prime number, wherein the mathematical expression of the sixth secret key is as follows:
K2=A b mod p,
wherein K2 is the sixth key, a is the first public key, b is the second private key, and p is the prime number;
wherein the temporary key comprises the fifth key and the sixth key, and the values of the fifth key and the sixth key are equal.
In one embodiment, the computer program when executed by the processor further performs the steps of:
s21: converting the second key into a first matrix, converting the temporary key into a second matrix, and performing exclusive-or operation on the first matrix and the second matrix to obtain a third matrix;
s22: obtaining a byte substitution table, substituting bytes in the third matrix through the byte substitution table so as to map the third matrix into a fourth matrix, moving an Nth row of the fourth matrix to the left by N-1 bytes to obtain a fifth matrix, calculating a product of a preset matrix and the fifth matrix on a finite field to obtain a sixth matrix, expanding the second matrix to obtain a seventh matrix, and carrying out exclusive-or operation on the sixth matrix and the seventh matrix to obtain an eighth matrix;
s23: and replacing bytes in the eighth matrix through the byte replacement table so as to map the eighth matrix into a ninth matrix, moving the Nth row of the ninth matrix by N-1 bytes to the left to obtain a tenth matrix, expanding the seventh matrix to obtain an eleventh matrix, performing XOR operation on the tenth matrix and the eleventh matrix to obtain a ciphertext matrix, and obtaining and outputting the third key according to the ciphertext matrix.
The encrypting the second key by the temporary key to obtain and output a third key includes:
s21: converting the second key into a first matrix, converting the temporary key into a second matrix, and performing exclusive-or operation on the first matrix and the second matrix to obtain a third matrix;
s22: obtaining a byte substitution table, substituting bytes in the third matrix through the byte substitution table so as to map the third matrix into a fourth matrix, moving an Nth row of the fourth matrix to the left by N-1 bytes to obtain a fifth matrix, calculating a product of a preset matrix and the fifth matrix on a finite field to obtain a sixth matrix, expanding the second matrix to obtain a seventh matrix, and carrying out exclusive-or operation on the sixth matrix and the seventh matrix to obtain an eighth matrix;
s23: and replacing bytes in the eighth matrix through the byte replacement table so as to map the eighth matrix into a ninth matrix, moving the Nth row of the ninth matrix by N-1 bytes to the left to obtain a tenth matrix, expanding the seventh matrix to obtain an eleventh matrix, performing XOR operation on the tenth matrix and the eleventh matrix to obtain a ciphertext matrix, and obtaining and outputting the third key according to the ciphertext matrix.
In one embodiment, the computer program when executed by the processor further performs the steps of:
s41: verifying the first key to obtain a first verification result, verifying the fourth key to obtain a second verification result, comparing the first verification result with the second verification result, and judging whether the first verification result is the same as the second verification result,
s42: if yes, filling is correct;
s43: if not, the filling is wrong.
In one embodiment, the computer program when executed by the processor further performs the steps of:
s411: performing hash operation on the temporary secret key and the first secret key to obtain a first message verification code, and outputting the first message verification code as the first verification result;
s412: and receiving the first verification result, performing hash operation on the temporary key and the fourth key to obtain a second message verification code, and taking the second message verification code as the second verification result.
In one embodiment, the computer program when executed by the processor further performs the steps of:
s201: establishing a secure channel for transmitting the first key through secure authentication of a public key infrastructure;
s202: sending a request message for acquiring the first key;
s203: receiving the request message, comparing a first key to be acquired in the request message with keys in a key bank, and acquiring and outputting the first key;
s204: and acquiring the first secret key through the secure channel.
In one embodiment, the computer program when executed by the processor further performs the steps of:
s2031: the keys in the keystore are derived from the generated true random numbers.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A method of key filling, comprising:
acquiring a first private key and a second private key, and acquiring a temporary secret key according to the first private key and the second private key;
acquiring a first key, copying the first key to obtain a second key, encrypting the second key through the temporary key to obtain and output a third key;
receiving the third key, and decrypting the received third key through the temporary key to obtain a fourth key; wherein the first key is used to verify the fourth key.
2. The key filling method of claim 1, wherein obtaining the temporary key from the first private key and the second private key comprises:
acquiring prime numbers and primitive roots corresponding to the prime numbers;
obtaining and sending a first public key according to the first private key, the prime number and the primitive root corresponding to the prime number, wherein the mathematical expression of obtaining the first public key is as follows:
A=g a mod p,
wherein, A is the first public key, a is the first private key, p is the prime number, and g is the primitive root corresponding to the prime number p;
obtaining and sending a second public key according to the second private key, the prime number and the primitive root corresponding to the prime number, wherein the mathematical expression of obtaining the second public key is as follows:
B=g b mod p,
wherein, B is the first public key, B is the first private key, p is the prime number, and g is the primitive root corresponding to the prime number p;
receiving the second public key, and obtaining a fifth secret key according to the second public key, the first private key and the prime number, wherein the mathematical expression of the fifth secret key is as follows:
K1=B a mod p,
wherein K1 is the fifth key, B is the second public key, a is the first private key, and p is the prime number;
receiving the first public key, and obtaining a sixth secret key according to the first public key, the second private key and the prime number, wherein the mathematical expression of the sixth secret key is as follows:
K2=A b mod p,
wherein K2 is the sixth key, a is the first public key, b is the second private key, and p is the prime number;
wherein the temporary key comprises the fifth key and the sixth key, and the values of the fifth key and the sixth key are equal.
3. The key filling method of claim 1, wherein the encrypting the second key by the temporary key to obtain and output a third key comprises:
converting the second key into a first matrix, converting the temporary key into a second matrix, and performing exclusive-or operation on the first matrix and the second matrix to obtain a third matrix;
obtaining a byte substitution table, substituting bytes in the third matrix through the byte substitution table so as to map the third matrix into a fourth matrix, moving an Nth row of the fourth matrix to the left by N-1 bytes to obtain a fifth matrix, calculating a product of a preset matrix and the fifth matrix on a finite field to obtain a sixth matrix, expanding the second matrix to obtain a seventh matrix, and carrying out exclusive-or operation on the sixth matrix and the seventh matrix to obtain an eighth matrix;
and replacing bytes in the eighth matrix through the byte replacement table to map the eighth matrix to a ninth matrix, moving the Nth row of the ninth matrix by N-1 bytes to the left to obtain a tenth matrix, expanding the seventh matrix to obtain an eleventh matrix, performing exclusive-or operation on the tenth matrix and the eleventh matrix to obtain a ciphertext matrix, and obtaining and outputting the third key according to the ciphertext matrix.
4. The key filling method according to claim 1, further comprising:
verifying the first key to obtain a first verification result, verifying the fourth key to obtain a second verification result, comparing the first verification result with the second verification result, and judging whether the first verification result is the same as the second verification result,
if yes, filling is correct;
if not, the filling is wrong.
5. The key filling method according to claim 4, wherein the verifying the first key to obtain a first verification result and the verifying the fourth key to obtain a second verification result comprise:
performing hash operation on the temporary secret key and the first secret key to obtain a first message verification code, and outputting the first message verification code as the first verification result;
and receiving the first verification result, performing hash operation on the temporary key and the fourth key to obtain a second message verification code, and taking the second message verification code as the second verification result.
6. The key filling method according to claim 1, wherein the obtaining the first key comprises:
establishing a secure channel for transmitting the first key through secure authentication of a public key infrastructure;
sending a request message for acquiring the first key;
receiving the request message, comparing a first key to be acquired in the request message with keys in a key bank, and acquiring and outputting the first key;
and acquiring the first secret key through the secure channel.
7. The key filling method of claim 6, wherein the keys in the keystore are derived from generated true random numbers.
8. A key filling system, the system comprising a filling module and a receiving module, wherein:
the device comprises a filling module, a receiving module and a sending module, wherein the filling module is used for obtaining a first private key, the receiving module is used for obtaining a second private key, and the filling module and the receiving module obtain a temporary secret key according to the first private key and the second private key;
the filling module is further used for acquiring a first secret key, copying the first secret key to obtain a second secret key, encrypting the second secret key through the temporary secret key to obtain and output a third secret key;
the receiving module is further configured to receive the third key, and decrypt the received third key through the temporary key to obtain a fourth key; wherein the first key is used to verify the fourth key.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the method of any of claims 1 to 7 are implemented when the computer program is executed by the processor.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
CN202210349282.0A 2022-04-01 2022-04-01 Secret key filling method, system, computer equipment and storage medium Pending CN114900285A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210349282.0A CN114900285A (en) 2022-04-01 2022-04-01 Secret key filling method, system, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210349282.0A CN114900285A (en) 2022-04-01 2022-04-01 Secret key filling method, system, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114900285A true CN114900285A (en) 2022-08-12

Family

ID=82714867

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210349282.0A Pending CN114900285A (en) 2022-04-01 2022-04-01 Secret key filling method, system, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114900285A (en)

Similar Documents

Publication Publication Date Title
US6769060B1 (en) Method of bilateral identity authentication
US10057071B2 (en) Component for connecting to a data bus, and methods for implementing a cryptographic functionality in such a component
CN111147225A (en) Credible measurement and control network authentication method based on double secret values and chaotic encryption
EP3020158B1 (en) Key agreement device and method
CN110958219B (en) SM2 proxy re-encryption method and device for medical cloud shared data
US9787475B2 (en) Device, method, and program for message authentication tag generation
CN111294203B (en) Information transmission method
CN111404952B (en) Transformer substation data encryption transmission method and device, computer equipment and storage medium
CN114884716A (en) Encryption and decryption method, device and medium
CN109951276B (en) Embedded equipment remote identity authentication method based on TPM
CN113014380B (en) File data password management method and device, computer equipment and storage medium
WO2020155622A1 (en) Method, device and system for enhancing security of image data transmission, and storage medium
CN117318941B (en) Method, system, terminal and storage medium for distributing preset secret key based on in-car network
CN111460463B (en) Electronic certificate preserving and notarizing method, device, equipment and storage medium
CN115051849B (en) Digital judicial evidence-storing method, evidence-storing device and readable storage medium
CN115828290A (en) Encryption and decryption method and device based on distributed object storage
CN114189338B (en) SM9 key secure distribution and management system and method based on homomorphic encryption technology
CN114257402B (en) Encryption algorithm determining method, device, computer equipment and storage medium
CN114900285A (en) Secret key filling method, system, computer equipment and storage medium
CN108616351B (en) Full-dynamic encryption and decryption method and encryption and decryption device
CN102474413B (en) Private key compression
CN111431721A (en) IBE-based Internet of things equipment encryption method in intelligent medical environment
US11930117B2 (en) Method and apparatus for reversible tokenization with support for embeddable role-based access control
CN117201170B (en) Method for enhancing security of asymmetric encryption algorithm
CN117318986A (en) Data transmission method and system based on multiple encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination