CN115277225A - Data encryption method, data decryption method and related equipment - Google Patents
Data encryption method, data decryption method and related equipment Download PDFInfo
- Publication number
- CN115277225A CN115277225A CN202210910643.4A CN202210910643A CN115277225A CN 115277225 A CN115277225 A CN 115277225A CN 202210910643 A CN202210910643 A CN 202210910643A CN 115277225 A CN115277225 A CN 115277225A
- Authority
- CN
- China
- Prior art keywords
- timestamp
- encrypted
- request data
- public key
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 84
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 114
- 238000004891 communication Methods 0.000 claims description 23
- 238000004364 calculation method Methods 0.000 claims description 8
- 230000004044 response Effects 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 4
- 238000013500 data storage Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a data encryption method, a data decryption method and related equipment, wherein the data encryption method comprises the following steps: acquiring a public key and a private key; and exposing the public key in the form of an interface so that any terminal equipment can obtain the public key. The terminal equipment acquires a public key of a server request interface; determining request data; acquiring a current timestamp; based on the timestamp, symmetrically encrypting the request data through a preset symmetric encryption algorithm to obtain encrypted request data; the public key is used as an encryption key, and the timestamp is asymmetrically encrypted through a preset asymmetric encryption algorithm to obtain an encrypted timestamp; sending the encrypted timestamp and the encrypted request data to the server.
Description
Technical Field
The present application relates to the field of internet data security technologies, and in particular, to a data encryption method, a data decryption method, and related devices.
Background
Currently, the mainstream encryption methods are: AES and DES for symmetric encryption, RSA and DSA for asymmetric encryption; the AES symmetric encryption algorithm has the advantages of being public, small in calculated amount and high in encryption speed, so that a large amount of data can be encrypted by the AES symmetric encryption algorithm; but both parties of the transaction use the same key, so that the security cannot be guaranteed; the RSA asymmetric encryption algorithm needs to generate a secret key, the encryption speed is relatively slow, the encryption speed is several orders of magnitude slower than that of a symmetric encryption algorithm, but the security of the RSA asymmetric encryption algorithm is relatively high; the key generated by RSA encryption is divided into a public key (short for public key) and a private key (short for private key), and the public key can be transmitted on the network and used for encryption operation; and the private key is not public and is stored in the server side for decryption operation.
In the prior art, a token authentication mode is generally adopted or a scheme of generating signature authentication according to request data is not really used for encrypting the transmitted data, and an accessor can still take the token in a cache of the browser to perform a simulation request and guess the meaning of each data according to the request data, thereby bypassing the limitation of the browser.
Disclosure of Invention
In view of the above, the present application aims to provide a method for encrypting the request data of the terminal device and decrypting the data received by the server simply and effectively.
Based on the above purpose, the present application provides a data encryption method, a data decryption method and related devices.
In a first aspect, the present application provides a data encryption method, including:
acquiring a public key and a private key;
and exposing the public key in an interface mode so that any terminal equipment can obtain the public key.
Optionally, the obtaining the public key and the private key further includes:
checking whether history generates the public key and the private key;
in response to determining that a public key and a private key have historically been generated, obtaining the public key and the private key;
and generating the public key and the private key through a preset asymmetric encryption algorithm in response to determining that the public key and the private key are not generated historically.
In a second aspect, the present application provides a data encryption method, the method comprising:
acquiring a public key of a server request interface;
determining request data;
acquiring a current timestamp;
based on the timestamp, symmetrically encrypting the request data through a preset symmetric encryption algorithm to obtain encrypted request data;
the public key is used as an encryption key, and the time stamp is asymmetrically encrypted through a preset asymmetric encryption algorithm to obtain an encrypted time stamp;
sending the encrypted timestamp and the encrypted request data to the server.
Optionally, the symmetrically encrypting the request data by using a preset symmetric encryption algorithm based on the timestamp to obtain encrypted request data further includes:
adding a preset interference character to the time stamp to generate an interference-added time stamp;
and symmetrically encrypting the request data by using the time stamp added with the interference as an encryption key through a symmetric encryption algorithm to obtain encrypted request data.
In a third aspect, the present application provides a data decryption method, including:
receiving an encrypted timestamp and encrypted request data sent by terminal equipment; the encrypted timestamp is obtained by encrypting the timestamp generated by the terminal equipment according to a pre-generated public key and a preset symmetric encryption algorithm, and the encrypted request data is obtained by encrypting the request data generated by the terminal equipment by using the public key as an encryption key through a preset asymmetric encryption algorithm;
decrypting the encrypted timestamp by using a private key corresponding to the public key as a decryption key through a preset asymmetric decryption algorithm to obtain a decrypted timestamp;
and based on the decrypted timestamp, symmetrically decrypting the encrypted request data through a preset symmetric decryption algorithm to obtain decrypted request data.
Optionally, the symmetrically decrypting the encrypted request data by using a preset asymmetric decryption algorithm based on the decrypted timestamp further includes:
adding a preset interference character based on the decrypted timestamp to generate a timestamp for adding interference;
and symmetrically decrypting the encrypted request data by using the time stamp added with the interference as a decryption key through a symmetric decryption algorithm to obtain decrypted request data.
Optionally, the decrypting the encrypted timestamp by using the private key corresponding to the public key as a decryption key through a preset asymmetric decryption algorithm to obtain a decrypted timestamp, further comprising:
and in response to the failure of the symmetric decryption of the encrypted request data through a preset symmetric decryption algorithm, or in response to the failure of the symmetric decryption of the encrypted request data through the preset symmetric decryption algorithm, discarding the current network request and/or transmitting request failure information back to the terminal equipment.
In a fourth aspect, the present application provides a server, comprising:
the first communication module is used for establishing network connection with the terminal equipment;
the first storage module is used for storing a public key and a private key, wherein the public key is exposed through a request interface.
In a fifth aspect, the present application provides a terminal device, including:
the second communication module is used for establishing network connection with the server, acquiring a public key from the server and sending an encrypted timestamp and encrypted request data to the server;
the first calculation module is used for presetting a symmetric encryption algorithm and an asymmetric encryption algorithm; the asymmetric encryption algorithm is used for symmetrically encrypting the timestamp, and the symmetric encryption algorithm is used for symmetrically encrypting the request data based on the timestamp;
the acquisition module is used for acquiring the timestamp;
and the second storage module is used for storing the public key acquired from the server.
In a sixth aspect, the present application provides a server, comprising:
the third communication module is used for receiving the encrypted timestamp and the encrypted request data sent by the terminal equipment; the encrypted timestamp is obtained by encrypting the timestamp generated by the terminal equipment according to a pre-generated public key and a preset symmetric encryption algorithm, and the encrypted request data is obtained by encrypting the request data generated by the terminal equipment by using the public key as an encryption key through a preset asymmetric encryption algorithm;
the third storage module is used for storing a private key corresponding to the public key;
the second calculation module is used for presetting a symmetric decryption algorithm and an asymmetric decryption algorithm, wherein the asymmetric decryption algorithm is used for decrypting the encrypted timestamp and generating a decrypted timestamp; and the symmetric decryption algorithm is used for symmetrically decrypting the encrypted request data through a preset symmetric decryption algorithm based on the decrypted timestamp.
In a seventh aspect, the present application provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the processor implements the data encryption method and the data decryption method described above.
In an eighth aspect, the present application provides a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform the data encryption method and the data decryption method described above.
As can be seen from the foregoing, the data encryption method, the data decryption method, the browser, the server and the related device provided by the present application have the following beneficial effects:
before sending request data, the terminal equipment acquires a public key from a server, meanwhile, the terminal equipment acquires a current timestamp of the terminal equipment, preset interference characters are added, an interference-added timestamp is generated, the interference-generated timestamp is used as an encryption key, the request data are symmetrically encrypted through a preset symmetric encryption algorithm, an encrypted data request is obtained, then, the public key is used as the encryption key, the timestamp is asymmetrically encrypted through the preset asymmetric encryption algorithm, the encrypted timestamp is generated, the encrypted request data and the encrypted timestamp are sent to the server, when the request data are sent to the server, a user maliciously intercepts all information sent to the server, under the condition that no private key exists, the encrypted timestamp can not be decrypted firstly, the request data can not be decrypted more, and the data security is protected.
Meanwhile, when a user maliciously requests the server through the interface, the private key is used as a decryption key in the server verification process, the malicious request cannot be decrypted, and resource consumption of the server and the terminal equipment for encrypting and decrypting the request data is saved to the greatest extent.
Drawings
In order to more clearly illustrate the technical solutions in the present application or the related art, the drawings needed to be used in the description of the embodiments or the related art will be briefly introduced below, and it is obvious that the drawings in the following description are only embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a schematic diagram of an application scenario of the present application;
FIG. 2 is a schematic diagram of a data encryption method according to an embodiment of the present application;
FIG. 3 is a diagram illustrating a data encryption method according to another embodiment of the present application;
FIG. 4 is a diagram illustrating a data decryption method according to an embodiment of the present application;
fig. 5 is a schematic view of an electronic device according to an embodiment of the application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is further described in detail below with reference to specific embodiments and the accompanying drawings. It should be understood that the embodiments described herein are merely illustrative and not restrictive, and therefore do not have a technical spirit, and any structural modifications, changes in proportions, or adjustments in size, which do not affect the efficacy or objectives achieved by the present invention, should still fall within the scope of the technical disclosure herein.
Reference will now be made in detail to the present embodiments of the present application, preferred embodiments of which are illustrated in the accompanying drawings, which serve to supplement the description in the literal portions with figures, and to enable a person to understand visually and visually each and every feature and technical solution of the present application, but not to limit the scope of the present application.
It should be noted that technical terms or scientific terms used in the embodiments of the present application should have a general meaning as understood by those having ordinary skill in the art to which the present application belongs, unless otherwise defined. The use of "first," "second," and similar terms in the embodiments of the present application do not denote any order, quantity, or importance, but rather the terms are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item preceding the word comprises the element or item listed after the word and its equivalent, but does not exclude other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", and the like are used merely to indicate relative positional relationships, and when the absolute position of the object being described is changed, the relative positional relationships may also be changed accordingly.
Fig. 1 is a schematic view of an application scenario of a data encryption method and a data decryption method according to an embodiment of the present application. The application scenario includes a terminal device 101, a server 102, and a data storage system 103. The terminal device 101, the server 102 and the data storage system 103 may be connected through a wired or wireless communication network. The terminal device 101 includes, but is not limited to, a desktop computer, a mobile phone, a mobile computer, a tablet computer, a media player, a smart wearable device, a Personal Digital Assistant (PDA), or other electronic devices capable of implementing the above functions. The server 102 and the data storage system 103 may be independent physical servers, may also be a server cluster or a distributed system formed by a plurality of physical servers, and may also be cloud servers providing basic cloud computing services such as cloud service, a cloud database, cloud computing, cloud functions, cloud storage, network service, cloud communication, middleware service, domain name service, security service, CDN, big data and artificial intelligence platforms, and the like.
The server 102 is configured to provide request data to a user of the terminal device 101, a client in communication with the server 102 is installed in the terminal device 101, the user may first obtain a public key through the server 102 and obtain a current timestamp of the terminal device, then input required request data through the client, symmetrically encrypt the request data based on the timestamp, asymmetrically encrypt the timestamp by using the public key as an encryption key, send the encrypted timestamp and the encrypted request data to the server 102, the server 102 decrypts the encrypted timestamp by using an asymmetric decryption algorithm corresponding to an asymmetric encryption algorithm, and then decrypt the encrypted request data by using a symmetric decryption algorithm corresponding to the symmetric encryption algorithm, so as to obtain decrypted request data, and finally the server 102 executes an operation required by the terminal device 101 according to the decrypted request data, where content related to the request data may be sent to the terminal device 101, and the terminal device 101 achieves an effect of obfuscated encryption by using the above-mentioned encryption means, thereby preventing the user from maliciously intercepting and guessing information of the request data.
The data storage system 103 stores a preset asymmetric encryption algorithm, an asymmetric decryption algorithm, a symmetric encryption algorithm and a symmetric decryption algorithm, the asymmetric encryption method can generate a public key and a private key for the server 101, and can perform asymmetric encryption on the timestamp, the symmetric encryption method can perform symmetric encryption on the request data, the asymmetric decryption method performs asymmetric decryption on the encrypted timestamp, the symmetric decryption method performs symmetric decryption on the encrypted request data, and can store the public key and the private key, the public key can be exposed in an interface form, and any terminal device 101 can obtain the public key.
The data encryption method and the data decryption method of the embodiment of the application can be applied to a scene including, but not limited to, hardware or software on a terminal device sending request data to a server.
The data encryption and decryption method according to the exemplary embodiment of the present application is described below with reference to an application scenario of fig. 1. It should be noted that the above application scenarios are only shown for the convenience of understanding the spirit and principle of the present application, and the embodiments of the present application are not limited in this respect. Rather, embodiments of the present application may be applied to any scenario where applicable.
For convenience of understanding, a data encryption method, a data decryption method and related devices provided in the embodiments of the present application are described below with reference to the accompanying drawings. Referring first to fig. 2, wherein fig. 2 illustrates a data encryption method comprising the steps of:
s200, acquiring a public key and a private key;
s201, exposing the public key in an interface mode so that any terminal device can obtain the public key.
Here, the server first needs to obtain a public key and a private key, and prepare for the terminal device to obtain the public key therein later, where in order to encrypt the request data by using the public key, thereby achieving the purpose of encrypting the request data itself, the server needs to obtain the corresponding public key and private key, where the private key is not disclosed, but the public key may be exposed in the form of an interface, and any terminal device accessing the server may download or directly online preview information of the public key in a storage unit of the server.
In some embodiments, the server needs to check whether the server has historically generated the corresponding public key and private key, if the server has been queried and has generated the public key and private key historically, the generated public key and private key are directly extracted, or the private key is not disclosed, the public key is exposed in an interface form, if the server has not generated the public key and private key by checking itself, the public key and private key are generated by an asymmetric encryption algorithm preset in the server, here, because the asymmetric encryption algorithm is used, even if someone obtains the public key by accessing, the private key cannot be reversely pushed by the public key, and the security is guaranteed.
The above-mentioned public key and private key generated historically or newly are calculated by using an asymmetric encryption algorithm preset in the server, and meanwhile, the public key and private key generated historically or newly can be stored in a storage unit of the server, the storage unit sets an access right, the public key can be accessed, the private key can not be accessed, and herein, due to the uniqueness of the public key and the private key, anyone is not allowed to authorize private key information, and meanwhile, an administrator with administrator right is not allowed to authorize private key information to anyone.
In some embodiments, as shown in fig. 3, the present application discloses a data encryption method comprising:
s300, acquiring a public key of a server request interface;
s301, determining request data;
s302, acquiring a current timestamp;
s303, encrypting the request data through a preset symmetric encryption algorithm based on the timestamp to obtain an encrypted timestamp;
s304, using the public key as an encryption key, and carrying out asymmetric encryption on the timestamp through a preset asymmetric encryption algorithm to obtain encrypted request data;
s305, sending the encrypted time stamp and the encrypted request data to a server.
When the terminal equipment encrypts the request data, the private key is firstly required to be obtained from the server which generates the public key and the private key, wherein the private key can also be downloaded to the local or online check from the server, the downloaded public key can be stored in a memory of the terminal equipment, and when the data request is required to be carried out on the server later, the public key can also be directly utilized, so that the steps of obtaining the public key are reduced.
The data to be requested from the server is determined, before the requested data is sent, the terminal device obtains a current timestamp of the requested data, and based on the current timestamp, the requested data is encrypted through a preset symmetric encryption algorithm in the terminal device to obtain encrypted requested data.
In order to request the security of data, a public key is used as an encryption key, and an asymmetric encryption algorithm is used for asymmetrically encrypting a timestamp to obtain an encrypted timestamp; here, it should be noted that the terminal device also presets the asymmetric encryption algorithm in advance, and meanwhile, when the public key is not obtained, because there is no encryption key, the preset asymmetric encryption algorithm cannot be executed, before encrypting the request data, a page prompt is required, the public key is input into a column of the encryption key, and after the public key is input, the asymmetric encryption algorithm cannot be executed.
Through the encryption, the request data are symmetrically encrypted to obtain encrypted request data, the timestamp is asymmetrically encrypted by using the public key to obtain an encrypted timestamp, and finally the obtained encrypted timestamp and the encrypted request data are sent to the server together.
In some embodiments, the symmetrically encrypting the request data by using a preset symmetric encryption algorithm to obtain the encrypted request data further includes: adding a preset interference character into the time stamp to generate an interference-added time stamp; and symmetrically encrypting the request data by using the time stamp added with the interference as an encryption key through a symmetric encryption algorithm to obtain the encrypted request data.
Here, in order to further perform obfuscated encryption on the request data, an interference character is added to the timestamp, for example, a 16-bit string is required for performing a symmetric encryption algorithm, and if a browser in the terminal device needs to perform a data request to the server, the timestamp acquired by the browser is generally a 13-bit string, and here, a 3-bit string may be further added to the 13-bit string of the timestamp to form a 16-bit string similar to the symmetric encryption algorithm, so that the request data is encrypted by using the interference-added timestamp as an encryption key by using a preset symmetric encryption algorithm, it is to be noted that the interference character added here is also preset in the terminal device, and cannot be modified for the preset interference character, for example, the preset interference character is "000", each time the interference character is added to the timestamp, it is "000", it is not to be added to "111", of course, the interference character may be added in front of the 13-bit character of the timestamp, it may be added behind, even may be added to the middle, the specific position of the timestamp is not added to the terminal, it is to be further specified that the interference character is added in the terminal device, and the interference character may be stored in the terminal device, or the interference character is directly stored in the terminal device. Here, obfuscating and encrypting the request data is further completed, and after encryption is completed, if there is a user intercepting the encrypted request data and the encrypted timestamp sent to the server by the terminal device, the encrypted timestamp cannot be decrypted and checked because there is no private key, so that the encrypted request data cannot be decrypted, specific content of the request data cannot be known, and the purpose of protecting the request data is achieved.
It should be further noted that, when symmetrically encrypting the request data, it is necessary to symmetrically encrypt each of all the request data, instead of symmetrically encrypting all the data as a whole, for example: since the data request sent by the terminal equipment usually adopts json format: { a: "a", b: "b", where symmetric encryption is performed, it is necessary to perform symmetric encryption on both data of a and b in the request data.
In another embodiment, as shown in fig. 4, the present application provides a method for decrypting data, including:
s400, receiving the encrypted timestamp and the encrypted request data sent by the terminal equipment; the encrypted timestamp is obtained by encrypting the timestamp generated by the terminal equipment according to a pre-generated public key and a preset symmetric encryption algorithm, and the encrypted request data is obtained by encrypting the request data generated by the terminal equipment by using the public key as an encryption key through a preset asymmetric encryption algorithm.
The server receives the encrypted timestamp and the encrypted request data sent by the terminal device, and because the server has the specific content of the request data of the terminal device, the request data sent to the server is subjected to the above confusion encryption, and the encryption process is not described here, the server is required to decrypt the request data, so that the original request data can be obtained, and the next operation can be performed.
S401, decrypting the encrypted timestamp by using a private key corresponding to the public key as a decryption key through a preset asymmetric decryption algorithm to obtain a decrypted timestamp;
here, it should be noted that the server for decryption and the server for generating the public key and the private key may be the same server, and here, when the server generates the public key and the private key, the public key and the private key are both stored in the current server, so that the private key that is the encryption key with the public key can be directly used as the decryption key, first, the server is used to preset an asymmetric decryption algorithm to decrypt the encrypted timestamp to obtain a decrypted timestamp, where it is noted that the asymmetric decryption algorithm in the server is opposite to the above asymmetric encryption algorithm in the terminal device, and the encryption and decryption idea algorithms of both are the same.
S402, based on the decrypted timestamp, symmetrically decrypting the encrypted request data through a preset symmetrical decryption algorithm to obtain decrypted request data.
And then, symmetrically decrypting the encrypted request data by using the decrypted timestamp and using a symmetric decryption algorithm to obtain decrypted request data, wherein the principle of the decrypted request data is the same as that of the asymmetric encryption algorithm and the asymmetric decryption algorithm, the symmetric decryption algorithm and the symmetric encryption algorithm are the same and opposite algorithms, and when the symmetric encryption algorithm and the symmetric decryption algorithm are preset by the medium equipment and the server, the forward encryption and the reverse decryption of the same algorithm are the same, or the reverse encryption and the forward decryption are both available.
In some embodiments, symmetrically decrypting the encrypted request data by a preset asymmetric decryption algorithm based on the decrypted timestamp, further comprises: adding a preset interference character based on the decrypted timestamp to generate a timestamp for adding interference; and symmetrically decrypting the encrypted request data by using the time stamp added with the interference as a decryption key through a symmetric decryption algorithm to obtain decrypted request data.
Here, since the time stamp added with the interference is used as the encryption key when the terminal device symmetrically encrypts the request data, the server also needs to use the decryption key when symmetrically decrypts the request data, and then the interference character is also added to the decrypted time stamp so that the encryption key and the decryption key can correspond to each other, so as to enable the time stamp to be used as the decryption key.
It should be noted that, in the decryption process of the server, the interference character added by the decrypted timestamp is the same as that added by the timestamp in the encryption process of the terminal device, the interference character is unified by both the server and the terminal device, and then the interference character is respectively preset, for example, the interference character in the terminal device is "000", and then the interference character in the server is also "000".
It should be further noted that, the server is when adding predetermined interference character to the time stamp of deciphering, it is the same with the rule that above-mentioned terminal equipment added interference character to the time stamp, the preceding of time stamp will be added, all add the preceding of time stamp, all add the back of time stamp, the centre of time stamp will be added, then all add the centre of time stamp, the terminal equipment has been avoided appearing adding the preceding of time stamp when presetting interference character in the time stamp, and the server is when presetting interference character is added to the time stamp of deciphering, also need add the preceding of time stamp of deciphering equally, can not add the back or the centre of the time stamp of deciphering, otherwise, the condition that can't carry out the symmetry deciphering to the request data of enciphering can appear.
In some embodiments, in the decryption process, asymmetric decryption on the encrypted timestamp and symmetric decryption on the encrypted request data are respectively required, the two cases are the same, if the decryption is passed, the next operation is performed, if the decryption is not passed, the server discards the network request (the network request includes the data request) and transmits information of the request failure back to the terminal device, the user can confirm the reason of the failure according to the transmitted information of the request failure, then determine whether to encrypt the request data again, and then repeat the encryption steps and the method to transmit a new data request to the server.
It should be noted that the method of the embodiment of the present application may be executed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene and completed by the mutual cooperation of a plurality of devices. In such a distributed scenario, one of the multiple devices may only perform one or more steps of the method of the embodiment, and the multiple devices interact with each other to complete the method.
It should be noted that the above describes some embodiments of the present application. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
In some specific scenarios, the data encryption method and the data decryption method provided in the embodiments of the present application are applied when a terminal device performs a web page access, and are different from a common network access, and some companies are respectively provided with an internal network system and a public network system, where when the terminal device performs a web page access by using the internal network system, since an internal business secret problem may be involved, it is necessary to perform obfuscation encryption on request data for access, so as to avoid malicious interception by a user, and guess specific parameters of the intercepted request data.
In addition, when a user wants to send a request to a server for data containing personal privacy, the request data containing the personal privacy can be actively encrypted, the preset data encryption method can be directly downloaded to terminal equipment of each user, and the user actively encrypts the data by using the encryption method when sending the data request.
The above specific application scenarios are not limited to common block chains, e-mail sending and receiving, chat communication, and even common web access scenarios, and can encrypt the request data to be protected.
Based on the same technical concept, the application also provides a server corresponding to the data encryption method of the embodiment.
The server, comprising:
the first communication module is used for establishing network connection with the terminal equipment;
the first storage module is used for storing a public key and a private key, wherein the public key is exposed through a request interface.
It should be noted that, the first storage module further includes a checking module and a preset asymmetric encryption algorithm, the checking module checks whether the server has generated the public key and the private key historically, and if the public key and the private key have not been generated, the preset asymmetric encryption algorithm calculates to generate the public key and the private key.
For convenience of description, the above server is described as being divided into various modules by functions and described separately. Of course, the functionality of the various modules may be implemented in the same one or more software and/or hardware implementations as the present application.
The apparatus in the foregoing embodiment is used to implement the corresponding data encryption method in the foregoing embodiment, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Based on the same technical concept, the application also provides a terminal device corresponding to the data encryption method of the other embodiment.
The terminal device includes:
the second communication module is used for establishing network connection with the server, acquiring a public key from the server and sending an encrypted timestamp and encrypted request data to the server;
the first calculation module is used for presetting a symmetric encryption algorithm and an asymmetric encryption algorithm; the asymmetric encryption algorithm is used for symmetrically encrypting the timestamp, and the symmetric encryption algorithm is used for symmetrically encrypting the request data based on the timestamp;
the acquisition module is used for acquiring the timestamp;
and the second storage module is used for storing the public key acquired from the server.
It should be noted that the first calculation module is further configured to add a preset interference character, add the interference character to the timestamp, and generate an interference-added timestamp.
While the second memory module may also be used to store the interference characters.
For convenience of description, the above terminal device is described with functions divided into various modules for description. Of course, the functionality of the various modules may be implemented in the same one or more pieces of software and/or hardware in the practice of the present application.
Based on the same technical concept, the application also provides a server corresponding to the data decryption method of the embodiment.
The server, comprising:
the third communication module is used for receiving the encrypted timestamp and the encrypted request data sent by the terminal equipment; the encrypted timestamp is obtained by encrypting the timestamp generated by the terminal equipment according to a pre-generated public key and a preset symmetric encryption algorithm, and the encrypted request data is obtained by encrypting the request data generated by the terminal equipment by using the public key as an encryption key through a preset asymmetric encryption algorithm;
the third storage module is used for storing a private key corresponding to the public key;
the second calculation module is used for presetting a symmetric decryption algorithm and an asymmetric decryption algorithm, wherein the asymmetric decryption algorithm is used for decrypting the encrypted timestamp and generating a decrypted timestamp; and the symmetric decryption algorithm is used for symmetrically decrypting the encrypted request data through a preset symmetric decryption algorithm based on the decrypted timestamp.
It should be noted that the second calculation module is further configured to add a preset interference character, add the interference character to the decrypted timestamp, and generate an interference-added timestamp.
For convenience of description, the above server is described as being divided into various modules by functions, which are described separately. Of course, the functionality of the various modules may be implemented in the same one or more software and/or hardware implementations as the present application.
Based on the same technical concept, corresponding to the method of any embodiment, the application further provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and capable of running on the processor, and when the processor executes the program, the data encryption method and the data decryption method described in any embodiment are implemented.
Fig. 5 is a schematic diagram illustrating a more specific hardware structure of an electronic device according to this embodiment, where the device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static Memory device, a dynamic Memory device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component within the device (not shown) or may be external to the device to provide corresponding functionality. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present device and other devices. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, bluetooth and the like).
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
The electronic device in the foregoing embodiment is used to implement the corresponding data encryption party and data decryption method in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiments, which are not described herein again.
Based on the same technical concept, the present application also provides a non-transitory computer-readable storage medium storing computer instructions for causing the computer to execute the data encryption method and the data decryption method according to any of the above embodiments, corresponding to any of the above embodiment methods.
Computer-readable media, including both permanent and non-permanent, removable and non-removable media, for storing information may be implemented in any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device.
The computer instructions stored in the storage medium of the foregoing embodiment are used to enable the computer to execute the data encryption method and the data decryption method according to any one of the foregoing embodiments, and have the beneficial effects of corresponding method embodiments, which are not described herein again.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the context of the present application, features from the above embodiments or from different embodiments may also be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present application as described above, which are not provided in detail for the sake of brevity.
In addition, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures for simplicity of illustration and discussion, and so as not to obscure the embodiments of the application. Furthermore, devices may be shown in block diagram form in order to avoid obscuring embodiments of the application, and this also takes into account the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the embodiments of the application are to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the application, it should be apparent to one skilled in the art that the embodiments of the application can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.
While the present application has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those skilled in the art in light of the foregoing description. For example, other memory architectures, such as Dynamic RAM (DRAM), may use the discussed embodiments.
The present embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of the embodiments of the present application are intended to be included within the scope of the present application.
Claims (12)
1. A method of data encryption, the method comprising:
acquiring a public key and a private key;
and exposing the public key in an interface mode so that any terminal equipment can obtain the public key.
2. The method of claim 1, wherein obtaining the public key and the private key further comprises:
checking whether history generates the public key and the private key;
in response to determining that a public key and a private key have historically been generated, obtaining the public key and the private key;
and generating the public key and the private key through a preset asymmetric encryption algorithm in response to the fact that the public key and the private key are not generated historically.
3. A method for data encryption, the method comprising:
acquiring a public key of a server request interface;
determining request data;
acquiring a current timestamp;
based on the timestamp, symmetrically encrypting the request data through a preset symmetric encryption algorithm to obtain encrypted request data;
the public key is used as an encryption key, and the time stamp is asymmetrically encrypted through a preset asymmetric encryption algorithm to obtain an encrypted time stamp;
sending the encrypted timestamp and the encrypted request data to the server.
4. The method of claim 3, wherein the symmetrically encrypting the request data by a preset symmetric encryption algorithm based on the timestamp to obtain the encrypted request data further comprises:
adding a preset interference character into the timestamp to generate an interference-added timestamp;
and symmetrically encrypting the request data by using the time stamp added with the interference as an encryption key through a symmetric encryption algorithm to obtain encrypted request data.
5. A method for data decryption, the method comprising:
receiving an encrypted timestamp and encrypted request data sent by terminal equipment; the encrypted timestamp is obtained by encrypting the timestamp generated by the terminal equipment according to a pre-generated public key and a preset symmetric encryption algorithm, and the encrypted request data is obtained by encrypting the request data generated by the terminal equipment by using the public key as an encryption key through a preset asymmetric encryption algorithm;
decrypting the encrypted timestamp by using a private key corresponding to the public key as a decryption key through a preset asymmetric decryption algorithm to obtain a decrypted timestamp;
and based on the decrypted timestamp, symmetrically decrypting the encrypted request data through a preset symmetric decryption algorithm to obtain decrypted request data.
6. The method of claim 5, wherein the symmetrically decrypting the encrypted request data based on the decrypted timestamp by a preset asymmetric decryption algorithm further comprises:
adding a preset interference character based on the decrypted timestamp to generate an interference-added timestamp;
and symmetrically decrypting the encrypted request data by using the time stamp added with the interference as a decryption key through a symmetric decryption algorithm to obtain decrypted request data.
7. The method according to claim 5, wherein the decrypting the encrypted timestamp by using a private key corresponding to the public key as a decryption key through a preset asymmetric decryption algorithm to obtain a decrypted timestamp, further comprising:
and in response to the failure of the symmetric decryption of the encrypted request data through a preset symmetric decryption algorithm, or in response to the failure of the symmetric decryption of the encrypted request data through the preset symmetric decryption algorithm, discarding the current network request and/or transmitting request failure information back to the terminal equipment.
8. A server, comprising:
the first communication module is used for establishing network connection with the terminal equipment;
the first storage module is used for storing a public key and a private key, wherein the public key is exposed through a request interface.
9. A terminal device, comprising:
the second communication module is used for establishing network connection with the server, acquiring a public key from the server and sending an encrypted timestamp and encrypted request data to the server;
the first calculation module is used for presetting a symmetric encryption algorithm and an asymmetric encryption algorithm; the asymmetric encryption algorithm is used for symmetrically encrypting the timestamp, and the symmetric encryption algorithm is used for symmetrically encrypting the request data based on the timestamp;
the acquisition module is used for acquiring the timestamp;
and the second storage module is used for storing the public key acquired from the server.
10. A server, comprising:
the third communication module is used for receiving the encrypted timestamp and the encrypted request data sent by the terminal equipment; the encrypted timestamp is obtained by encrypting the timestamp generated by the terminal equipment according to a pre-generated public key and a preset symmetric encryption algorithm, and the encrypted request data is obtained by encrypting the request data generated by the terminal equipment by using the public key as an encryption key through a preset asymmetric encryption algorithm;
the third storage module is used for storing a private key corresponding to the public key;
the second calculation module is used for presetting a symmetric decryption algorithm and an asymmetric decryption algorithm, wherein the asymmetric decryption algorithm is used for decrypting the encrypted timestamp and generating a decrypted timestamp; and the symmetric decryption algorithm is used for symmetrically decrypting the encrypted request data through a preset symmetric decryption algorithm based on the decrypted timestamp.
11. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1 to 7 when executing the program.
12. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210910643.4A CN115277225A (en) | 2022-07-29 | 2022-07-29 | Data encryption method, data decryption method and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210910643.4A CN115277225A (en) | 2022-07-29 | 2022-07-29 | Data encryption method, data decryption method and related equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115277225A true CN115277225A (en) | 2022-11-01 |
Family
ID=83746956
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210910643.4A Pending CN115277225A (en) | 2022-07-29 | 2022-07-29 | Data encryption method, data decryption method and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115277225A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101964793A (en) * | 2010-10-08 | 2011-02-02 | 上海银联电子支付服务有限公司 | Method and system for transmitting data between terminal and server and sign-in and payment method |
| CN102609893A (en) * | 2012-01-13 | 2012-07-25 | 航天科工深圳(集团)有限公司 | Digital image encrypting and decrypting method |
| CN109787749A (en) * | 2019-01-07 | 2019-05-21 | 中国电子科技集团公司第七研究所 | A kind of door lock method for generating cipher code and its cipher management method based on DES algorithm |
| CN111614467A (en) * | 2020-04-29 | 2020-09-01 | 深圳奇迹智慧网络有限公司 | System backdoor defense method and device, computer equipment and storage medium |
| CN111740831A (en) * | 2020-08-13 | 2020-10-02 | 国网浙江省电力有限公司 | Electric power data encryption transmission method, system and readable medium for multiplex and production detection |
| CN112118097A (en) * | 2020-09-07 | 2020-12-22 | 昆明理工大学 | Symmetric key encryption algorithm |
| CN112702318A (en) * | 2020-12-09 | 2021-04-23 | 江苏通付盾信息安全技术有限公司 | Communication encryption method, decryption method, client and server |
-
2022
- 2022-07-29 CN CN202210910643.4A patent/CN115277225A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101964793A (en) * | 2010-10-08 | 2011-02-02 | 上海银联电子支付服务有限公司 | Method and system for transmitting data between terminal and server and sign-in and payment method |
| CN102609893A (en) * | 2012-01-13 | 2012-07-25 | 航天科工深圳(集团)有限公司 | Digital image encrypting and decrypting method |
| CN109787749A (en) * | 2019-01-07 | 2019-05-21 | 中国电子科技集团公司第七研究所 | A kind of door lock method for generating cipher code and its cipher management method based on DES algorithm |
| CN111614467A (en) * | 2020-04-29 | 2020-09-01 | 深圳奇迹智慧网络有限公司 | System backdoor defense method and device, computer equipment and storage medium |
| CN111740831A (en) * | 2020-08-13 | 2020-10-02 | 国网浙江省电力有限公司 | Electric power data encryption transmission method, system and readable medium for multiplex and production detection |
| CN112118097A (en) * | 2020-09-07 | 2020-12-22 | 昆明理工大学 | Symmetric key encryption algorithm |
| CN112702318A (en) * | 2020-12-09 | 2021-04-23 | 江苏通付盾信息安全技术有限公司 | Communication encryption method, decryption method, client and server |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10069806B2 (en) | Secure transfer and use of secret material in a shared environment | |
| US9413754B2 (en) | Authenticator device facilitating file security | |
| US8745394B1 (en) | Methods and systems for secure electronic communication | |
| US20210056541A1 (en) | Method and system for mobile cryptocurrency wallet connectivity | |
| CN111245802B (en) | Data transmission security control method, server and terminal | |
| CN109829269A (en) | Method, apparatus and system based on E-seal authenticating electronic documents | |
| CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
| CN112333198A (en) | Secure cross-domain login method, system and server | |
| CN106888081B (en) | Wide coding of intermediate values within white-box implementations | |
| US20130067228A1 (en) | Method and device for securely sharing images across untrusted channels | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| US8953786B2 (en) | User input based data encryption | |
| CN109981576B (en) | Key migration method and device | |
| CN114553590B (en) | Data transmission method and related equipment | |
| CN114143108A (en) | Session encryption method, device, equipment and storage medium | |
| CN117220865A (en) | Longitude and latitude encryption method, longitude and latitude verification device and readable storage medium | |
| CN113918982B (en) | Data processing method and system based on identification information | |
| CN112004201A (en) | Short message sending method and device and computer system | |
| CN109740319B (en) | Digital identity verification method and server | |
| CN112560003A (en) | User authority management method and device | |
| CN116049802B (en) | Application single sign-on method, system, computer equipment and storage medium | |
| US11133926B2 (en) | Attribute-based key management system | |
| CN114615087B (en) | Data sharing method, device, equipment and medium | |
| CN115277225A (en) | Data encryption method, data decryption method and related equipment | |
| CN114221784A (en) | Data transmission method and computer equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |