CN114968935A - File operation method, device, equipment and readable storage medium - Google Patents

File operation method, device, equipment and readable storage medium Download PDF

Info

Publication number
CN114968935A
CN114968935A CN202210597415.6A CN202210597415A CN114968935A CN 114968935 A CN114968935 A CN 114968935A CN 202210597415 A CN202210597415 A CN 202210597415A CN 114968935 A CN114968935 A CN 114968935A
Authority
CN
China
Prior art keywords
file
key information
target file
encrypted
file directory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210597415.6A
Other languages
Chinese (zh)
Inventor
谢娜
付钰
徐宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CCB Finetech Co Ltd
Original Assignee
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CCB Finetech Co Ltd filed Critical CCB Finetech Co Ltd
Priority to CN202210597415.6A priority Critical patent/CN114968935A/en
Publication of CN114968935A publication Critical patent/CN114968935A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/11File system administration, e.g. details of archiving or snapshots
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Abstract

The present disclosure provides a file operation method, device, apparatus, and readable storage medium, which relate to information security technology, and include: receiving an operation request for operating the file in the target file directory; determining whether the file needs to be encrypted according to the target file directory and a preset path encryption table; wherein, the preset path encryption table is generated in advance based on the configuration operation of the user; if the file is determined to need to be encrypted, key information corresponding to the file is obtained; and responding to the operation request based on the key information. According to the scheme, the file encryption requirements of the user can be flexibly configured through the preset path encryption table, so that unnecessary resource waste is avoided; different secret key information can be generated for different files, and the security of file confidentiality is improved.

Description

File operation method, device, equipment and readable storage medium
Technical Field
The present disclosure relates to information security technologies, and in particular, to a file operating method, apparatus, device, and readable storage medium.
Background
At present, with the development of mobile internet, how to ensure that various privacy files and data are not leaked is a problem which needs to be solved urgently. The transparent encryption technology is developed according to the requirement of file confidentiality.
In the prior art, the general process of the transparent encryption technology is as follows: an encryption disk is created through a transparent encryption file system, and a key required by encryption is stored through modes of configuration or command line parameters and the like. And mounting the encryption disc to a certain directory to provide service. When the application program reads and writes all files in the directory and the sub-directories, the transparent encrypted file system performs corresponding encryption and decryption operations through the encryption key.
However, the above method causes a certain waste of resources, and the security of file confidentiality is not good enough.
Disclosure of Invention
The disclosure provides a file operation method, a device, equipment and a readable storage medium, which are used for improving the resource utilization rate and improving the security of file confidentiality.
According to a first aspect of the present disclosure, there is provided a file operation method, including:
receiving an operation request for operating the file in the target file directory;
determining whether the file needs to be encrypted according to the target file directory and a preset path encryption table; wherein the preset path encryption table is generated in advance based on configuration operation of a user;
if the file is determined to need to be encrypted, key information corresponding to the file is obtained;
responding to the operation request based on the key information.
According to a second aspect of the present disclosure, there is provided a file operating apparatus including:
the receiving unit is used for receiving an operation request for operating the files in the target file directory;
the determining unit is used for determining whether the file needs to be encrypted according to the target file directory and a preset path encryption table; wherein the preset path encryption table is generated in advance based on configuration operation of a user;
the response unit is used for acquiring key information corresponding to the file if the file is determined to need to be encrypted;
a response unit, further configured to respond to the operation request based on the key information.
According to a third aspect of the present disclosure, there is provided an electronic device comprising a memory and a processor; wherein the content of the first and second substances,
the memory for storing a computer program;
the processor is configured to read the computer program stored in the memory, and execute the file operation method according to the computer program in the memory.
According to a fourth aspect of the present disclosure, there is provided a computer-readable storage medium having stored therein computer-executable instructions that, when executed by a processor, implement the file manipulation method according to the first aspect.
According to a fifth aspect of the present disclosure, there is provided a computer program product comprising a computer program which, when executed by a processor, implements the file manipulation method of the first aspect.
The file operation method, device, equipment and readable storage medium provided by the disclosure comprise the following steps: receiving an operation request for operating the file in the target file directory; determining whether the file needs to be encrypted according to the target file directory and a preset path encryption table; wherein, the preset path encryption table is generated in advance based on the configuration operation of the user; if the file is determined to need to be encrypted, key information corresponding to the file is obtained; and responding to the operation request based on the key information. The method provided by the scheme can flexibly configure the file encryption requirements of the user through the preset path encryption table, thereby avoiding unnecessary resource waste; different secret key information can be generated for different files, and the security of file confidentiality is improved.
Drawings
FIG. 1 is a schematic flow chart diagram illustrating a file manipulation method according to an exemplary embodiment of the present disclosure;
FIG. 2 is a schematic flow chart diagram illustrating a file manipulation method according to another exemplary embodiment of the present disclosure;
FIG. 3 is a schematic diagram illustrating a file operation process according to an exemplary embodiment of the present disclosure;
FIG. 4 is a block diagram of a file manipulation device according to an exemplary embodiment of the present disclosure;
fig. 5 is a block diagram of an electronic device shown in an exemplary embodiment of the present disclosure.
Detailed Description
At present, with the development of mobile internet, how to ensure that various privacy files and data are not leaked is a problem which needs to be solved urgently. The transparent encryption technology is developed according to the requirement of file confidentiality.
File system refers to the methods and data structures used by an operating system to specify files on a storage device or partition; i.e. a method of organizing files on a storage device. The software mechanism in the operating system that is responsible for managing and storing file information is called a file management system, referred to as a file system for short.
Data encryption means that plaintext is converted into ciphertext through an encryption algorithm and an encryption key; decryption is to recover the ciphertext into plaintext through a decryption algorithm and a decryption key.
Transparent in transparent encryption means that it is not perceptible to the user. When a user opens or edits a file, the system automatically encrypts the unencrypted file and automatically decrypts the encrypted file. The file is ciphertext on the file system and plaintext in the memory. Once the application program leaves the use environment, the application program cannot be opened because the application program cannot be automatically decrypted, thereby protecting the content of the file.
In the prior art, the general process of the transparent encryption technology is as follows: an encryption disk is created through a transparent encryption file system, and a key required by encryption is stored through modes of configuration or command line parameters and the like. And mounting the encryption disc to a certain directory to provide service. When the application program reads and writes all the files in the directory and the subdirectories, the transparent encrypted file system performs corresponding encryption and decryption operations through the encryption key.
However, the above method encrypts and decrypts the read-write operation on the whole encryption disc, and encrypts files that do not need to be encrypted, so that flexible configuration cannot be performed according to the file encryption requirements of users, and some unnecessary resource waste is generated; meanwhile, for different files, the same key is used, and the security of file confidentiality is relatively deficient.
In order to solve the technical problem, in the scheme provided by the disclosure, the file encryption requirements of a user can be flexibly configured through a preset path encryption table, so that unnecessary resource waste is avoided; different secret key information can be generated for different files, and the security of file confidentiality is improved.
Fig. 1 is a flowchart illustrating a file operation method according to an exemplary embodiment of the present disclosure.
As shown in fig. 1, the file operation method provided in this embodiment includes:
step 101, receiving an operation request for operating a file in a target file directory.
The method provided by the present disclosure may be executed by an electronic device with computing capability, such as a computer. The electronic device is capable of receiving an operation request for operating on a file in a target file directory.
Specifically, the operation request includes a write request and a read request. The operation request includes a target file directory. If the operation request is a write request, the write request may be used to indicate that the file is written into the target file directory; if the operation request is a read request, the read request may be used to instruct to read a file in the target file directory.
The target file directory may be, for example: user/local/encrypt.
Step 102, determining whether the file needs to be encrypted according to a target file directory and a preset path encryption table; wherein the preset path encryption table is generated in advance based on a configuration operation of a user.
The preset path encryption table may include paths that need to be encrypted and paths that do not need to be encrypted.
Specifically, an Application Programming Interface (API) may be preset in the electronic device, and is used for operations such as adding, deleting, and modifying the encryption path.
Specifically, the target file directory may be compared with a path in the preset path encryption table, and whether the file needs to be encrypted is determined according to a comparison result. For example, if the target file directory is in a path that requires encryption but not in a path that does not require encryption, it may be determined that the file requires encryption.
Specifically, if it is determined that the file needs to be encrypted, the file needs to be encrypted both during read operation and during write operation. On the other hand, if it is determined that the file does not need to be encrypted, the file does not need to be encrypted during both read and write operations.
Step 103, if it is determined that the file needs to be encrypted, key information corresponding to the file is obtained.
The key information includes information that can decrypt (in a read operation) or encrypt (in a write operation) a file.
Specifically, the document and the key information have a corresponding relationship. Different files may be configured with different key information.
Specifically, key information corresponding to the file may be acquired from the loaded information.
Further, if the file is determined not to need to be encrypted, the file is operated according to the operation request.
And step 104, responding to the operation request based on the key information.
The operation request may include a read request and a write request.
If the operation request is a read request, decompressing the file in the target file directory included in the read request based on the key information, and reading the decompressed file;
if the operation request is a write request, the file may be encrypted based on the key information, and the encrypted file may be written in the target file directory included in the write request.
The file operation method provided by the present disclosure includes: receiving an operation request for operating the file in the target file directory; determining whether the file needs to be encrypted or not according to the target file directory and a preset path encryption table; wherein, the preset path encryption table is generated in advance based on the configuration operation of the user; if the file is determined to need to be encrypted, key information corresponding to the file is obtained; and responding to the operation request based on the key information. According to the method, the file encryption requirements of the user can be flexibly configured through the preset path encryption table, and unnecessary resource waste is avoided; different secret key information can be generated for different files, and the security of file confidentiality is improved.
Fig. 2 is a flowchart illustrating a file operation method according to another exemplary embodiment of the present disclosure.
As shown in fig. 2, the file operation method provided in this embodiment includes:
step 201, an operation request for operating a file in a target file directory is received.
Specifically, the principle and implementation of step 201 are similar to those of step 101, and are not described again.
Step 202, a preset path encryption table comprises a first path needing to be encrypted and a second path not needing to be encrypted; comparing the target file directory with the first path and the second path to obtain a comparison result; wherein the preset path encryption table is generated in advance based on a configuration operation of a user.
Specifically, for example, the first path includes: user/local/encrypt;
the second path includes: user/local/encrypt/exception _ dir;
if the target file directory is: 1,/user/local/encrypt/data;
comparing the target file directory with the first path and the second path to obtain a comparison result: the target file directory is in the first path.
Step 203, according to the comparison result, determining whether the file needs to be encrypted.
Specifically, step 203 may be followed by step 204A, or step 204B.
Specifically, if the comparison result shows that the target file directory is in the first path, determining that the file needs to be encrypted; if the comparison result shows that the target file directory is in the second path, determining that the file does not need to be encrypted; and if the comparison result shows that the target file directory is not in the preset path encryption table, determining that the file does not need to be encrypted.
In one implementation, if the target file directory is not in the preset path encryption table, determining that the file does not need to be encrypted;
for example, the first path includes: user/local/encrypt; the second path includes: user/local/encrypt/exception _ dir; if the target file directory is: /user/local/out/data 1; comparing the target file directory with the first path and the second path to obtain a comparison result: the target file directory is not in the preset path encryption table; it is determined that the file does not require encryption.
If the target file directory is in the second path, determining that the file does not need to be encrypted;
for example, the first path includes: user/local/encrypt; the second path includes: user/local/encrypt/exception _ dir; if the target file directory is: user/local/encryption/exclusion _ dir/data 2; comparing the target file directory with the first path and the second path to obtain a comparison result: the target file directory is under the second path; it is determined that the file does not need to be encrypted.
If the target file directory is under the first path and the target file directory is not under the second path, determining that the file needs to be encrypted.
For example, the first path includes: user/local/encrypt; the second path includes: user/local/encrypt/exception _ dir; if the target file directory is: user/local/encrypt/sub _ dir _1/data 1; comparing the target file directory with the first path and the second path to obtain a comparison result: the target file directory is under the first path, and the target file directory is not under the second path; it is determined that the file needs to be encrypted.
In step 204A, if it is determined that the file does not need to be encrypted, the file is operated according to the operation request.
If the operation request is a read request, reading a file in a target file directory included in the read request according to the read request;
if the operation request is a write request, the file may be written into a target file directory included in the write request according to the write request.
In step 204B, if it is determined that the file needs to be encrypted, it is determined whether key information of a target file directory for storing the file is loaded.
Specifically, after step 204B, step 205A, or step 205B, may be performed.
The key information includes information that can decrypt (in a read operation) or encrypt (in a write operation) the file.
Specifically, the document and the key information have a corresponding relationship. Different files may be configured with different key information.
In step 205A, if the key information is loaded, the key information of the target file directory is obtained.
Specifically, key information corresponding to the file may be acquired from the loaded information.
In step 205B, if the key information is not loaded, the database is queried for a first key of a target file directory for storing files.
Specifically, after step 205B, step 206A, or step 206B may be performed.
The first key is generated in advance based on configuration operation of a user. The first secret key may be stored in a database.
Specifically, different target file directories may be configured with different first keys.
In step 206A, if the first key of the target file directory exists in the database, a key generation request for generating key information of the first key is sent to the key management system.
Specifically, a key management system may be preset to provide key generation and saving, recovery, revocation, management, and service. The first secret key may be input to a key management system to generate key information.
Step 207, receiving the key information corresponding to the target file directory sent by the key management system.
The key generation request comprises a first key. The key management system may generate key information of the first key based on the received key generation request.
Specifically, the key management system may transmit the generated key information to the electronic device. The electronic device may receive key information corresponding to the target file directory sent by the key management system.
Step 208, the key information is loaded, and the key information of the loaded target file directory is obtained.
Specifically, after step 208, step 211 may be performed.
Specifically, the key information may be loaded first, and then the key information of the loaded target file directory is obtained from the loaded information.
In step 206B, if the first key of the target file directory does not exist in the database, a key generation request for generating key information for the target file directory is sent to the key management system.
Specifically, the key generation request at this time does not include the first key. After receiving the key generation request without the first key, the key management system can control to pop up a dialog box for the user to configure the first key. After the user configures the first key, the key management system may obtain the first key. And generating key information of the first key according to the first secret key.
Step 209, receiving the first secret key and the key information corresponding to the target file directory sent by the key management system, and storing the first secret key and the key information in the database.
Specifically, the key management system may send the first key and the generated key information to the electronic device. The electronic device may receive the first key and the key information sent by the key management system, and store the first key and the key information in the database.
Step 210, loading the key information, and obtaining the key information of the loaded target file directory.
Specifically, the key information may be loaded first, and then the key information of the loaded target file directory is obtained from the loaded information.
Step 211, responding to the operation request based on the key information.
Specifically, the operation request includes a read request and a write request, and the operation request may be responded based on the key information.
In an implementation manner, if the operation request includes a read request, decrypting a file corresponding to a target file directory included in the read request according to key information to obtain a decrypted file; and reads the decrypted file.
If the operation request is a read request, the content stored in the target file directory can be read according to the size of the file block included in the read request, and the content is returned after being decrypted according to the key information.
For example: the file block size is 4096 bytes, file a is read by the user offset by 100 bytes and size is 200 bytes, then the file system loads the encrypted data from the location offset by 0 bytes and the load size is 4096 bytes. And after the loading is finished, decrypting the data through the key information, and after the decryption is finished, returning the data with the offset of 100 bytes and the length of 200 bytes.
Another example is: the file block size is 4096 bytes, file B is read by the user with an offset of 5000 bytes and a size of 6000 bytes, then the file system loads data from the offset of 4096 bytes and the load size is bytes. And after the loading is finished, decrypting the data through the key information, after the decryption is finished, returning the data from the position with the offset of 4 bytes, returning the data with the length of 4092 bytes, if the residual 1908 bytes of data need to be returned, continuing to load the next file block, namely the data with the offset of 8192 bytes and the length of 4096 bytes, and returning the data with the length of 1908 bytes after the decryption.
In an implementation manner, if the operation request includes a write request, encrypting a file included in the write request according to key information to obtain an encrypted file; and writes the encrypted file to the target file directory included in the write request.
If the operation request is a write request, the write request content of the user can be encrypted based on the key information according to the file block size, and stored in the target file directory.
For example: the file block size is 4096 bytes, the user writes file C with an offset of 100 bytes and a size of 200 bytes, then the file system loads the encrypted data from the location with an offset of 0 bytes, and the load size is 4096 bytes. And after the loading is finished, decrypting through the key information, writing data with the length of 100 bytes and 200 bytes in offset after the decryption is finished, encrypting the current file block, writing the encrypted data back to the file block with the length of 4096 bytes in offset 0 bytes.
Fig. 3 is a schematic diagram illustrating a file operation process according to an exemplary embodiment of the disclosure.
As shown in fig. 3, the preset path encryption table may be first configured through the API.
Receiving a file operation request; and then judging whether the file needs to be encrypted or not according to a target file directory and a preset path encryption table included in the operation request.
And responding to the operation request if the file does not need to be encrypted.
If the file is determined to need to be encrypted, then it is determined whether key information is loaded.
And if the key information is determined to be loaded, responding to the operation request according to the key information.
If the fact that the key information is not loaded is determined, whether the first key information exists or not is inquired in a database, a key generation request is sent to a key management system according to an inquiry result, the generated key information is received and loaded, and finally the operation request is responded according to the key information.
Fig. 4 is a block diagram illustrating a file operating apparatus according to an exemplary embodiment of the present disclosure.
As shown in fig. 4, the present disclosure provides a file operating apparatus 400 including:
a receiving unit 410, configured to receive an operation request for operating a file in a target file directory;
a determining unit 420, configured to determine whether the file needs to be encrypted according to the target file directory and the preset path encryption table; wherein, the preset path encryption table is generated in advance based on the configuration operation of the user;
a response unit 430, configured to obtain key information corresponding to the file if it is determined that the file needs to be encrypted;
the response unit 430 is further configured to respond to the operation request based on the key information.
The determining unit 420 is specifically configured to compare the target file directory with the first path and the second path to obtain a comparison result; the preset path encryption table comprises a first path needing to be encrypted and a second path not needing to be encrypted;
and determining whether the file needs to be encrypted according to the comparison result.
A determining unit 420, configured to determine that the file does not need to be encrypted if the target file directory is not in the preset path encryption table;
if the target file directory is in the second path, determining that the file does not need to be encrypted;
and if the target file directory is under the first path and the target file directory is not under the second path, determining that the file needs to be encrypted.
The response unit 430 is further configured to, if it is determined that the file does not need to be encrypted, operate the file according to the operation request.
A response unit 430, specifically configured to determine whether key information of a target file directory for storing a file is loaded;
and if the key information is loaded, acquiring the key information of the target file directory.
A response unit 430, configured to, if the key information is not loaded, query the database for a first key of a target file directory for storing the file;
if the first secret key of the target file directory exists in the database, sending a secret key generation request for generating secret key information of the first secret key to a secret key management system;
receiving key information which is sent by a key management system and corresponds to a target file directory;
and loading the key information and acquiring the key information of the loaded target file directory.
A response unit 430, configured to specifically send, to the key management system, a key generation request for generating key information for the target file directory if the first key of the target file directory does not exist in the database;
receiving a first secret key and secret key information which are sent by a secret key management system and correspond to a target file directory, and storing the first secret key and the secret key information in a database;
and loading the key information and acquiring the key information of the loaded target file directory.
A response unit 430, specifically configured to send an operation request including a read request; decrypting the file corresponding to the target file directory included in the reading request according to the secret key information to obtain a decrypted file; and reads the decrypted file.
A response unit 430, specifically configured to enable the operation request to include a write request; encrypting the file included in the write request according to the secret key information to obtain an encrypted file; and writes the encrypted file to the target file directory included in the write request.
Fig. 5 is a block diagram of an electronic device shown in an exemplary embodiment of the present disclosure.
As shown in fig. 5, the electronic device provided in this embodiment includes:
a memory 501;
a processor 502; and
a computer program;
wherein the computer program is stored in the memory 501 and configured to be executed by the processor 502 to implement any of the file manipulation methods as described above.
The present embodiment also provides a computer-readable storage medium having a computer program stored thereon, the computer program being executed by a processor to implement any of the above file operating methods.
The present embodiment also provides a computer program product, which includes a computer program, and when the computer program is executed by a processor, the computer program implements any one of the file operation methods described above.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (13)

1. A method of file manipulation, the method comprising:
receiving an operation request for operating the file in the target file directory;
determining whether the file needs to be encrypted according to the target file directory and a preset path encryption table; wherein the preset path encryption table is generated in advance based on configuration operation of a user;
if the file is determined to need to be encrypted, key information corresponding to the file is obtained;
responding to the operation request based on the key information.
2. The method according to claim 1, wherein the preset path encryption table comprises a first path requiring encryption and a second path not requiring encryption;
the determining whether the file needs to be encrypted according to the target file directory and a preset path encryption table comprises:
comparing the target file directory with the first path and the second path to obtain a comparison result;
and determining whether the file needs to be encrypted according to the comparison result.
3. The method according to claim 2, wherein the determining whether the file needs to be encrypted according to the comparison result comprises:
if the target file directory is not in the preset path encryption table, determining that the file does not need to be encrypted;
if the target file directory is in the second path, determining that the file does not need to be encrypted;
and if the target file directory is under the first path and the target file directory is not under the second path, determining that the file needs to be encrypted.
4. The method according to any one of claims 1 to 3, wherein if it is determined that the file does not require encryption, operating on the file according to the operation request.
5. The method of claim 1, wherein obtaining key information corresponding to the file comprises:
determining whether key information for the target file directory for storing the file is loaded;
and if the key information is loaded, acquiring the key information of the target file directory.
6. The method of claim 5, wherein if the key information is not loaded, the method further comprises: querying a database for a first key of the target file directory for storing the file;
if the first secret key of the target file directory exists in the database, sending a secret key generation request for generating secret key information of the first secret key to a secret key management system;
receiving key information which is sent by the key management system and corresponds to the target file directory;
and loading the key information and acquiring the key information of the loaded target file directory.
7. The method of claim 6, wherein if the first key for the target file directory does not exist in the database, the method further comprises:
sending a key generation request for generating key information for the target file directory to a key management system;
receiving a first secret key and secret key information which are sent by the secret key management system and correspond to the target file directory, and storing the first secret key and the secret key information in the database;
and loading the key information and acquiring the key information of the loaded target file directory.
8. The method of claim 1, wherein the operation request comprises a read request;
the responding to the operation request based on the encryption key comprises:
decrypting the file corresponding to the target file directory included in the reading request according to the secret key information to obtain a decrypted file; and reads the decrypted file.
9. The method of claim 1, wherein the operation request comprises a write request;
the responding to the operation request based on the encryption key comprises:
encrypting the file included in the write request according to the secret key information to obtain an encrypted file; and writing the encrypted file into a target file directory included in the write request.
10. A file handling apparatus, the apparatus comprising:
the receiving unit is used for receiving an operation request for operating the files in the target file directory;
the determining unit is used for determining whether the file needs to be encrypted according to the target file directory and a preset path encryption table; wherein the preset path encryption table is generated in advance based on configuration operation of a user;
the response unit is used for acquiring key information corresponding to the file if the file is determined to need to be encrypted;
a response unit, further configured to respond to the operation request based on the key information.
11. An electronic device comprising a memory and a processor; wherein the content of the first and second substances,
the memory for storing a computer program;
the processor is configured to read the computer program stored in the memory and execute the method of any one of claims 1 to 9 according to the computer program in the memory.
12. A computer-readable storage medium having computer-executable instructions stored thereon which, when executed by a processor, implement the method of any one of claims 1-9.
13. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, carries out the method of any one of the preceding claims 1-9.
CN202210597415.6A 2022-05-30 2022-05-30 File operation method, device, equipment and readable storage medium Pending CN114968935A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210597415.6A CN114968935A (en) 2022-05-30 2022-05-30 File operation method, device, equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210597415.6A CN114968935A (en) 2022-05-30 2022-05-30 File operation method, device, equipment and readable storage medium

Publications (1)

Publication Number Publication Date
CN114968935A true CN114968935A (en) 2022-08-30

Family

ID=82957521

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210597415.6A Pending CN114968935A (en) 2022-05-30 2022-05-30 File operation method, device, equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN114968935A (en)

Similar Documents

Publication Publication Date Title
CN102945355B (en) Fast Data Encipherment strategy based on sector map is deferred to
US8352751B2 (en) Encryption program operation management system and program
CN102855452B (en) Fast Data Encipherment strategy based on encryption chunk is deferred to
US20080104417A1 (en) System and method for file encryption and decryption
EP2528004A1 (en) Secure removable media and method for managing the same
US20100217977A1 (en) Systems and methods of security for an object based storage device
US8595493B2 (en) Multi-phase storage volume transformation
US8245006B2 (en) Data storage device and data management method
EP2722787A1 (en) Method and apparatus for writing and reading encrypted hard disk data
CN104967591A (en) Cloud storage data read-write method and device, and read-write control method and device
KR20210078437A (en) System, apparatus, and method for secure deduplication
CN111399770B (en) Data storage mode conversion method, device and storage medium
CN110650191A (en) Data read-write method of distributed storage system
JP2022103117A (en) Method and facility for storing encrypted data
JP2007108833A (en) Device for storing a plurality of passwords and password management method
JPWO2007142072A1 (en) Terminal apparatus and data management system provided with the same
CN101183410A (en) Method and apparatus for sharing content of DRM
CN103516722A (en) Subscriber stage file automatic encryption and decryption method and device
US20050071662A1 (en) Method of managing file structure in memory card and its related technology
KR100859651B1 (en) Storage medium of recording data structure for storing variable size data, method of storing variable size data, and computer-readable storage medium of storing program for executing method of storing variable size data
CN113326526B (en) Data access method, device, equipment and storage medium
CN114968935A (en) File operation method, device, equipment and readable storage medium
US20220239471A1 (en) Encrypted data storage system
US20230222238A1 (en) Management apparatus, control method, computer readable medium, and access control system
JP5618583B2 (en) E-mail processing program, e-mail processing apparatus, and e-mail processing method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination