CN115208557A - Data encryption method and device, electronic equipment and computer storage medium - Google Patents

Data encryption method and device, electronic equipment and computer storage medium Download PDF

Info

Publication number
CN115208557A
CN115208557A CN202110385380.5A CN202110385380A CN115208557A CN 115208557 A CN115208557 A CN 115208557A CN 202110385380 A CN202110385380 A CN 202110385380A CN 115208557 A CN115208557 A CN 115208557A
Authority
CN
China
Prior art keywords
key
data
encryption
identification information
sub
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110385380.5A
Other languages
Chinese (zh)
Inventor
陈德强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Anhui Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Anhui Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Anhui Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202110385380.5A priority Critical patent/CN115208557A/en
Publication of CN115208557A publication Critical patent/CN115208557A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a data encryption method and device, electronic equipment and a computer storage medium. The data encryption method comprises the following steps: acquiring plaintext data input by a user; after verifying that the user is legal, sending an encryption request to a key center; receiving key time, a public key and key center identification information sent by a key center; determining encryption cycle times and corresponding sub-keys respectively based on the key time, the public key, the key center identification information and a preset private key; and circularly encrypting the plaintext data by utilizing each sub-key until the encryption circulation times are reached to obtain ciphertext data corresponding to the plaintext data. According to the embodiment of the application, data encryption can be carried out more safely and conveniently.

Description

Data encryption method and device, electronic equipment and computer storage medium
Technical Field
The present application relates to the field of data encryption and decryption technologies, and in particular, to a data encryption method and apparatus, an electronic device, and a computer storage medium.
Background
With the rapid development of informatization and intellectualization, the application of various informatization systems adopting a cryptographic technology to perform identity authentication, data encryption storage and transmission becomes a necessary requirement, particularly the development of mobile services and the enhancement of terminal intellectualization, and the cryptographic technology serving as the basic support technology of identity authentication and data encryption plays more and more important roles in data transmission, credible authentication and data storage. The key content of the cryptographic technology is to resolve the protection of data into the protection of a plurality of core keys through an encryption method and effectively prevent the decryption of the keys through violent calculation and guess from the outside, so that the key management problem becomes the primary core problem.
The key is life-cycle and includes the validity time of the key and certificate, the maintenance time of the revoked key and certificate, and the like. Since the key requires security, it involves key management problems, mainly including key generation, key backup, key recovery, and key update.
The traditional 3DES algorithm adopts triple DES on the basis of DES, namely two 56-bit keys K1 and K2 are used, an encryption initiator uses K1 for encryption, K2 for decryption, and then uses K1 for encryption. The decryption user uses K1 for decryption, K2 for encryption and then K1 for decryption, and the effect is to double the key length. The specific process can be seen in FIG. 1.
The prior art has the following defects: 1. the safety is weak. Today, computers are becoming more powerful, and brute force cracking and dictionary guessing are becoming less and less difficult. Encryption algorithms generally encrypt files to be encrypted quickly, meaning that the associated encrypted files will be cracked in an acceptable time, resulting in a decrease in security. 2. The key change operation needs a technician to decrypt encrypted data by using a key before change and then encrypt the decrypted data by using the key after change, the operation needs to manage new and old keys at the same time, the encryption strength is insufficient due to inherent limitation of an algorithm, when the data volume related to the encrypted data is large, complicated operation is brought, and once the key is mistaken, the problem that element data cannot be recovered is caused.
Therefore, how to encrypt data more safely and conveniently is a technical problem that needs to be solved urgently by those skilled in the art.
Disclosure of Invention
The embodiment of the application provides a data encryption method and device, electronic equipment and a computer storage medium, which can encrypt data more safely and conveniently.
In a first aspect, an embodiment of the present application provides a data encryption method, including:
acquiring plaintext data input by a user;
after verifying that the user is legal, sending an encryption request to a key center;
receiving key time, a public key and key center identification information sent by a key center;
determining encryption cycle times and corresponding sub-keys respectively based on the key time, the public key, the key center identification information and a preset private key;
and circularly encrypting the plaintext data by using each sub-key until the encryption cycle number is reached to obtain ciphertext data corresponding to the plaintext data.
Optionally, after circularly encrypting the plaintext data by using each sub-key until the number of encryption cycles is reached to obtain ciphertext data corresponding to the plaintext data, the method further includes:
sending a decryption request to a key center;
receiving key time, a public key and key center identification information sent by a key center;
determining the number of decryption cycles and corresponding sub-keys respectively based on the key time, the public key, the key center identification information and a preset private key;
and circularly decrypting the ciphertext data by using each sub-secret key until the decryption cycle number is reached to obtain plaintext data.
Optionally, circularly encrypting the plaintext data by using each sub-key until the number of encryption circulation is reached to obtain ciphertext data corresponding to the plaintext data, including:
segmenting plaintext data to obtain plaintext data segments;
and circularly encrypting the plaintext data segments by using each sub-key until the encryption cycle number is reached to obtain ciphertext data.
Optionally, after determining the encryption cycle number and the corresponding sub-keys based on the key time, the public key, the key center identification information, and the preset private key, the method further includes:
based on the matrixing transformation, the subkey is updated.
Optionally, the receiving of the key time, the public key, and the key center identification information sent by the key center includes:
and receiving the encrypted key time, the public key and the key center identification information sent by the key center.
Optionally, the public key includes a current key version number, a delimiter, an update time, key center identification information, and a key string.
Optionally, the ciphertext data includes a current key version number, a separator, update time, key center identification information, and encrypted data.
In a second aspect, an embodiment of the present application provides a data encryption apparatus, including:
the acquisition module is used for acquiring plaintext data input by a user;
the sending module is used for sending an encryption request to the key center after verifying that the user is legal;
the receiving module is used for receiving the key time, the public key and the key center identification information sent by the key center;
the determining module is used for determining encryption cycle times and sub-keys corresponding to the encryption cycle times respectively based on the key time, the public key, the key center identification information and a preset private key;
and the encryption module is used for circularly encrypting the plaintext data by utilizing each sub-key until the encryption cycle number is reached, so as to obtain ciphertext data corresponding to the plaintext data.
Optionally, the sending module is further configured to send a decryption request to the key center; the receiving module is also used for receiving the key time, the public key and the key center identification information sent by the key center; the determining module is further used for determining the decryption cycle times and corresponding sub-keys respectively based on the key time, the public key, the key center identification information and a preset private key; and the decryption module is used for circularly decrypting the ciphertext data by utilizing each sub-secret key until the decryption circulation times are reached to obtain plaintext data.
Optionally, the encryption module is configured to segment the plaintext data to obtain plaintext data segments; and circularly encrypting the plaintext data segments by using each sub-key until the encryption cycle number is reached to obtain ciphertext data.
Optionally, the apparatus further comprises: and the updating module is used for updating the sub-keys based on the matrixing conversion.
Optionally, the receiving module is configured to receive the encrypted key time, the public key, and the key center identification information sent by the key center.
Optionally, the public key includes a current key version number, a delimiter, an update time, key center identification information, and a key string.
Optionally, the ciphertext data includes a current key version number, a separator, update time, key center identification information, and encrypted data.
In a third aspect, an embodiment of the present application provides an electronic device, where the electronic device includes:
a processor and a memory storing computer program instructions;
the processor, when executing the computer program instructions, implements a data encryption method as shown in the first aspect.
In a fourth aspect, an embodiment of the present application provides a computer storage medium, on which computer program instructions are stored, and when executed by a processor, the computer program instructions implement the data encryption method as shown in the first aspect.
The data encryption method, the data encryption device, the electronic equipment and the computer storage medium can encrypt data more safely and conveniently. The data encryption method comprises the following steps: acquiring plaintext data input by a user; after verifying that the user is legal, sending an encryption request to a key center; receiving key time, a public key and key center identification information sent by a key center; determining encryption cycle times and corresponding sub-keys respectively based on the key time, the public key, the key center identification information and a preset private key; and circularly encrypting the plaintext data by using each sub-key until the encryption cycle number is reached to obtain ciphertext data corresponding to the plaintext data. Therefore, the method utilizes each sub-secret key to circularly encrypt the plaintext data, and does not need to manage new and old secret keys, so that the data encryption can be safely and conveniently carried out.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments of the present application will be briefly described below, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart of a data encryption and decryption method in the prior art;
FIG. 2 is a schematic flow chart diagram illustrating a data encryption method according to an embodiment of the present application;
FIG. 3 is a flow chart illustrating a data encryption method according to an embodiment of the present application;
FIG. 4 is a flowchart illustrating a data decryption method according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a data encryption device according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Features of various aspects and exemplary embodiments of the present application will be described in detail below, and in order to make objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail below with reference to the accompanying drawings and specific embodiments. It should be understood that the specific embodiments described herein are merely illustrative of, and not restrictive on, the present application. It will be apparent to one skilled in the art that the present application may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present application by illustrating examples thereof.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of another like element in a process, method, article, or apparatus that comprises the element.
In order to solve the prior art problems, embodiments of the present application provide a data encryption method, an apparatus, an electronic device, and a computer storage medium. First, a data encryption method provided in an embodiment of the present application is described below.
Fig. 2 is a schematic flowchart illustrating a data encryption method according to an embodiment of the present application. As shown in fig. 2, the data encryption method includes:
s201, acquiring plaintext data input by a user.
S202, after the user is verified to be legal, an encryption request is sent to the key center.
S203, receiving the key time, the public key and the key center identification information sent by the key center.
In one embodiment, the public key includes a current key version number, a delimiter, an update time, key center identification information, and a key string.
In one embodiment, the receiving of the key time, the public key and the key center identification information sent by the key center includes: and receiving the encrypted key time, the public key and the key center identification information sent by the key center.
S204, determining encryption cycle times and corresponding sub-keys respectively based on the key time, the public key, the key center identification information and a preset private key.
In one embodiment, after determining the number of encryption cycles and the corresponding sub-keys based on the key time, the public key, the key center identification information, and the preset private key, the method further includes: based on the matrixing transformation, the subkey is updated.
S205, circularly encrypting the plaintext data by using each sub-key until the encryption circulation times are reached, and obtaining ciphertext data corresponding to the plaintext data.
In one embodiment, the ciphertext data includes the current key version number, a delimiter, an update time, key center identification information, and encrypted data.
In one embodiment, circularly encrypting the plaintext data by using each sub-key until the number of encryption cycles is reached to obtain ciphertext data corresponding to the plaintext data, includes: segmenting plaintext data to obtain plaintext data segments; and circularly encrypting the plaintext data segments by using each sub-key until the encryption cycle number is reached to obtain ciphertext data.
In one embodiment, after circularly encrypting the plaintext data by using each sub-key until the number of encryption cycles is reached to obtain ciphertext data corresponding to the plaintext data, the method further includes:
sending a decryption request to a key center;
receiving key time, a public key and key center identification information sent by a key center;
determining the decryption cycle times and corresponding sub-keys respectively based on the key time, the public key, the key center identification information and a preset private key;
and circularly decrypting the ciphertext data by using each sub-secret key until the decryption cycle number is reached to obtain plaintext data.
The data encryption method comprises the following steps: acquiring plaintext data input by a user; after verifying that the user is legal, sending an encryption request to a key center; receiving key time, a public key and key center identification information sent by a key center; determining encryption cycle times and corresponding sub-keys respectively based on the key time, the public key, the key center identification information and a preset private key; and circularly encrypting the plaintext data by using each sub-key until the encryption cycle number is reached to obtain ciphertext data corresponding to the plaintext data. Therefore, the method utilizes each sub-secret key to circularly encrypt the plaintext data, and does not need to manage new and old secret keys, so that the data encryption can be safely and conveniently carried out.
The above technical solution is explained below with a specific example.
The embodiment can solve the technical problems and can provide safe, reliable, convenient and seamless data encryption and decryption service capacity: 1. through ingenious algorithm design, the generation of the internal encryption and decryption sub-key can be rapidly carried out, the encryption strength is greatly enhanced, and the encryption time is not obviously prolonged. 2. Original encryption key K in new algorithm 2 It is disclosed to the outside, therefore, the algorithm is also an asymmetric encryption and decryption algorithm. In actual operation, the public key can be replaced at regular time through the key center, so that the validity of encryption and the traceability of a decryption process are effectively guaranteed, and the method has great significance for the use in the fields of national security, finance and the like.
The technical scheme of the embodiment mainly comprises five parts: encryption and decryption algorithm, key file format, encrypted data format, encryption and decryption API and a transparent key changing method. The following are set forth separately:
1. and (4) an encryption and decryption algorithm.
Using two 256 bits of original key K 1 、K 2 (public key that can be refreshed periodically) and a secret time T, the encryptor will use the subkey K 1 r-1 The key encrypts the file to be encrypted and then uses the subkey K 2 r-1 Encrypting with secret key, and subsequently using sub-secret key K 1 r Decrypting and reusing the sub-key K 2 r Decrypting the secret key and circulating for N times; the decryptor will use the subkey K 2 r Encrypting the encrypted file by the key, and then using the sub-key K 1 r The key is encrypted and then the subkey K is used 2 r-1 Decrypting with the secret key, and reusing the sub-secret key K 1 r-1 And decrypting the key, and circulating for N times to finally obtain the plaintext before encryption. In which the number of times N is itself defined by the original key K 1 And K 2 And jointly calculating. After each round of encryption and decryption, the sub-secret key K 1 N And K 2 N Deformation will occur.
Wherein K is 1 r-1 、K 2 r-1 →K 1 r 、K 2 r The updating mode of the middle subkey is as follows:
each time relating sub-key and original key K 2 Corresponding to a random prime number R (due to K) 2 A public key updated remotely, which may be stored simultaneously and corresponds to a sufficiently large random prime number) is computed as follows:
1. will K 1 、K 2 Transpose to corresponding matrix J 1 、J 2
2. Updating the sub-key with K 1 r-1 、K 2 r-1 And matrix J 2 r-1 、J 1 r-1 Respectively performing XOR (^) operation to obtain K 1 r 、K 2 r
3. Will J 2 r-1 、J 1 r-1 The left cyclic shift is carried out according to the following rules respectively:
the last line is kept unchanged, the displacement offsets of the second last line, the third last line and the fourth last line are respectively 1 bit, 2 bits and 4 bits, and the displacement offsets are sequentially increased, so that J is obtained 2 r 、J 1 r
Or the encryption strength is further improved by adopting the following method:
keeping the last row unchanged, keeping the last column unchanged, enabling the left cyclic displacement offset of the second last row to be 1 bit, enabling the upward cyclic displacement offset of the second last column to be 1 bit, enabling the left cyclic displacement offset of the third last row to be 2 bits, enabling the upward cyclic displacement offset of the third last column to be 2 bits, enabling the left cyclic displacement offset of the fourth last row to be 4 bits, enabling the upward cyclic displacement offset of the third last column to be 4 bits, and sequentially increasing the positions to obtain J 2 r 、J 1 r
After the above operation is completed, preparation is made for next sub-key updating.
In which the original key K is retrievable N times 1 And K 2 The first 8 and last 8 bits of (c) and the value, and the remainder is taken to obtain a number of less than 16 or 8 times (more than 3 is recommended). (N = K) 1 ⊙K 2 )
The exogenous input key in the algorithm is only the original key K 1 And K 2 . The subsequent sub-keys are generated after the operation of the original key, so that the password storage difficulty and the memory difficulty are greatly reduced, and the encryption degree is not reduced.
2. The key file format.
The key file format is shown in the following table:
Figure BDA0003014545860000081
the key file consists of four parts: current key version number, delimiter, update time, key center ID and key string. Each change of the public key generates a version number in the key file and records it. The key file stores the latest version of the key string currently in use, and the key center keeps all key string records. The key string adopts the length of more than 128 bits, and ensures that any current decryption algorithm and equipment cannot be cracked within a limited time. In order to ensure the safety of the transmission process, the key file is encrypted, so that the key file distribution process is also safe.
3. The data format is encrypted.
The encrypted data format is shown in the following table:
Figure BDA0003014545860000082
the encrypted data also consists of four parts: current key version number, delimiter, update time, key center ID and encrypted data. Where the key version number indicates the version of the key (or agreed upon public key) used by the encrypted data.
4. An encryption and decryption API.
The embodiment provides a unified encryption and decryption API, and provides high encryption and low decryption capabilities for plain text files and a check recording capability for decrypting encrypted files.
For the encryption API, the flow of the data encryption method is shown in fig. 3:
(1) The encryption API takes the incoming data that needs to be encrypted.
(2) And applying for an encryption request to an encryption center, judging whether the user is a legal user according to the feedback information, and if so, starting encryption.
(3) The encryption center records the request record, transmits information such as time, a public key, an encryption center ID and the like to the encryption party, and encrypts the transmission content by using an encryption means in the transmission process.
(4) The encryption API uses the obtained public key and the added private key recorded by the user to perform calculation, so as to obtain the round-robin number N and the generated sub-key Kn, and automatically uses the generated sub-key to perform round-robin encryption on the plaintext (the whole plaintext may be encrypted for multiple times, or the plaintext may be segmented, and different segments are encrypted using the sub-keys respectively).
(5) And when the cycle number N is decreased to 0, ending the encryption to obtain a ciphertext.
For the decryption API, the flow of the data decryption method is shown in fig. 4:
(1) And analyzing information such as key version number information of the head part of the input ciphertext data.
(2) And applying for a decryption request to the encryption center, judging whether the user is a legal user according to the feedback information, and if so, starting decryption.
(3) The encryption center records the request record, transmits information such as time, a public key, an encryption center ID and the like to the encryption party, and encrypts the transmission content by using an encryption means in the transmission process.
(4) The decryption API uses the obtained public key and the private key added by the user to perform calculation, so as to obtain the round-robin number N and the generated sub-key Kn, and automatically uses the generated sub-key to perform round-robin decryption on the ciphertext (the ciphertext in a whole segment may be decrypted for multiple times, or the ciphertext may be decrypted by using the sub-keys respectively in corresponding segments).
(5) And when the cycle number N is decreased to 0, the decryption is finished to obtain the plaintext.
5. Transparent and reliable key changing method.
Based on the key file format, the encrypted data format and the encryption and decryption API design, a transparent and reliable key change mechanism can be realized, original encrypted data does not need to be refreshed again after the key jumps, and seamless connection of new and old versions of keys is realized.
Based on the key file format, the encrypted data format and the encryption and decryption API design, the history of the encrypted file can be tracked. All encryption and decryption operations will make operation requests to the key center (if no network exists, the operation is performed by adopting the mode of the latest time + the public key + the ID of the key center). Therefore, each operation can be recorded and retained in the key center (except the condition that the key center cannot be connected with the network), the security of data encryption is effectively improved, and the guarantee is provided for the reliable data flow direction.
By means of ingenious key file and encrypted data format design, transparency of encryption and decryption operations is provided, traceability of data flow direction is provided, and tracing difficulty of data leakage is reduced. Meanwhile, batch refreshing operation on the data encrypted by the key before change is not needed, and seamless connection of the new version and the old version of the key is realized.
The embodiment solves the problem that the encryption strength of the existing algorithm cannot face the cracking difficulty caused by increasingly strong computer performance, and greatly improves the cracking difficulty of confidential data. Meanwhile, due to the fact that workload is large and mistakes are prone to occur when a large amount of encrypted data are subjected to key updating, and complex operation of key management of new and old versions is achieved, data safety is improved, meanwhile, the problem that operation steps are complex in the prior art is solved, and the problem that element data cannot be recovered any more due to key errors is solved. Meanwhile, for confidential data, the data flow direction of the confidential data can be tracked, and once ciphertext leakage occurs, the use and circulation of the confidential data can be immediately blocked.
Fig. 5 is a schematic structural diagram of a data encryption apparatus according to an embodiment of the present application, and as shown in fig. 5, the data encryption apparatus includes:
an obtaining module 501, configured to obtain plaintext data input by a user;
a sending module 502, configured to send an encryption request to a key center after verifying that a user is legitimate;
a receiving module 503, configured to receive the key time, the public key, and the key center identification information sent by the key center;
a determining module 504, configured to determine encryption cycle numbers and corresponding sub-keys based on the key time, the public key, the key center identification information, and a preset private key;
and the encryption module 505 is configured to perform circular encryption on the plaintext data by using each sub-key until the number of encryption cycles is reached, so as to obtain ciphertext data corresponding to the plaintext data.
In one embodiment, the sending module 502 is further configured to send a decryption request to the key center; the receiving module 503 is further configured to receive the key time, the public key, and the key center identification information sent by the key center; the determining module 504 is further configured to determine, based on the key time, the public key, the key center identification information, and a preset private key, the number of decryption cycles and corresponding sub-keys, respectively; and the decryption module is used for circularly decrypting the ciphertext data by utilizing each sub-secret key until the decryption circulation times are reached to obtain plaintext data.
In one embodiment, the encrypting module 505 is configured to segment the plaintext data to obtain a plaintext data segment; and circularly encrypting the plaintext data segments by utilizing each sub-key until the encryption circulation times are reached to obtain ciphertext data.
In one embodiment, the apparatus further comprises: and the updating module is used for updating the sub-keys based on the matrixing conversion.
In one embodiment, the receiving module 503 is configured to receive the encrypted key time, the public key, and the key center identification information sent by the key center.
In one embodiment, the public key includes a current key version number, a delimiter, an update time, key center identification information, and a key string.
In one embodiment, the ciphertext data includes the current key version number, the delimiter, the update time, the key center identification information, and the encrypted data.
Each module/unit in the apparatus shown in fig. 5 has a function of implementing each step in fig. 2, and can achieve the corresponding technical effect, and for brevity, the description is not repeated here.
Fig. 6 shows a schematic structural diagram of an electronic device provided in an embodiment of the present application.
The electronic device may comprise a processor 601 and a memory 602 in which computer program instructions are stored.
Specifically, the processor 601 may include a Central Processing Unit (CPU), or an Application Specific Integrated Circuit (ASIC), or may be configured to implement one or more Integrated circuits of the embodiments of the present Application.
Memory 602 may include mass storage for data or instructions. By way of example, and not limitation, memory 602 may include a Hard Disk Drive (HDD), floppy Disk Drive, flash memory, optical Disk, magneto-optical Disk, tape, or Universal Serial Bus (USB) Drive or a combination of two or more of these. Memory 602 may include removable or non-removable (or fixed) media, where appropriate. The memory 602 may be internal or external to the electronic device, where appropriate. In particular embodiments, memory 602 may be non-volatile solid-state memory.
In one example, the Memory 602 may be a Read Only Memory (ROM). In one example, the ROM can be mask-programmed ROM, programmable ROM (PROM), erasable PROM (EPROM), electrically Erasable PROM (EEPROM), electrically rewritable ROM (EAROM), or flash memory, or a combination of two or more of these.
The processor 601 realizes any one of the data encryption methods in the above embodiments by reading and executing the computer program instructions stored in the memory 602.
In one example, the electronic device may also include a communication interface 603 and a bus 610. As shown in fig. 6, the processor 601, the memory 602, and the communication interface 603 are connected via a bus 610 to complete communication therebetween.
The communication interface 603 is mainly used for implementing communication between modules, apparatuses, units and/or devices in the embodiments of the present application.
The bus 610 includes hardware, software, or both to couple the components of the electronic device to one another. By way of example, and not limitation, a bus may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industrial Standard Architecture (EISA) bus, a Front Side Bus (FSB), a Hyper Transport (HT) interconnect, an Industrial Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus or a combination of two or more of these. Bus 610 may include one or more buses, where appropriate. Although specific buses are described and shown in the embodiments of the application, any suitable buses or interconnects are contemplated by the application.
In addition, the embodiment of the application can be realized by providing a computer storage medium. The computer storage medium having computer program instructions stored thereon; the computer program instructions, when executed by a processor, implement any of the data encryption methods in the above embodiments.
It is to be understood that the present application is not limited to the particular arrangements and instrumentality described above and shown in the attached drawings. A detailed description of known methods is omitted herein for the sake of brevity. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present application are not limited to the specific steps described and illustrated, and those skilled in the art can make various changes, modifications and additions, or change the order between the steps, after comprehending the spirit of the present application.
The functional blocks shown in the above-described structural block diagrams may be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, plug-in, function card, or the like. When implemented in software, the elements of the present application are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine-readable medium or transmitted by a data signal carried in a carrier wave over a transmission medium or a communication link. A "machine-readable medium" may include any medium that can store or transfer information. Examples of a machine-readable medium include electronic circuits, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, radio Frequency (RF) links, and so forth. The code segments may be downloaded via computer networks such as the internet, intranet, etc.
It should also be noted that the exemplary embodiments mentioned in this application describe some methods or systems based on a series of steps or devices. However, the present application is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, may be performed in an order different from the order in the embodiments, or may be performed simultaneously.
Aspects of the present application are described above with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, enable the implementation of the functions/acts specified in the flowchart and/or block diagram block or blocks. Such a processor may be, but is not limited to, a general purpose processor, a special purpose processor, an application specific processor, or a field programmable logic circuit. It will also be understood that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware for performing the specified functions or acts, or combinations of special purpose hardware and computer instructions.
As described above, only the specific embodiments of the present application are provided, and it can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system, the module and the unit described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. It should be understood that the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the present application, and these modifications or substitutions should be covered within the scope of the present application.

Claims (10)

1. A method for data encryption, comprising:
acquiring plaintext data input by a user;
after verifying that the user is legal, sending an encryption request to a key center;
receiving the key time, the public key and the key center identification information sent by the key center;
determining encryption cycle times and corresponding sub-keys respectively based on the key time, the public key, the key center identification information and a preset private key;
and circularly encrypting the plaintext data by using each sub-key until the encryption cycle number is reached to obtain ciphertext data corresponding to the plaintext data.
2. The data encryption method according to claim 1, wherein after the plaintext data is circularly encrypted by using each of the subkeys until the number of encryption cycles is reached to obtain ciphertext data corresponding to the plaintext data, the method further comprises:
sending a decryption request to the key center;
receiving the key time, the public key and the key center identification information sent by the key center;
determining the decryption cycle times and corresponding sub-keys respectively based on the key time, the public key, the key center identification information and a preset private key;
and circularly decrypting the ciphertext data by utilizing each sub-key until the decryption circulation times are reached to obtain the plaintext data.
3. The data encryption method according to claim 1, wherein the circularly encrypting the plaintext data by using each of the subkeys until the number of encryption cycles is reached to obtain ciphertext data corresponding to the plaintext data comprises:
segmenting the plaintext data to obtain plaintext data segments;
and circularly encrypting the plaintext data segments by using each sub-key until the encryption cycle number is reached to obtain the ciphertext data.
4. The data encryption method according to claim 1, wherein after determining the number of encryption cycles and the corresponding sub-keys based on the key time, the public key, the key center identification information, and a preset private key, the method further comprises:
updating the subkey based on the matrixing conversion.
5. The data encryption method according to claim 1, wherein the receiving the key time, the public key and the key center identification information sent by the key center comprises:
and receiving the encrypted key time, the public key and the key center identification information sent by the key center.
6. The data encryption method according to claim 1, wherein the public key includes a current key version number, a delimiter, an update time, key center identification information, and a key string.
7. The data encryption method according to claim 1, wherein the ciphertext data comprises a current key version number, a delimiter, an update time, key center identification information, and encrypted data.
8. A data encryption apparatus, comprising:
the acquisition module is used for acquiring plaintext data input by a user;
the sending module is used for sending an encryption request to the key center after verifying that the user is legal;
the receiving module is used for receiving the key time, the public key and the key center identification information sent by the key center;
the determining module is used for determining encryption cycle times and sub-keys corresponding to the encryption cycle times respectively based on the key time, the public key, the key center identification information and a preset private key;
and the encryption module is used for circularly encrypting the plaintext data by utilizing each sub-key until the encryption circulation times are reached to obtain ciphertext data corresponding to the plaintext data.
9. An electronic device, characterized in that the electronic device comprises: a processor and a memory storing computer program instructions;
the processor, when executing the computer program instructions, implements a data encryption method as claimed in any one of claims 1 to 7.
10. A computer storage medium having computer program instructions stored thereon which, when executed by a processor, implement a data encryption method as claimed in any one of claims 1 to 7.
CN202110385380.5A 2021-04-09 2021-04-09 Data encryption method and device, electronic equipment and computer storage medium Pending CN115208557A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110385380.5A CN115208557A (en) 2021-04-09 2021-04-09 Data encryption method and device, electronic equipment and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110385380.5A CN115208557A (en) 2021-04-09 2021-04-09 Data encryption method and device, electronic equipment and computer storage medium

Publications (1)

Publication Number Publication Date
CN115208557A true CN115208557A (en) 2022-10-18

Family

ID=83571040

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110385380.5A Pending CN115208557A (en) 2021-04-09 2021-04-09 Data encryption method and device, electronic equipment and computer storage medium

Country Status (1)

Country Link
CN (1) CN115208557A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115834791A (en) * 2023-02-03 2023-03-21 徐工汉云技术股份有限公司 Image encryption and decryption transmission method using matrix key and electronic equipment
CN116614806A (en) * 2023-07-18 2023-08-18 荣耀终端有限公司 Bluetooth pairing method and device, electronic equipment and storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115834791A (en) * 2023-02-03 2023-03-21 徐工汉云技术股份有限公司 Image encryption and decryption transmission method using matrix key and electronic equipment
CN116614806A (en) * 2023-07-18 2023-08-18 荣耀终端有限公司 Bluetooth pairing method and device, electronic equipment and storage medium
CN116614806B (en) * 2023-07-18 2023-10-20 荣耀终端有限公司 Bluetooth pairing method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN108629027B (en) User database reconstruction method, device, equipment and medium based on block chain
CN110324143A (en) Data transmission method, electronic equipment and storage medium
US7571320B2 (en) Circuit and method for providing secure communications between devices
TWI809292B (en) Data encryption and decryption method, device, storage medium and encrypted file
CN113691502B (en) Communication method, device, gateway server, client and storage medium
US7499552B2 (en) Cipher method and system for verifying a decryption of an encrypted user data key
CN113890731B (en) Key management method, device, electronic equipment and storage medium
KR20150142623A (en) Cryptographic method for securely exchanging messages and device and system for implementing this method
CN109274644A (en) A kind of data processing method, terminal and watermark server
CN115208557A (en) Data encryption method and device, electronic equipment and computer storage medium
CN112784284B (en) Encryption processing system, encryption processing method, and recording medium
KR20170053063A (en) Password-based user authentication method using one-time private key-based digital signature and homomorphic encryption
EP3022864B1 (en) Apparatus and method for key update for use in a block cipher algorithm
CN111865579A (en) SM2 algorithm transformation-based data encryption and decryption method and device
CN100431297C (en) Method for preventing user's pin from illegal use by double verification protocol
CN114553566B (en) Data encryption method, device, equipment and storage medium
US11720693B2 (en) System and method for securely transferring data
US20170310646A1 (en) Method to detect an ota (over the air) standard message affected by an error
CN114978711A (en) Data transmission method and system for symmetric encryption of dynamic secret key
JP5945525B2 (en) KEY EXCHANGE SYSTEM, KEY EXCHANGE DEVICE, ITS METHOD, AND PROGRAM
CN116881945B (en) Solid state disk encryption and decryption method and system based on TPCM and electronic equipment
US11522707B2 (en) System and method for detecting compromised devices
US11743044B2 (en) Password-less authentication using key agreement and multi-party computation (MPC)
CN113411347B (en) Transaction message processing method and processing device
US11909893B2 (en) Composite encryption across cryptographic algorithms

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination