CN115085903A - Data encryption and decryption method, device, equipment and medium based on encryption algorithm - Google Patents

Abstract

The application discloses a data encryption and decryption method, device, equipment and medium based on an encryption algorithm, wherein the method comprises the following steps: configuring the application program through a persistent encryption and decryption package; wherein, the persistent encryption and decryption package is obtained by packaging an encryption algorithm; detecting the state of the encryption and decryption switch, and if the encryption and decryption switch is in an open state, initializing encryption and decryption; detecting whether an operation instruction is received, and if so, judging the instruction type of the operation instruction; if the instruction type is data query, decrypting the ciphertext field through the type converter; and if the instruction type is data insertion, encrypting the inserted data through the type converter. The encryption algorithm has higher security, and the obtained persistent encryption and decryption package has higher security. The type converter is used for encryption and decryption operation according to the instruction type, an external plug-in is not needed, and the maintenance cost is low.

Description

Data encryption and decryption method, device, equipment and medium based on encryption algorithm

Technical Field

The present application relates to the field of encryption and decryption technologies, and for example, to a data encryption and decryption method, apparatus, device, and medium based on an encryption algorithm.

Background

The internet products have high requirements for data confidentiality, and particularly, the storage security and the use security of data must be ensured for personal information data and financial data of users. Since the state cipher administration released the encryption algorithm, products of all companies began to access the encryption algorithm. JAVA applications have various ways to encrypt and decrypt data, but most require external plug-ins or modify a large amount of code to implement; the external plug-ins are not very confidential, cannot be used in products with high confidentiality requirements, and require maintenance by professional teams. The code level transformation wastes large human resources and may affect the performance of the product.

Disclosure of Invention

In the prior art, the confidentiality is not high due to the use of an external plug-in the encryption and decryption process, great manpower resources are wasted by the transformation from the code level, and the performance of a product is possibly influenced.

In order to solve the problems, the following technical scheme is adopted in the application:

the present document provides a data encryption and decryption method based on encryption algorithm, which is characterized in that the method comprises the following steps:

configuring the application program through a persistent encryption and decryption package; wherein the persistent encryption and decryption package is obtained by encapsulating an encryption algorithm;

detecting the state of an encryption and decryption switch, and if the encryption and decryption switch is in an open state, initializing encryption and decryption;

detecting whether an operation instruction is received, and if so, judging the instruction type of the operation instruction; if the instruction type is data query, decrypting the ciphertext field through a type converter; and if the instruction type is data insertion, encrypting the inserted data through the type converter.

The configuration of the application program through the persistent encryption and decryption package comprises the following steps:

modifying a structured query language of a persisted data layer of the application;

adding an encryption and decryption basic service package to the application program;

adding the type converter to the application;

and initializing the stock data of the application program.

The states of the encryption and decryption switch comprise the opening state and the closing state;

when the initialization of the stock data is finished, the encryption and decryption switch is changed from the off state to the on state;

and when the initialization of the stock data is carried out, the encryption and decryption switch is in the closed state.

Further, after detecting the state of the encryption and decryption switch, the method further includes:

if the encryption and decryption switch is in the closed state, detecting whether the operation instruction is received, and if so, judging the instruction type of the operation instruction; if the instruction type is data query, no response is made; and if the instruction type is data insertion, encrypting the inserted data through the type converter.

The encryption and decryption initialization comprises the following steps:

replacing the JAVA interface in the structured query language of the application with the JAVA interface of the persistent encryption and decryption package;

intercepting the user-defined structured query language of the application program through the persistent encryption and decryption package.

The inventory data initialization includes:

encrypting the stock data to obtain the ciphertext field; wherein the stock data is a plaintext field.

Further, after obtaining the ciphertext field, the method further includes:

and detecting whether the stock data is completely encrypted, if not, encrypting the unencrypted stock data, and updating the ciphertext field.

The present application further provides a data encryption and decryption apparatus based on an encryption algorithm, including:

the application program configuration module is used for configuring the application program through the persistent encryption and decryption package; wherein the persistent encryption and decryption package is obtained by encapsulating an encryption algorithm;

the encryption and decryption switch detection module is used for detecting the state of the encryption and decryption switch, and if the encryption and decryption switch is in an open state, the encryption and decryption initialization is carried out;

the operation instruction detection module is used for detecting whether an operation instruction is received or not, and if so, judging the instruction type of the operation instruction;

the encryption and decryption module is used for decrypting the ciphertext field through the type converter if the instruction type is data query; and if the instruction type is data insertion, encrypting the inserted data through the type converter.

The present application further provides a computer device, which includes a memory and a processor, where the memory stores a computer program, and the processor implements the steps of any one of the above-mentioned data encryption and decryption methods based on an encryption algorithm when executing the computer program.

The present application also provides a computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the steps of a data encryption and decryption method based on an encryption algorithm according to any one of the above.

According to the data encryption and decryption method based on the encryption algorithm, the application program is configured through the persistent encryption and decryption package; wherein the persistent encryption and decryption package is obtained by encapsulating an encryption algorithm. The encryption algorithm has higher security, and the obtained persistent encryption and decryption package has higher security. And detecting the state of the encryption and decryption switch, and if the encryption and decryption switch is in an open state, carrying out encryption and decryption initialization. Whether an operation instruction is received or not is detected, and if yes, the instruction type of the operation instruction is judged. And if the instruction type is data query, decrypting the ciphertext field through the type converter. And if the instruction type is data insertion, encrypting the inserted data through the type converter. The type converter is used for encryption and decryption operation according to the instruction type, an external plug-in is not needed, and the maintenance cost is low.

Drawings

FIG. 1 is a schematic flowchart of a data encryption and decryption method based on an encryption algorithm according to an embodiment;

FIG. 2 is a flowchart illustrating configuration of an application by persisting encryption decryption packages, according to an embodiment;

FIG. 3 is a flowchart illustrating an operation method of the encryption/decryption switch in an off state according to an embodiment;

FIG. 4 is a block diagram illustrating an exemplary embodiment of a data encryption and decryption apparatus based on an encryption algorithm;

FIG. 5 is a block diagram illustrating the structure of a computer device according to an embodiment.

The implementation, functional features and advantages of the objectives of the present application will be further explained with reference to the accompanying drawings.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.

As used herein, the singular forms "a", "an", "the" and "the" include plural referents unless the content clearly dictates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, units, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, units, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.

It will be understood by those within the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.

In an embodiment, referring to fig. 1, a schematic flow chart of a data encryption and decryption method based on an encryption algorithm according to the present application is shown, including:

s1: configuring the application program through a persistent encryption and decryption package; wherein the persistent encryption and decryption package is obtained by encapsulating an encryption algorithm.

Modifying a structured query language of a persisted data layer of the application;

adding an encryption and decryption basic service package to the application program;

adding the type converter to the application;

and carrying out inventory data initialization on the inventory data of the application program.

By configuring the persistent encryption and decryption package into the application program, the application program can call the encryption and decryption package to perform data query and data insertion operation.

The persistent encryption and decryption package is obtained by packaging an encryption algorithm, the encryption algorithm has high safety and stability, and the persistent encryption and decryption package also has high safety and stability.

In practical applications, the encryption algorithm may be a national encryption algorithm or an international encryption algorithm, which is determined according to practical situations and is not limited herein. The national cryptographic algorithm comprises a domestic elliptic curve algorithm, a domestic symmetric encryption algorithm, a domestic message digest algorithm and a domestic packet data algorithm which are issued by the national cryptographic authority. The international encryption algorithms include the RSA algorithm, the DES algorithm, and the SHA-256 algorithm.

S2: and detecting the state of the encryption and decryption switch, and if the encryption and decryption switch is in an open state, carrying out encryption and decryption initialization.

And the states of the encryption and decryption switch comprise the opening state and the closing state.

When the initialization of the stock data is finished, the encryption and decryption switch is changed from the closed state to the open state.

And when the initialization of the stock data is carried out, the encryption and decryption switch is in the closed state.

The encryption and decryption initialization comprises the following steps:

replacing the JAVA interface in the structured query language of the application with the JAVA interface of the persistent encryption and decryption package;

intercepting the user-defined structured query language of the application program through the persistent encryption and decryption package.

Before the initialization of the stock data is carried out and when the stock data is carried out, the encryption and decryption switch is in a closed state, and when the command type of the operation command is detected to be data query, the response is not carried out, so that the failure of decryption of the data query caused by incomplete encryption of the stock data can be prevented.

S3: whether an operation instruction is received or not is detected, and if yes, the instruction type of the operation instruction is judged.

The instruction type of the operation instruction comprises data query and data insertion, a code segment of the operation instruction is read, and the instruction type of the operation instruction is extracted from the code segment.

If the instruction type cannot be identified or does not exist, no operation is performed.

S4: if the instruction type is data query, decrypting the ciphertext field through a type converter; and if the instruction type is data insertion, encrypting the inserted data through the type converter.

When data is queried, structured query language preprocessing needs to be performed through a type converter, namely, the returned data of the data query is automatically decrypted and converted.

When the data is stored, the structured query language preprocessing is required to be carried out through a type converter, namely sensitive data inserted into the structured query language is automatically encrypted and returned to the processed structured query language.

The data encryption and decryption method based on the encryption algorithm configures an application program through a persistent encryption and decryption package; wherein the persistent encryption and decryption package is obtained by encapsulating an encryption algorithm. The encryption algorithm has higher security, and the obtained persistent encryption and decryption package has higher security. And detecting the state of the encryption and decryption switch, and if the encryption and decryption switch is in an open state, carrying out encryption and decryption initialization. Whether an operation instruction is received or not is detected, and if yes, the instruction type of the operation instruction is judged. And if the instruction type is data query, decrypting the ciphertext field through the type converter. And if the instruction type is data insertion, encrypting the inserted data through the type converter. The type converter is used for encryption and decryption operation according to the instruction type, an external plug-in is not needed, and the maintenance cost is low.

In one embodiment, referring to fig. 2, it is a schematic flowchart of the application program configuration through persistent encryption/decryption package, including the following steps:

s11: modifying a structured query language of a persisted data layer of the application.

And modifying the structured query language of the persistent data layer of the application program, so that the inserted sensitive data source can be encrypted through the type converter subsequently, and an encryption result is obtained.

S12: and adding the encrypted and decrypted basic service packet into the application program.

The encryption and decryption basic service package is obtained by packaging an encryption algorithm, and format conversion is carried out on the encryption and decryption parameters and data obtained by inquiring the database through the type converter. The encryption and decryption basic service packet can also decrypt the ciphertext field and encrypt the inserted data through the type converter.

S13: adding the type converter to the application.

And adding the type converter into the application program, so that the application program can call the type converter to perform encryption and decryption operations.

S14: and initializing the stock data of the application program.

Encrypting the stock data to obtain the ciphertext field; wherein the stock data is a plaintext field.

And after the ciphertext field is obtained, detecting whether the stock data is completely encrypted, if not, encrypting the unencrypted stock data, and updating the ciphertext field. And if the stock data is completely encrypted, finishing configuring the application program.

According to the embodiment of the application, the application program is configured through the persistent encryption and decryption package, and the encryption and decryption basic service package is added into the application program by modifying the structured query language of the persistent data layer of the application program. And adding the type converter into the application program, and performing stock data initialization on the stock data of the application program. The security and the stability of the persistent encryption and decryption package obtained by packaging the encryption algorithm are high, and the encryption and decryption basic service package can perform format conversion on the encryption and decryption parameters and data obtained by inquiring the database through the type converter.

In one embodiment, referring to fig. 3, it is a flowchart of the operation method of the present application with the encryption/decryption switch in the off state, including steps S2 ' -S6 ', wherein step S2 ' is parallel to step S2.

S2': and detecting the state of an encryption and decryption switch, and if the encryption and decryption switch is in a closed state, detecting whether the operation instruction is received.

If the operation command is received, step S3 'is executed, and if the operation command is not received, step S6' is executed.

S3': and judging the instruction type of the operation instruction.

The instruction types of the operation instruction include data query and data insertion. If the command type of the operation command is data query, step S4 'is performed, and if the command type of the operation command is data insertion, step S5' is performed.

S4': and if the instruction type is data query, not responding.

When the instruction type of the operation instruction is detected to be data query, the data query is not responded, and the data query can be prevented from being decrypted unsuccessfully due to incomplete encryption of data stock.

S5': and if the instruction type is data insertion, encrypting the inserted data through the type converter.

The data insertion is to insert the encrypted new data at a selected position in the data set, and the process does not involve the operation of the stock data, so that the data can not be confused, and the data insertion can be carried out under the condition that the encryption and decryption switch is closed.

S6': and keeping the current running state and not performing any operation.

And when the operation instruction is not received, keeping the current running state and not performing any operation.

The operation method for the encryption and decryption switch in the closed state of the embodiment of the application detects the state of the encryption and decryption switch, and if the encryption and decryption switch is in the closed state, detects whether the operation instruction is received. If an operation instruction is received, judging the instruction type of the operation instruction, and if the instruction type is data query, not responding. And if the instruction type is data insertion, encrypting the inserted data through the type converter. And if the operation instruction is not received, keeping the current running state and not performing any operation. When the encryption and decryption switch is in a closed state, only data insertion can be performed, and data query cannot be performed, so that the data query decryption failure caused by incomplete encryption of data in stock can be prevented.

In one embodiment, step S3 "is also included after step S2.

S3': and detecting whether an operation instruction is received, and if not, not performing any operation.

If the operation instruction is not received, no operation is performed, so that the consumption of the system memory is reduced, and the operating efficiency of the system is ensured.

Preferably, if the memory occupancy rate of the system is not high, it may be detected whether the stock data has been completely encrypted during the period in which no instruction is received, and if not, the unencrypted stock data is encrypted, and the ciphertext field is updated. And if the stock data is completely encrypted, the initialization of the stock data is completed.

The processing method for not receiving the operation instruction in the embodiment of the application detects whether the operation instruction is received, and if not, no operation is performed. Under the condition that no operation instruction is received, the occupancy rate of a system memory can be reduced, and the operation efficiency of the system is ensured.

In one embodiment, the persistent cryptographically decrypted packets are obtained by an encapsulating cryptographic algorithm.

The encryption algorithm adopts an elliptic curve algorithm, and comprises four parts of a rule, a digital signature algorithm, a key exchange protocol and a public key encryption algorithm.

The digital signature algorithm is used for realizing digital signature, the key exchange protocol is used for realizing key agreement, and the public key encryption algorithm is used for realizing data encryption.

The encryption algorithm mainly performs representation and operation on two types of prime fields, and also performs representation and operation on points of an elliptic curve in the prime field.

The encryption algorithm has better safety and stability, and the persistent encryption and decryption package obtained by the encapsulation of the encryption algorithm can carry out encryption operation and decryption operation according to the type of the instruction.

The persistent encryption and decryption package is obtained by encapsulating an encryption algorithm, and the encryption algorithm adopts an elliptic curve algorithm and comprises four parts of a rule, a digital signature algorithm, a key exchange protocol and a public key encryption algorithm. The encryption algorithm has better safety and stability, and the persistent encryption and decryption package obtained by encapsulating the encryption algorithm can perform encryption operation and decryption operation according to the instruction type.

Referring to fig. 4, it is a schematic block diagram of a data encryption and decryption apparatus based on an encryption algorithm according to the present application, and the apparatus includes:

an application configuration module 10, configured to configure an application through a persistent encryption/decryption package; wherein the persistent encryption and decryption package is obtained by encapsulating an encryption algorithm.

Modifying a structured query language of a persisted data layer of the application;

adding the encryption and decryption basic service package into the application program;

adding the type converter to the application;

and carrying out inventory data initialization on the inventory data of the application program.

By configuring the persistent encryption and decryption package into the application program, the application program can call the encryption and decryption package to perform data query and data insertion operation.

The persistent encryption and decryption package is obtained by packaging an encryption algorithm, the encryption algorithm has high safety and stability, and the persistent encryption and decryption package also has high safety and stability.

In practical applications, the encryption algorithm may be a national encryption algorithm or an international encryption algorithm, which is determined according to practical situations and is not limited herein. The national cryptographic algorithm comprises a domestic elliptic curve algorithm, a domestic symmetric encryption algorithm, a domestic message digest algorithm and a domestic packet data algorithm which are issued by the national cryptographic authority. The international encryption algorithms include the RSA algorithm, the DES algorithm, and the SHA-256 algorithm.

And the encryption and decryption switch detection module 20 is configured to detect a state of the encryption and decryption switch, and if the encryption and decryption switch is in an on state, perform initialization of encryption and decryption.

And the states of the encryption and decryption switch comprise the opening state and the closing state.

When the initialization of the stock data is finished, the encryption and decryption switch is changed from the closed state to the open state.

And when the initialization of the stock data is carried out, the encryption and decryption switch is in the closed state.

The encryption and decryption initialization comprises the following steps:

replacing the JAVA interface in the structured query language of the application with the JAVA interface of the persistent encryption and decryption package;

intercepting the user-defined structured query language of the application program through the persistent encryption and decryption package.

Before the initialization of the stock data is carried out and when the stock data is carried out, the encryption and decryption switch is in a closed state, and when the command type of the operation command is detected to be data query, the response is not carried out, so that the failure of decryption of the data query caused by incomplete encryption of the stock data can be prevented.

The operation instruction detection module 30 is configured to detect whether an operation instruction is received, and if so, determine an instruction type of the operation instruction.

The instruction type of the operation instruction comprises data query and data insertion, a code segment of the operation instruction is read, and the instruction type of the operation instruction is extracted from the code segment.

If the instruction type cannot be identified or does not exist, no operation is performed.

The encryption and decryption module 40 is configured to decrypt the ciphertext field through the type converter if the instruction type is data query; and if the instruction type is data insertion, encrypting the inserted data through the type converter.

When data is queried, structured query language preprocessing needs to be performed through a type converter, namely, the returned data of the data query is automatically decrypted and converted.

When the data is stored, the structured query language preprocessing is required to be carried out through a type converter, namely sensitive data inserted into the structured query language is automatically encrypted and returned to the processed structured query language.

The data encryption and decryption device based on the encryption algorithm is used for realizing the data encryption and decryption method based on the encryption algorithm. Configuring the application program through a persistent encryption and decryption package; wherein the persistent encryption and decryption package is obtained by encapsulating an encryption algorithm. The encryption algorithm has higher security, and the obtained persistent encryption and decryption package has higher security. And detecting the state of the encryption and decryption switch, and if the encryption and decryption switch is in an open state, carrying out encryption and decryption initialization. Whether an operation instruction is received or not is detected, and if yes, the instruction type of the operation instruction is judged. And if the instruction type is data query, decrypting the ciphertext field through the type converter. And if the instruction type is data insertion, encrypting the inserted data through the type converter. The type converter is used for encryption and decryption operation according to the instruction type, an external plug-in is not needed, and the maintenance cost is low.

In one embodiment, the application configuration module 10 is configured to configure an application by persisting encrypted decryption packages, and includes:

modifying a structured query language of a persisted data layer of the application;

adding an encryption and decryption basic service package to the application program;

adding the type converter to the application;

and carrying out inventory data initialization on the inventory data of the application program.

And modifying the structured query language of the persistent data layer of the application program, so that the inserted sensitive data source can be encrypted through the type converter subsequently, and an encryption result is obtained.

The encryption and decryption basic service package is obtained through an encapsulation encryption algorithm, and format conversion is carried out on the encryption and decryption parameters and data obtained by inquiring the database through the type converter. The encryption and decryption basic service packet can also decrypt the ciphertext field and encrypt the inserted data through the type converter.

And adding the type converter into the application program, so that the application program can call the type converter to perform encryption and decryption operations.

Encrypting the stock data to obtain the ciphertext field; wherein the stock data is a plaintext field.

And after the ciphertext field is obtained, detecting whether the stock data is completely encrypted, if not, encrypting the unencrypted stock data, and updating the ciphertext field. And if the stock data is completely encrypted, finishing configuring the application program.

The application program configuration module of the embodiment of the application program can be used for modifying the structured query language of the persistent data layer of the application program and adding the encryption and decryption basic service package into the application program. And adding the type converter into the application program, and performing stock data initialization on the stock data of the application program. The application configuration module can be used to configure the application by persisting the encrypted decryption package.

In one embodiment, the encryption and decryption switch detection module 20 is configured to detect a state of an encryption and decryption switch, and perform encryption and decryption initialization if the encryption and decryption switch is in an on state. And the states of the encryption and decryption switches comprise the on state and the off state.

When the initialization of the stock data is finished, the encryption and decryption switch is changed from the off state to the on state;

and when the initialization of the stock data is carried out, the encryption and decryption switch is in the closed state.

The encryption and decryption initialization comprises the following steps: replacing the JAVA interface in the structured query language of the application with the JAVA interface of the persistent encryption and decryption package;

intercepting the user-defined structured query language of the application program through the persistent encryption and decryption package.

Initializing stock data, namely encrypting the stock data to obtain the ciphertext field; wherein the stock data is a plaintext field.

After the ciphertext field is obtained, the method further includes: and detecting whether the stock data is completely encrypted, if not, encrypting the unencrypted stock data, and updating the ciphertext field.

After the state of the encryption and decryption switch is detected, the method further comprises the following steps:

if the encryption and decryption switch is in the closed state, detecting whether the operation instruction is received, and if so, judging the instruction type of the operation instruction; if the instruction type is data query, no response is made; and if the instruction type is data insertion, encrypting the inserted data through the type converter.

The encryption and decryption switch detection module provided by the embodiment of the application can be used for detecting the state of an encryption and decryption switch. When the initialization of the stock data is finished, the encryption and decryption switch is changed from the closed state to the open state. And when the initialization of the stock data is carried out, the encryption and decryption switch is in the closed state.

In an embodiment, the operation instruction detecting module 30 is configured to detect whether an operation instruction is received, and if so, determine an instruction type of the operation instruction.

The instruction type of the operation instruction comprises data query and data insertion, a code segment of the operation instruction is read, and the instruction type of the operation instruction is extracted from the code segment.

If the instruction type cannot be identified or does not exist, no operation is performed.

The operation instruction detection module is used for detecting whether an operation instruction is received or not, and if yes, judging the instruction type of the operation instruction.

In one embodiment, the encryption and decryption module 40 is configured to decrypt the ciphertext field through a type converter if the instruction type is a data query; and if the instruction type is data insertion, encrypting the inserted data through the type converter.

When data is queried, structured query language preprocessing needs to be performed through a type converter, that is, return data of the data query is automatically decrypted and converted.

When the data is stored, the structured query language preprocessing is required to be carried out through a type converter, namely sensitive data inserted into the structured query language is automatically encrypted and returned to the processed structured query language.

The encryption and decryption module of the embodiment of the application is used for decrypting the ciphertext field through the type converter if the instruction type is data query. And if the instruction type is data insertion, encrypting the inserted data through the type converter.

Referring to fig. 5, a computer device, which may be a server and whose internal structure may be as shown in fig. 5, is also provided in the embodiment of the present application. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the computer is configured to provide computational and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing the states of the encryption and decryption switches and the like. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a data encryption and decryption method based on an encryption algorithm.

Specifically, the data encryption and decryption method based on the encryption algorithm includes:

configuring the application program through a persistent encryption and decryption package; wherein the persistent encryption and decryption package is obtained by encapsulating an encryption algorithm;

detecting the state of an encryption and decryption switch, and if the encryption and decryption switch is in an open state, initializing encryption and decryption;

detecting whether an operation instruction is received, and if so, judging the instruction type of the operation instruction; if the instruction type is data query, decrypting the ciphertext field through a type converter; and if the instruction type is data insertion, encrypting the inserted data through the type converter.

In one embodiment, the configuring the application through the persistent encryption decryption package comprises:

modifying a structured query language of a persisted data layer of the application;

adding an encryption and decryption basic service package to the application program;

adding the type converter to the application;

and carrying out inventory data initialization on the inventory data of the application program.

In one embodiment, the states of the encryption and decryption switch comprise the on state and the off state;

when the initialization of the stock data is finished, the encryption and decryption switch is changed from the off state to the on state;

and when the initialization of the stock data is carried out, the encryption and decryption switch is in the closed state.

In one embodiment, after detecting the state of the encryption and decryption switch, the method further includes:

if the encryption and decryption switch is in the closed state, detecting whether the operation instruction is received, and if so, judging the instruction type of the operation instruction; if the instruction type is data query, no response is made; and if the instruction type is data insertion, encrypting the inserted data through the type converter.

In one embodiment, the encryption and decryption initialization includes:

replacing the JAVA interface in the structured query language of the application with the JAVA interface of the persistent encryption and decryption package;

intercepting the user-defined structured query language of the application program through the persistent encryption and decryption package.

In one embodiment, the inventory data is initialized, comprising:

encrypting the stock data to obtain the ciphertext field; wherein the stock data is a plaintext field.

In one embodiment, after obtaining the ciphertext field, the method further includes:

and detecting whether the stock data is completely encrypted, if not, encrypting the unencrypted stock data, and updating the ciphertext field.

Those skilled in the art will appreciate that the architecture shown in fig. 5 is only a block diagram of some of the structures associated with the present solution and is not intended to limit the scope of the present solution as applied to computer devices.

An embodiment of the present application also provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements a data encryption and decryption method based on an encryption algorithm. It is to be understood that the computer-readable storage medium in the present embodiment may be a volatile-readable storage medium or a non-volatile-readable storage medium.

Specifically, the data encryption and decryption method based on the encryption algorithm includes:

configuring the application program through a persistent encryption and decryption package; wherein the persistent encryption and decryption package is obtained by encapsulating an encryption algorithm;

detecting the state of an encryption and decryption switch, and if the encryption and decryption switch is in an open state, initializing encryption and decryption;

detecting whether an operation instruction is received, and if so, judging the instruction type of the operation instruction; if the instruction type is data query, decrypting the ciphertext field through a type converter; and if the instruction type is data insertion, encrypting the inserted data through the type converter.

In one embodiment, the configuring the application through the persistent encryption decryption package comprises:

modifying a structured query language of a persisted data layer of the application;

adding an encryption and decryption basic service package to the application program;

adding the type converter to the application;

and carrying out inventory data initialization on the inventory data of the application program.

In one embodiment, the states of the encryption and decryption switch comprise the on state and the off state;

when the initialization of the stock data is finished, the encryption and decryption switch is changed from the off state to the on state;

and when the initialization of the stock data is carried out, the encryption and decryption switch is in the closed state.

In one embodiment, after detecting the state of the encryption and decryption switch, the method further includes:

if the encryption and decryption switch is in the closed state, detecting whether the operation instruction is received, and if so, judging the instruction type of the operation instruction; if the instruction type is data query, no response is made; and if the instruction type is data insertion, encrypting the inserted data through the type converter.

In one embodiment, the encryption and decryption initialization comprises:

replacing the JAVA interface in the structured query language of the application with the JAVA interface of the persistent encryption and decryption package;

intercepting the user-defined structured query language of the application program through the persistent encryption and decryption package.

In one embodiment, the inventory data is initialized, comprising:

encrypting the stock data to obtain the ciphertext field; wherein the stock data is a plaintext field.

In one embodiment, after obtaining the ciphertext field, the method further includes:

and detecting whether the stock data is completely encrypted, if not, encrypting the unencrypted stock data, and updating the ciphertext field.

It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. It is characterized in that any reference to memory, storage, databases, or other media provided herein and used in the examples may include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), double-rate SDRAM (SSRSDRAM), Enhanced SDRAM (ESDRAM), synchronous link (Synchlink) DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, apparatus, article, or method that includes the element.

The above description is only a preferred embodiment of the present application, and not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application, or which are directly or indirectly applied to other related technical fields, are also included in the scope of the present application.

Claims (10)

1. A data encryption and decryption method based on an encryption algorithm is characterized by comprising the following steps:

configuring the application program through a persistent encryption and decryption package; wherein the persistent encryption and decryption package is obtained by encapsulating an encryption algorithm;

detecting the state of an encryption and decryption switch, and if the encryption and decryption switch is in an open state, initializing encryption and decryption;

detecting whether an operation instruction is received, and if so, judging the instruction type of the operation instruction; if the instruction type is data query, decrypting the ciphertext field through a type converter; and if the instruction type is data insertion, encrypting the inserted data through the type converter.

2. The encryption algorithm-based data encryption and decryption method according to claim 1, wherein the configuration of the application program by the persistent encryption and decryption package comprises:

modifying a structured query language of a persisted data layer of the application;

adding an encryption and decryption basic service package to the application program;

adding the type converter to the application;

and carrying out inventory data initialization on the inventory data of the application program.

3. The encryption algorithm-based data encryption and decryption method according to claim 2, wherein the states of the encryption and decryption switch include the on state and the off state;

when the initialization of the stock data is finished, the encryption and decryption switch is changed from the off state to the on state;

and when the initialization of the stock data is carried out, the encryption and decryption switch is in the closed state.

4. The method for encrypting and decrypting data based on the encryption algorithm according to claim 3, further comprising, after detecting the state of the encryption and decryption switch:

if the encryption and decryption switch is in the closed state, detecting whether the operation instruction is received, and if so, judging the instruction type of the operation instruction; if the instruction type is data query, no response is made; and if the instruction type is data insertion, encrypting the inserted data through the type converter.

5. The encryption algorithm-based data encryption and decryption method according to claim 1, wherein the initialization of encryption and decryption includes:

replacing the JAVA interface in the structured query language of the application with the JAVA interface of the persistent encryption and decryption package;

intercepting the user-defined structured query language of the application program through the persistent encryption and decryption package.

6. The encryption algorithm-based data encryption and decryption method according to claim 2, wherein the initialization of the stock data comprises:

encrypting the stock data to obtain the ciphertext field; wherein the stock data is a plaintext field.

7. The data encryption and decryption method based on the encryption algorithm according to claim 6, wherein after obtaining the ciphertext field, the method further comprises:

and detecting whether the stock data is completely encrypted, if not, encrypting the unencrypted stock data, and updating the ciphertext field.

8. A data encryption and decryption device based on an encryption algorithm is characterized by comprising:

the application program configuration module is used for configuring the application program through the persistent encryption and decryption package; wherein the persistent encryption and decryption package is obtained by encapsulating an encryption algorithm;

the encryption and decryption switch detection module is used for detecting the state of the encryption and decryption switch, and if the encryption and decryption switch is in an open state, the encryption and decryption initialization is carried out;

the operation instruction detection module is used for detecting whether an operation instruction is received or not, and if so, judging the instruction type of the operation instruction;

the encryption and decryption module is used for decrypting the ciphertext field through the type converter if the instruction type is data query; and if the instruction type is data insertion, encrypting the inserted data through the type converter.

9. A computer device comprising a memory and a processor, the memory having a computer program stored therein, wherein the processor when executing the computer program implements the steps of the encryption algorithm based data encryption and decryption method according to any one of claims 1 to 7.

10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the encryption algorithm based data encryption and decryption method according to any one of claims 1 to 7.

Images