CN115037462A - Search server starting method and device, electronic equipment and storage medium - Google Patents
Search server starting method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115037462A CN115037462A CN202210609973.XA CN202210609973A CN115037462A CN 115037462 A CN115037462 A CN 115037462A CN 202210609973 A CN202210609973 A CN 202210609973A CN 115037462 A CN115037462 A CN 115037462A
- Authority
- CN
- China
- Prior art keywords
- search server
- configuration item
- private key
- ciphertext
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000004891 communication Methods 0.000 claims abstract description 73
- 230000000977 initiatory effect Effects 0.000 claims description 4
- 238000013507 mapping Methods 0.000 claims description 4
- 230000004913 activation Effects 0.000 claims 1
- 230000008569 process Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 235000006719 Cassia obtusifolia Nutrition 0.000 description 3
- 235000014552 Cassia tora Nutrition 0.000 description 3
- 244000201986 Cassia tora Species 0.000 description 3
- 238000004590 computer program Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 239000000463 material Substances 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a method and a device for starting a search server, electronic equipment and a storage medium. The method comprises the following steps: acquiring a preset encryption password and a password configuration item ciphertext after encrypting a private key of a secure communication certificate of a search server; decrypting the cipher configuration item ciphertext according to the preset encryption cipher and the cipher configuration item, and acquiring a starting configuration item of the private key of the search server secure communication certificate; and decrypting the private key ciphertext of the secure communication certificate of the search server according to the starting configuration item, and determining a plaintext private key to start the search server. By adopting the technical scheme of the embodiment of the invention, the security rule that the configuration file does not contain any plaintext password configuration item is satisfied, and even if the configuration file is leaked, an attacker cannot crack the secure communication certificate to obtain the access authority of the search server cluster.
Description
Technical Field
The embodiment of the invention relates to the technical field of data security, in particular to a method and a device for starting a search server, electronic equipment and a storage medium.
Background
The security enforcement of the elastic search is realized by using an X-Pack plug-in which is expanded according to the elastic search security. The user name and the password can be configured for the elasticsearch cluster through the X-pack, the communication protocol https is set, and the communication certificate is configured. Therefore, the elastic search is ensured to use the control with the authority to provide services for the outside in the secure channel.
The X-Pack provides a secure communication certificate, the private key of the certificate is encrypted, but the password for encrypting the private key of the certificate must be specified in a configuration item, and the password can only be encrypted by using a default encryption algorithm in an open source framework, and the requirement of autonomous security control of encryption is not met.
Therefore, how to strengthen the password security of the private key of the encrypted certificate is a technical problem to be solved urgently by those skilled in the art.
Disclosure of Invention
The embodiment of the invention provides a method and a device for starting a search server, electronic equipment and a storage medium, which are used for encrypting all passwords in a configuration file of a search server cluster, so that the security mechanism of the search server cluster is assaulted.
In a first aspect, an embodiment of the present invention provides a method for starting a search server, including:
acquiring a preset encryption password and a password configuration item ciphertext after encrypting a private key of a secure communication certificate of a search server;
decrypting the cipher configuration item ciphertext according to the preset encryption cipher and the cipher configuration item, and acquiring a starting configuration item of the private key of the search server secure communication certificate;
and decrypting the private key ciphertext of the secure communication certificate of the search server according to the starting configuration item, and determining a plaintext private key to start the search server.
In a second aspect, an embodiment of the present invention further provides a search server startup device, including:
the password configuration item ciphertext acquisition module is used for acquiring a preset encrypted password and a password configuration item ciphertext after the private key of the secure communication certificate of the search server is encrypted;
the starting configuration item acquisition module is used for decrypting the cipher configuration item ciphertext according to the preset encryption password and the cipher configuration item and acquiring a starting configuration item of the private key of the search server secure communication certificate;
and the search server starting module is used for decrypting the private key ciphertext of the secure communication certificate of the search server according to the starting configuration item and determining a plaintext private key to start the search server.
In a third aspect, an embodiment of the present invention further provides an electronic device, where the electronic device includes:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement a search server initiation method according to any embodiment of the present invention.
In a fourth aspect, the embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the search server starting method according to any embodiment of the present invention.
The embodiment of the invention provides a method and a device for starting a search server, electronic equipment and a storage medium, wherein a preset encrypted password and a password configuration item ciphertext after a private key of a secure communication certificate of the search server is encrypted are obtained; decrypting the cipher configuration item ciphertext according to the preset encryption cipher and the cipher configuration item, and acquiring a starting configuration item of the private key of the search server secure communication certificate; and decrypting the private key ciphertext of the secure communication certificate of the search server according to the starting configuration item, and determining a plaintext private key to start the search server. By adopting the technical scheme of the embodiment of the invention, the password of the private key of the encrypted certificate is encrypted, and the safety rule that the configuration file does not contain any plaintext password configuration item is met; even if the configuration file is leaked, an attacker cannot crack the secure communication certificate to obtain the access authority of the search server cluster.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a flowchart of a method for starting a search server according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart diagram of another search server startup method provided in an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a search server startup device according to a second embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device according to a third embodiment of the present application.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the operations (or steps) as a sequential process, many of the operations (or steps) can be performed in parallel, concurrently or simultaneously. In addition, the order of the operations may be re-arranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.
Example one
Fig. 1 is a flowchart of a method for starting a search server according to an embodiment of the present invention, where this embodiment is applicable to a case of starting a search server, and the method of this embodiment may be executed by a search server starting apparatus, and the apparatus may be implemented in a hardware and/or software manner. The apparatus may be configured in a search server initiated server. The method specifically comprises the following steps:
s110, acquiring a preset encryption password and a password configuration item ciphertext after encrypting the private key of the secure communication certificate of the search server.
Here, the search server (ES) may refer to a Lucene-based search server. The search server provides a distributed multi-user capable full-text search engine. The search server is used for carrying out security reinforcement through a security expansion plug-in X-Pack, a private key of a security communication certificate provided by the X-Pack is encrypted, but a password for encrypting the private key of the certificate is required to be specified in a configuration item, and the password can be encrypted only by using a default encryption algorithm in an open source framework and does not meet the requirement of independent security and controllability of encryption. Therefore, all passwords in the configuration file of the search server cluster need to be encrypted, so that the security mechanism of the search server cluster is assiduously feasible.
Optionally, before obtaining the preset encrypted password and the password configuration item ciphertext after encrypting the private key of the secure communication certificate of the search server, the method includes:
in the initialization stage, encrypting the secure communication certificate of the search server to generate a private key ciphertext of the secure communication certificate of the search server, and writing the encrypted private key ciphertext into a starting configuration item;
and encrypting the starting configuration item by adopting a preset encryption program to generate a password configuration item ciphertext.
In an alternative scheme in the embodiment of the present invention, the private key of the secure communication certificate of the search server is encrypted by using an encryption algorithm to generate a private key ciphertext of the secure communication certificate of the search server, and the encrypted private key is written into the start configuration item code. Wherein, the encryption algorithm includes, but is not limited to, the national secret SM4 and the national secret SM 3.
Optionally, the encrypting the startup configuration item by using the preset encryption program to generate the password configuration item ciphertext includes:
encrypting the starting configuration item by adopting a preset encryption program, and writing an encrypted key into the preset encryption program;
and encrypting the text file generated by the preset encryption program.
The starting configuration item for storing the search server security communication certificate secret key is encrypted by adopting a preset encryption algorithm to generate a password configuration item, so that a plaintext password is not used in a configuration file for storing the search server security communication certificate secret key any more, and the security of the search server cluster is ensured.
When the search server is used, the password configuration item and the boot configuration item need to be decrypted first, and then the decrypted password configuration item and boot configuration item are loaded into the JVM. The decryption of the password configuration item and the startup configuration item may be performed by hardware or software, and is not limited in the embodiment of the present invention.
Optionally, the obtaining of the preset encryption password and the password configuration item ciphertext after encrypting the private key of the secure communication certificate of the search server includes:
acquiring a text file comprising the preset encryption password, and analyzing the text file to acquire the preset encryption password after the private key of the search server secure communication certificate is encrypted;
and mapping the configuration items in the text file, and determining a cipher configuration item cipher text after the search server secure communication certificate private key is encrypted.
In an alternative scheme of the embodiment of the invention, an elastic search. yml file below the specified path is loaded by presetting a java program, the loading meaning is to decrypt a private key of the secure communication certificate of the search server, and then start a starting program of the elastic search according to the decrypted private key. Acquiring a path [/data/elastic search/config/elastic search.yml ] of the elastic search.yml, analyzing a configuration file by using a snakeyaml, and introducing a dependency in a pom.xml file;
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
</dependency>
and then defining a JavaBean component corresponding to the configuration item, wherein the JavaBean component corresponding to the configuration item comprises but is not limited to all configuration items in the elastic search.yml, and mapping the configuration items of the elastic search.yml into the JavaBean component so as to determine a cipher configuration item ciphertext after the search server secure communication certificate private key is encrypted.
According to the technical scheme, the acquisition, storage, use, processing and the like of the search server storage information and the search server security communication certificate private key accord with relevant regulations of national laws and regulations.
S120, decrypting the cipher configuration item ciphertext according to the preset encryption cipher and the cipher configuration item, and acquiring a starting configuration item of the search server secure communication certificate private key.
Wherein, the ciphertext refers to that the plaintext acts through an encryption algorithm, and the acted characters are called ciphertext; for the ciphertext, if the plaintext is desired to be obtained, the plaintext is required to be recovered by decrypting through a decryption algorithm corresponding to the encryption algorithm. For example, the starting configuration item is encrypted by a symmetric encryption algorithm SM4 to generate a cipher configuration item ciphertext; if the plaintext of the password configuration item is desired to obtain the starting configuration item, a symmetric decryption algorithm SM4 needs to be used to obtain the plaintext of the password configuration item, so as to obtain the starting configuration item of the private key of the search server secure communication certificate.
S130, decrypting the private key ciphertext of the secure communication certificate of the search server according to the starting configuration item, and determining a plaintext private key to start the search server.
The plaintext private key of the search server secure communication certificate is stored in the starting configuration item, the configuration file is read, the plaintext private key of the search server secure communication certificate is obtained through a decryption algorithm, a default starting program is called, and the defect that the default starting program can only be started through the plaintext private key is overcome.
Starting the node of the elasticsearch by calling a starting command of the elasticsearch, wherein the starting process of the elasticsearch comprises the following steps:
parsing the configuration, including but not limited to configuration files and command line parameters;
checking an external environment and an internal environment; for example, the JVM version and operating system kernel parameters, etc.;
initializing internal resources, creating an internal module and initializing a detector;
and starting each submodule and keepalive thread.
Analyzing the configuration by adopting a custom starting program to generate an environment object; wherein the configuration includes, but is not limited to, configuration file and command line parameters, and then calls
To start the elasticsearch program, thereby completing the normal start of the elasticsearch cluster.
Fig. 2 is a schematic flowchart of another search server startup method provided in an embodiment of the present invention, and referring to fig. 2, the method includes steps a1-a 7:
a1: encrypting the secure communication certificate of the search server;
a2: encrypting a secure communication certificate protection password of the search server;
a3: yml file;
a4: yml file is loaded;
a5: decrypting a protected password of the certificate;
a6: initializing an elastic search starting configuration object;
a7: the elasticsearch node is started.
Initializing the elasticsearch starting configuration object may refer to reading a starting configuration file to generate a configuration object-Map < String, String > properties, where the configuration object stores a decrypted private key, and the decrypted private key is used to start the elasticsearch node to start the search server.
The embodiment of the invention provides a method for starting a search server, which comprises the steps of acquiring a preset encrypted password and a password configuration item ciphertext after a private key of a secure communication certificate of the search server is encrypted; decrypting the cipher configuration item ciphertext according to the preset encryption cipher and the cipher configuration item, and acquiring a starting configuration item of the private key of the search server secure communication certificate; and decrypting the private key ciphertext of the secure communication certificate of the search server according to the starting configuration item, and determining a plaintext private key to start the search server. By adopting the technical scheme of the embodiment of the invention, the starting command of the elastic search is not directly used for starting the node of the elastic search, but the configuration file is read by the self-defined java program, the password of the encrypted certificate private key in the configuration file is decrypted, and then the decrypted plaintext password and other configuration items are used for calling the starting command of the elastic search through the java code to start the node of the elastic search. The security rules without any plaintext password configuration items in the configuration file are met; even if the configuration file is leaked, an attacker cannot crack the security certificate to obtain the access right of the cluster.
Example two
Fig. 3 is a schematic structural diagram of a search server startup device according to a second embodiment of the present invention, where the search server startup device includes: a password configuration item ciphertext acquisition module 310, a startup configuration item acquisition module 320, and a search server startup module 330. Wherein:
a cipher configuration item ciphertext acquisition module 310, configured to acquire a preset encryption password and a cipher configuration item ciphertext that are obtained by encrypting a search server secure communication certificate private key;
the starting configuration item acquisition module 320 is configured to decrypt the password configuration item ciphertext according to the preset encrypted password and the password configuration item, and acquire a starting configuration item of the search server secure communication certificate private key;
the search server starting module 330 is configured to decrypt the search server secure communication certificate private key ciphertext according to the starting configuration item, and determine a plaintext private key to start the search server.
On the basis of the foregoing embodiment, optionally, the apparatus further includes:
the starting configuration item encryption module is used for encrypting the search server security communication certificate to generate a search server security communication certificate private key ciphertext and writing the encrypted secret key ciphertext into a starting configuration item in an initialization stage;
and the password configuration item encryption module is used for encrypting the starting configuration item by adopting a preset encryption program to generate a password configuration item ciphertext.
On the basis of the foregoing embodiment, optionally, the cryptographic configuration item encryption module includes:
encrypting the starting configuration item by adopting a preset encryption program, and writing the encrypted key into the preset encryption program;
and encrypting the text file generated by the preset encryption program.
On the basis of the foregoing embodiment, optionally, the password configuration item ciphertext obtaining module includes:
acquiring a text file comprising the preset encryption password, and analyzing the text file to acquire the preset encryption password after the private key of the search server secure communication certificate is encrypted;
and mapping the configuration items in the text file, and determining a cipher configuration item cipher text after the search server secure communication certificate private key is encrypted.
On the basis of the foregoing embodiment, optionally, the search server starting module includes:
reading the starting configuration item, and decrypting the secure communication certificate private key of the search server by adopting a default decryption algorithm in the open source framework to obtain a plaintext private key;
and calling a preset starting command according to the plaintext private key to start the search server.
The search server starting device provided by the embodiment of the invention can execute the search server starting method provided by any embodiment of the invention, has corresponding functions and beneficial effects of executing the search server starting method, and the detailed process refers to the related operation of the search server starting method in the embodiment.
EXAMPLE III
Fig. 4 is a schematic structural diagram of an electronic device according to a third embodiment of the present application. The embodiment of the application provides electronic equipment, and an interaction device started by a search server provided by the embodiment of the application can be integrated in the electronic equipment. As shown in fig. 4, the present embodiment provides an electronic device 400, which includes: one or more processors 420; the storage device 410 is configured to store one or more programs, and when the one or more programs are executed by the one or more processors 420, the one or more processors 420 implement the search server starting method provided in the embodiment of the present application, the method includes:
acquiring a preset encryption password and a password configuration item ciphertext after encrypting a private key of a secure communication certificate of a search server;
decrypting the cipher configuration item ciphertext according to the preset encryption cipher and the cipher configuration item, and acquiring a starting configuration item of the private key of the search server secure communication certificate;
and decrypting the private key ciphertext of the secure communication certificate of the search server according to the starting configuration item, and determining a plaintext private key to start the search server. Of course, those skilled in the art will understand that the processor 420 also implements the technical solution of the search server starting method provided in any embodiment of the present application.
The electronic device 400 shown in fig. 4 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 4, the electronic device 400 includes a processor 420, a storage device 410, an input device 430, and an output device 440; the number of the processors 420 in the electronic device may be one or more, and one processor 420 is taken as an example in fig. 4; the processor 420, the storage device 410, the input device 430, and the output device 440 in the electronic apparatus may be connected by a bus or other means, and are exemplified by a bus 450 in fig. 4.
The storage device 410 is used as a computer-readable storage medium for storing software programs, computer-executable programs, and module units, such as program instructions corresponding to the search server starting method in the embodiment of the present application.
The storage device 410 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the storage 410 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, storage 410 may further include memory located remotely from processor 420, which may be connected via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input means 430 may be used to receive input numbers, character information, or voice information, and to generate key signal inputs related to user settings and function control of the electronic device. The output device 440 may include a display screen, speakers, or other electronic equipment.
The electronic equipment provided by the embodiment of the application can meet the security rule that no plaintext password configuration item is contained in the configuration file; and even if the configuration file is leaked, an attacker cannot crack the secure communication certificate to obtain the access authority of the search server cluster.
Example four
A fourth embodiment of the present invention further provides a storage medium containing computer-executable instructions, which when executed by a computer processor, perform a search server startup method, the method including:
acquiring a preset encryption password and a password configuration item ciphertext after encrypting a private key of a secure communication certificate of a search server;
decrypting the cipher configuration item ciphertext according to the preset encryption cipher and the cipher configuration item, and acquiring a starting configuration item of the private key of the search server secure communication certificate;
and decrypting the private key ciphertext of the secure communication certificate of the search server according to the starting configuration item, and determining a plaintext private key to start the search server.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read Only Memory (ROM), an Erasable Programmable Read Only Memory (EPROM), a flash Memory, an optical fiber, a portable CD-ROM, an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. A computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take a variety of forms, including, but not limited to: an electromagnetic signal, an optical signal, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, Radio Frequency (RF), etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (10)
1. A search server initiation method, the method comprising:
acquiring a preset encryption password and a password configuration item ciphertext after encrypting a private key of a secure communication certificate of a search server;
decrypting the cipher configuration item ciphertext according to the preset encryption cipher and the cipher configuration item, and acquiring a starting configuration item of the private key of the search server secure communication certificate;
and decrypting the private key ciphertext of the secure communication certificate of the search server according to the starting configuration item, and determining a plaintext private key to start the search server.
2. The method of claim 1, wherein before obtaining the preset encrypted password and the password configuration item ciphertext after encrypting the search server secure communication certificate private key, the method comprises:
in the initialization stage, encrypting the secure communication certificate of the search server to generate a private key ciphertext of the secure communication certificate of the search server, and writing the encrypted private key ciphertext into a starting configuration item;
and encrypting the starting configuration item by adopting a preset encryption program to generate a cipher configuration item ciphertext.
3. The method according to claim 2, wherein the encrypting the startup configuration item by using the preset encryption program to generate a cipher configuration item ciphertext comprises:
encrypting the starting configuration item by adopting a preset encryption program, and writing the encrypted key into the preset encryption program;
and encrypting the text file generated by the preset encryption program.
4. The method of claim 1, wherein the obtaining of the preset encrypted password and the password configuration item ciphertext obtained by encrypting the search server secure communication certificate private key comprises:
acquiring a text file comprising the preset encryption password, and analyzing the text file to acquire the preset encryption password after the private key of the search server secure communication certificate is encrypted;
and mapping the configuration items in the text file, and determining a cipher configuration item cipher text after the search server secure communication certificate private key is encrypted.
5. The method of claim 1, wherein the decrypting the ciphertext of the private key of the secure communication certificate of the search server according to the boot configuration item and determining a plaintext private key to boot the search server comprise:
reading the starting configuration item, and decrypting the secure communication certificate private key of the search server by adopting a default decryption algorithm in the open source framework to obtain a plaintext private key;
and calling a preset starting command to start the search server according to the plaintext private key.
6. A search server activation apparatus, the apparatus comprising:
the password configuration item ciphertext acquisition module is used for acquiring a preset encrypted password and a password configuration item ciphertext after the private key of the secure communication certificate of the search server is encrypted;
the starting configuration item acquisition module is used for decrypting the cipher configuration item ciphertext according to the preset encryption password and the cipher configuration item and acquiring a starting configuration item of the private key of the search server secure communication certificate;
and the search server starting module is used for decrypting the private key ciphertext of the secure communication certificate of the search server according to the starting configuration item and determining a plaintext private key to start the search server.
7. The apparatus of claim 6, further comprising:
the starting configuration item encryption module is used for encrypting the search server security communication certificate to generate a search server security communication certificate private key ciphertext and writing the encrypted secret key ciphertext into a starting configuration item in an initialization stage;
and the password configuration item encryption module is used for encrypting the starting configuration item by adopting a preset encryption program to generate a password configuration item ciphertext.
8. The apparatus of claim 7, wherein the cryptographic configuration item encryption module comprises:
encrypting the starting configuration item by adopting a preset encryption program, and writing the encrypted key into the preset encryption program;
and encrypting the text file generated by the preset encryption program.
9. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the search server initiation method of any of claims 1-5.
10. A storage medium containing computer-executable instructions for performing the search server initiation method of any of claims 1-5 when executed by a computer processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210609973.XA CN115037462A (en) | 2022-05-31 | 2022-05-31 | Search server starting method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210609973.XA CN115037462A (en) | 2022-05-31 | 2022-05-31 | Search server starting method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115037462A true CN115037462A (en) | 2022-09-09 |
Family
ID=83123541
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210609973.XA Pending CN115037462A (en) | 2022-05-31 | 2022-05-31 | Search server starting method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115037462A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170099267A1 (en) * | 2015-10-01 | 2017-04-06 | Unisys Corporation | Systems and methods for pkcs #8 private file key support |
| CN108280356A (en) * | 2018-01-17 | 2018-07-13 | 吉浦斯信息咨询(深圳)有限公司 | File encryption-decryption method, device, processing terminal and computer readable storage medium |
| CN112463799A (en) * | 2020-12-11 | 2021-03-09 | 天冕信息技术(深圳)有限公司 | Data extraction method, device, equipment and storage medium |
| CN113886485A (en) * | 2020-12-28 | 2022-01-04 | 京东科技控股股份有限公司 | Data processing method, device, electronic equipment, system and storage medium |
-
2022
- 2022-05-31 CN CN202210609973.XA patent/CN115037462A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170099267A1 (en) * | 2015-10-01 | 2017-04-06 | Unisys Corporation | Systems and methods for pkcs #8 private file key support |
| CN108280356A (en) * | 2018-01-17 | 2018-07-13 | 吉浦斯信息咨询(深圳)有限公司 | File encryption-decryption method, device, processing terminal and computer readable storage medium |
| CN112463799A (en) * | 2020-12-11 | 2021-03-09 | 天冕信息技术(深圳)有限公司 | Data extraction method, device, equipment and storage medium |
| CN113886485A (en) * | 2020-12-28 | 2022-01-04 | 京东科技控股股份有限公司 | Data processing method, device, electronic equipment, system and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| PHILLIP WEBB ETAL.: "Spring Boot Reference Documentation", pages 17, Retrieved from the Internet <URL:https://www.docs.spring.io/spring-boot/docs/2.7.0/reference/htmlsingle> * |
| 几回寒暑: "Elasticsearch学习笔记", pages 10 - 12, Retrieved from the Internet <URL:https://www.jianshu.com/p/20b2da89a559> * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3387813B1 (en) | Mobile device having trusted execution environment | |
| US9602549B2 (en) | Establishing trust between applications on a computer | |
| CN106997439B (en) | TrustZone-based data encryption and decryption method and device and terminal equipment | |
| EP2973183B1 (en) | Intra-computer protected communications between applications | |
| EP3962021B1 (en) | Service processing methods, apparatuses, devices and systems | |
| CN106992851B (en) | TrustZone-based database file password encryption and decryption method and device and terminal equipment | |
| US10045212B2 (en) | Method and apparatus for providing provably secure user input/output | |
| US20210117533A1 (en) | Private password constraint validation | |
| US11783091B2 (en) | Executing entity-specific cryptographic code in a cryptographic coprocessor | |
| EP2689367B1 (en) | Data protection using distributed security key | |
| CN107968793B (en) | Method, device and storage medium for downloading white box key | |
| CN115037462A (en) | Search server starting method and device, electronic equipment and storage medium | |
| CN111831978A (en) | Method and device for protecting configuration file | |
| Ali et al. | AI-enabled cybernetic analytics of security models for smart serious games-based mobile operating systems | |
| CN110457959B (en) | Information transmission method and device based on Trust application | |
| US20050005173A1 (en) | Method and apparatus for implementing a pluggable password obscuring mechanism | |
| CN113420313A (en) | Program safe operation and encryption method and device, equipment and medium thereof | |
| US20210111901A1 (en) | Executing entity-specific cryptographic code in a trusted execution environment | |
| CN109933994B (en) | Data hierarchical storage method and device and computing equipment | |
| Choi et al. | Hardware-assisted credential management scheme for preventing private data analysis from cloning attacks | |
| US20240004986A1 (en) | Cla certificateless authentication of executable programs | |
| CN113660100B (en) | Method, system and electronic equipment for generating soft token seed | |
| US20240232441A1 (en) | Executing entity-Specific Cryptographic Code in a Cryptographic | |
| SABEV et al. | CHAPTER EIGHT REQUIREMENTS FOR SECURING USER DATA | |
| KR20220069042A (en) | Executing entity-specific cryptographic code in a cryptographic coprocessor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |