CN115314313A - Information encryption method and device, storage medium and computer equipment - Google Patents
Information encryption method and device, storage medium and computer equipment Download PDFInfo
- Publication number
- CN115314313A CN115314313A CN202210974598.9A CN202210974598A CN115314313A CN 115314313 A CN115314313 A CN 115314313A CN 202210974598 A CN202210974598 A CN 202210974598A CN 115314313 A CN115314313 A CN 115314313A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- information
- encrypted
- secret key
- timestamp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0872—Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an information encryption method, an information encryption device, a storage medium and computer equipment, relates to the field of information security and digital medical treatment, and mainly aims to improve the efficiency of information encryption. The method comprises the following steps: acquiring information to be encrypted and a timestamp corresponding to the information to be encrypted; encrypting the information to be encrypted by using a first secret key in a preset encryption algorithm to obtain a first ciphertext; encrypting the first ciphertext and the timestamp to obtain a second ciphertext and a third ciphertext; sending the second ciphertext and the third ciphertext to a server, and acquiring a second secret key corresponding to the information to be encrypted, which is generated by the server based on the second ciphertext and the third ciphertext; and encrypting the first ciphertext by using the second secret key to obtain a fourth ciphertext corresponding to the information to be encrypted, and using the fourth ciphertext as an encryption result corresponding to the information to be encrypted. The invention is suitable for encrypting information.
Description
Technical Field
The present invention relates to the field of information technologies, and in particular, to an information encryption method, an information encryption device, a storage medium, and a computer apparatus.
Background
Among different kinds of personal privacy information, protection of account authentication information is particularly important. For example, once a website or APP login password is cracked, sensitive information such as a name, a mailbox, a certificate number, biological information and the like in an account is exposed, and a personal payment account password is more sensitive, so that the property safety of an account holder can be seriously damaged after the personal payment account password is exposed, lost or viewed without authorization, and therefore, the protection of the personal password is the important factor in the protection of personal information.
At present, the information is generally encrypted and protected by adopting an international universal cryptographic algorithm. However, currently, 1024-bit international universal cryptosystem algorithm has been proved to have a risk of being attacked, 2048 bits must be upgraded to ensure the security of the algorithm, and the key of the 2048-bit international universal cryptosystem algorithm is long, which causes the transmission speed of the key to be slow when the algorithm is used for encryption, and further causes the encryption efficiency of information to be low.
Disclosure of Invention
The invention provides an information encryption method, an information encryption device, a storage medium and computer equipment, and mainly aims to improve the encryption efficiency of information.
According to a first aspect of the present invention, there is provided an information encryption method comprising:
acquiring information to be encrypted and a timestamp corresponding to the information to be encrypted;
encrypting the information to be encrypted by using a first secret key in a preset encryption algorithm to obtain a first ciphertext corresponding to the information to be encrypted;
encrypting the first ciphertext and the timestamp to obtain a second ciphertext and a third ciphertext corresponding to the information to be encrypted;
sending the second ciphertext and the third ciphertext to a server, and acquiring a second secret key corresponding to the information to be encrypted, which is generated by the server based on the second ciphertext and the third ciphertext;
and encrypting the first ciphertext by using the second secret key to obtain a fourth ciphertext corresponding to the information to be encrypted, and using the fourth ciphertext as an encryption result corresponding to the information to be encrypted.
According to a second aspect of the present invention, there is provided another information encryption method, comprising:
receiving a second ciphertext and a third ciphertext sent by the client;
decrypting the second ciphertext and the third ciphertext to obtain a first ciphertext and a timestamp corresponding to the information to be encrypted;
and generating a second secret key corresponding to the information to be encrypted based on the first secret key and the timestamp, and sending the second secret key to the client, so that the client can encrypt the first secret key corresponding to the information to be encrypted by using the second secret key to obtain a fourth secret key corresponding to the information to be encrypted.
According to a third aspect of the present invention, there is provided an information encrypting apparatus comprising:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring information to be encrypted and a timestamp corresponding to the information to be encrypted;
the first encryption unit is used for encrypting the information to be encrypted by using a first secret key in a preset encryption algorithm to obtain a first ciphertext corresponding to the information to be encrypted;
the second encryption unit is used for encrypting the first ciphertext and the timestamp to obtain a second ciphertext and a third ciphertext corresponding to the information to be encrypted;
the sending unit is used for sending the second ciphertext and the third ciphertext to a server side, and acquiring a second secret key corresponding to the information to be encrypted, which is generated by the server side based on the second ciphertext and the third ciphertext;
and the third encryption unit is used for encrypting the first ciphertext by using the second secret key to obtain a fourth ciphertext corresponding to the information to be encrypted, and the fourth ciphertext is used as an encryption result corresponding to the information to be encrypted.
According to a fourth aspect of the present invention, there is provided another information encryption apparatus comprising:
the receiving unit is used for receiving a second ciphertext and a third ciphertext transmitted by the client;
the decryption unit is used for decrypting the second ciphertext and the third ciphertext to obtain a first ciphertext and a timestamp corresponding to the information to be encrypted;
and the generating unit is used for generating a second secret key corresponding to the information to be encrypted based on the first ciphertext and the timestamp, and sending the second secret key to the client, so that the client can encrypt the first ciphertext corresponding to the information to be encrypted by using the second secret key to obtain a fourth ciphertext corresponding to the information to be encrypted.
According to a fifth aspect of the present invention, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of:
acquiring information to be encrypted and a timestamp corresponding to the information to be encrypted;
encrypting the information to be encrypted by using a first secret key in a preset encryption algorithm to obtain a first ciphertext corresponding to the information to be encrypted;
encrypting the first ciphertext and the timestamp to obtain a second ciphertext and a third ciphertext corresponding to the information to be encrypted;
sending the second ciphertext and the third ciphertext to a server, and acquiring a second secret key corresponding to the information to be encrypted, which is generated by the server based on the second ciphertext and the third ciphertext;
and encrypting the first ciphertext by using the second secret key to obtain a fourth ciphertext corresponding to the information to be encrypted, and using the fourth ciphertext as an encryption result corresponding to the information to be encrypted.
According to a sixth aspect of the present invention, there is provided a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the program:
acquiring information to be encrypted and a timestamp corresponding to the information to be encrypted;
encrypting the information to be encrypted by using a first secret key in a preset encryption algorithm to obtain a first ciphertext corresponding to the information to be encrypted;
encrypting the first ciphertext and the timestamp to obtain a second ciphertext and a third ciphertext corresponding to the information to be encrypted;
sending the second ciphertext and the third ciphertext to a server, and acquiring a second secret key corresponding to the information to be encrypted, which is generated by the server based on the second ciphertext and the third ciphertext;
and encrypting the first ciphertext by using the second secret key to obtain a fourth ciphertext corresponding to the information to be encrypted, and using the fourth ciphertext as an encryption result corresponding to the information to be encrypted.
According to a seventh aspect of the present invention, there is provided another computer readable storage medium, having stored thereon a computer program which, when executed by a processor, performs the steps of:
receiving a second ciphertext and a third ciphertext sent by the client;
decrypting the second ciphertext and the third ciphertext to obtain a first ciphertext and a timestamp;
and generating a second secret key corresponding to the information to be encrypted based on the first secret key and the timestamp, and sending the second secret key to the client, so that the client can encrypt the first secret key corresponding to the information to be encrypted by using the second secret key to obtain a fourth secret key corresponding to the information to be encrypted.
According to an eighth aspect of the present invention, there is provided another computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the program:
receiving a second ciphertext and a third ciphertext sent by the client;
decrypting the second ciphertext and the third ciphertext to obtain a first ciphertext and a timestamp;
and generating a second secret key corresponding to the information to be encrypted based on the first secret key and the timestamp, and sending the second secret key to the client, so that the client can encrypt the first secret key corresponding to the information to be encrypted by using the second secret key to obtain a fourth secret key corresponding to the information to be encrypted.
According to the information encryption method, the information encryption device, the storage medium and the computer equipment, compared with a mode of encrypting and protecting information by adopting an international universal cryptographic algorithm, the information encryption method obtains the information to be encrypted and a corresponding timestamp thereof; encrypting the information to be encrypted by using a first secret key in a preset encryption algorithm to obtain a first ciphertext corresponding to the information to be encrypted; meanwhile, encrypting the first ciphertext and the timestamp to obtain a second ciphertext and a third ciphertext corresponding to the information to be encrypted; then, the second ciphertext and the third ciphertext are sent to a server side, and a second secret key corresponding to the information to be encrypted, which is generated by the server side based on the second ciphertext and the third ciphertext, is obtained; and finally, encrypting the first ciphertext by using the second key to obtain a fourth ciphertext corresponding to the information to be encrypted, wherein the fourth ciphertext is used as an encryption result corresponding to the information to be encrypted, the first ciphertext is obtained by encrypting the information to be encrypted by using the first secret key in a preset encryption algorithm, the first ciphertext and the timestamp are encrypted again to obtain a second ciphertext and a third ciphertext, and the second ciphertext and the third ciphertext are transmitted to the server side, so that the server side generates a second key based on the second ciphertext and the third ciphertext, the client side finally encrypts the first ciphertext by using the second key to obtain the fourth ciphertext as a final encryption result, the information to be encrypted is encrypted by using the preset encryption algorithm, the problem of slow transmission caused by the overlong secret key in the international universal encryption algorithm can be solved, the information encryption efficiency is improved, meanwhile, the ciphertext to be encrypted is transmitted to the server side from the client side in a multiple encryption mode by using the multiple encryption information to be transmitted to the server side, and the risk that the information to be encrypted is leaked from the client side in the process of transmitting the information to be encrypted to the server side is avoided, and the security of the information to be encrypted is guaranteed.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
fig. 1 shows a flow chart of an information encryption method provided by an embodiment of the present invention;
fig. 2 is a schematic structural diagram illustrating an information encryption apparatus according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of another information encryption apparatus provided in an embodiment of the present invention;
FIG. 4 is a block diagram of a computer device according to an embodiment of the present invention;
fig. 5 is a schematic physical structure diagram of another computer device according to an embodiment of the present invention.
Detailed Description
The invention will be described in detail hereinafter with reference to the drawings and embodiments. It should be noted that, in the present application, the embodiments and features of the embodiments may be combined with each other without conflict.
At present, the mode of encrypting and protecting information by adopting an international universal cryptographic algorithm is adopted, and the transmission speed of a secret key is low when the algorithm is used for encryption, so that the encryption efficiency of the information is low.
In order to solve the above problem, an embodiment of the present invention provides an information encryption method, as shown in fig. 1, where the method includes:
101. and acquiring the information to be encrypted and a corresponding time stamp thereof.
The information to be encrypted may be password information or information in the medical field, such as personal health profile information or medical insurance information, and the timestamp is the time when the encryption instruction starts.
For the embodiment of the invention, in order to solve the problem of low efficiency of information encryption in the prior art, the embodiment of the invention encrypts the information to be encrypted by using the first secret key in the preset encryption algorithm to obtain the first ciphertext, and meanwhile, in order to avoid the risk of information leakage caused by the first ciphertext in the transmission process, the embodiment of the invention also needs to encrypt the first ciphertext and the timestamp to obtain the second ciphertext and the third ciphertext and transmit the second ciphertext and the third ciphertext to the server side, so that the server side generates the second secret key based on the second ciphertext and the third ciphertext and transmits the second secret key to the client side, the client side encrypts the first ciphertext by using the second secret key to obtain the fourth ciphertext as a final encryption result, the embodiment of the invention encrypts the information to be encrypted by using the preset encryption algorithm, and can avoid the problem of slow transmission caused by too long secret key in the international universal encryption algorithm, thereby improving the efficiency of information encryption, and meanwhile, the embodiment of the invention can avoid the problem that the secret key is transmitted to the first ciphertext again by using the preset encryption algorithm to ensure the security of the client side, thereby ensuring the risk of information leakage in the client side. The embodiment of the invention is mainly applied to a scene of encrypting information, and the execution main body of the embodiment of the invention is a device or equipment capable of encrypting information, and can be specifically arranged on a client side or a server side.
Specifically, if the information to be encrypted is password information, after a user inputs an account and a password at a client, the information to be encrypted can be acquired, and identification information corresponding to the information to be encrypted is acquired at the same time, where the identification information may be an account corresponding to the password and is used for storing the information corresponding to the encrypted information, and at the same time, the password input time is determined as the time recorded in the timestamp, and then the information to be encrypted is encrypted by using a first secret key, so as to obtain a first ciphertext.
For example, if the information to be encrypted is medical insurance information, the medical insurance information is acquired in a hospital database, the medical insurance information is transmitted to encryption software, an encryption instruction in the encryption software is triggered, a timestamp corresponding to the information to be encrypted can be acquired at the moment, the time recorded in the timestamp is the time for triggering the encryption instruction, and then the client automatically generates a first secret key and encrypts the medical insurance information by using the first secret key.
102. And encrypting the information to be encrypted by using a first secret key in a preset encryption algorithm to obtain a first ciphertext corresponding to the information to be encrypted.
The preset encryption algorithm can be specifically a domestic commercial encryption algorithm, wherein the domestic commercial encryption algorithm comprises a domestic symmetric encryption algorithm SM4, an asymmetric encryption algorithm SM2 and a summary calculation algorithm SM3, secret keys in the domestic commercial encryption algorithm are short, and further transmission speed in the encryption process is high, so that the information encryption efficiency can be improved.
103. And encrypting the first ciphertext and the timestamp to obtain a second ciphertext and a third ciphertext corresponding to the information to be encrypted.
For the embodiment of the present invention, in order to ensure the security of the first ciphertext and the timestamp in the transmission process, before the first ciphertext and the timestamp are transmitted to the server, the first ciphertext and the timestamp need to be encrypted again to obtain a second ciphertext and a third ciphertext, based on which step 103 specifically includes: based on the first ciphertext and the timestamp, randomly generating a third secret key, an initialization vector and a fourth secret key, and sending a private key corresponding to the fourth secret key to a server; splicing the first ciphertext and the timestamp to obtain a first data string; encrypting the first data string by using the third secret key and the initialization vector to obtain a second ciphertext corresponding to the information to be encrypted; and encrypting the third key and the initialization vector by using the fourth key to obtain a third ciphertext, where the fourth key may be a key generated by a client and a server through negotiation, or may be a key generated by the client randomly based on the first ciphertext and a timestamp, and the timestamp is in a form of a character string.
The third key and the initialization vector are character strings with the length of 32, wherein the initialization vector is used for participating in calculation as a salt component in an SM4-CBC algorithm, and the safety of data encryption can be improved. Specifically, the client randomly generates two character strings with a length of 32 by using a js or java code library-carried standard random number generation function, and then the two character strings can be used as a third secret key and an initialization vector iv, and meanwhile, the client and the server negotiate to generate a fourth secret key, where the fourth secret key may be a public key pub2 in an SM2 asymmetric key pair, and then the first ciphertext and the timestamp are spliced to obtain a first data string, and in order to improve the security of information transmission, the third secret key and the initialization vector are required to be used to encrypt the first data string to obtain a second ciphertext, where based on this, the method includes: splicing the initialization vector with the first data string to obtain a second data string; and encrypting the second data string by using the third secret key to obtain a second ciphertext corresponding to the information to be encrypted.
Specifically, the embodiment of the present invention may use a standard SM4-CBC algorithm, where the SM4-CBC algorithm is implemented by referring to a bcprov universal jar package, a key is used as a third secret key, and iv is used as an input initialization amount, splicing an input initialization vector with the first data string to obtain a second data string, encrypting the second data string with the third secret key to obtain a second ciphertext corresponding to the information to be encrypted, then encrypting the third secret key and the initialization vector with a fourth secret key negotiated with a server, specifically, using a public key pub2 in another pair of SM2 asymmetric secret keys as a fourth secret key, and encrypting the initialization vector and the third secret key with the fourth secret key to obtain a third ciphertext, and then splicing the second ciphertext with the third ciphertext to obtain a third data string, transmitting the third data string to a server, decrypting the second ciphertext and the third ciphertext in the third data string by the server respectively to obtain a first ciphertext and a timestamp, randomly generating a second secret key based on the first ciphertext and the timestamp, transmitting the second secret key to a client, finally encrypting the first ciphertext by using the second secret key by the client to obtain a fourth ciphertext, and transmitting the fourth ciphertext to the server for storage, so that before transmitting the information to be encrypted to the server for storage, the security of the information to be encrypted in the transmission process can be ensured by performing encryption processing in different modes for a plurality of times on the information to be encrypted.
104. And sending the second ciphertext and the third ciphertext to a server.
For the embodiment of the present invention, after the client encrypts the information to be encrypted to obtain the first ciphertext, the client further needs to encrypt the first ciphertext and the timestamp by using a secret key randomly generated by the client to obtain the second ciphertext and the third ciphertext, and send the second ciphertext and the third ciphertext to the server, where the timestamp is used at the server for verifying the timeout time, if the verification is passed, the server generates the second secret key corresponding to the information to be encrypted and returns the second secret key to the client, the client encrypts the first ciphertext by using the second secret key to obtain the second ciphertext, so as to encrypt the information to be encrypted at the client for the first time to obtain the first ciphertext, so as to avoid the risk of leakage of the first ciphertext and the timestamp during the transmission process, the first ciphertext and the time stamp need to be encrypted again to obtain a second ciphertext and a third ciphertext, the first ciphertext is finally transmitted to the server side in the form of the second ciphertext and the third ciphertext, the server side decrypts the second ciphertext and the third ciphertext to obtain the first ciphertext and the time stamp after obtaining the second ciphertext and the third ciphertext, a second secret key corresponding to the information to be encrypted is generated based on the first ciphertext and the time stamp and transmitted to the client side, the client side encrypts the first ciphertext by using the second secret key to obtain a fourth ciphertext, the client side transmits the fourth ciphertext to the server side to be stored, and the information to be encrypted is doubly encrypted, so that the safety of the information can be improved.
105. And receiving a second ciphertext and a third ciphertext sent by the client.
Specifically, the client transmits the second ciphertext and the third ciphertext corresponding to the information to be encrypted and the timestamp to the server, and simultaneously, the client also transmits the private key corresponding to the fourth secret key to the server, so that the server decrypts the second ciphertext and the third ciphertext for use, and at this time, the server can receive the second ciphertext, the third ciphertext and the private key corresponding to the fourth ciphertext, which are transmitted from the client, corresponding to the information to be encrypted and the timestamp.
106. And decrypting the second ciphertext and the third ciphertext to obtain a first ciphertext and a timestamp corresponding to the information to be encrypted.
For the embodiment of the present invention, after receiving the second ciphertext and the third ciphertext, the server needs to decrypt the second ciphertext and the third ciphertext, based on which step 202 specifically includes: receiving a private key corresponding to a fourth secret key sent by the client, and decrypting the third ciphertext by using the private key to obtain a third secret key and an initialization vector; and decrypting the second ciphertext by using the third secret key and the initialization vector to obtain a first data string spliced by the first ciphertext and the timestamp, and splitting the first ciphertext and the timestamp in the first data string.
Specifically, the server decrypts the third ciphertext by using a private key corresponding to a fourth ciphertext sent by the client to obtain a third ciphertext and an initialization vector, symmetrically decrypts a second ciphertext by using the third ciphertext and the initialization vector to obtain the first data string, splits a timestamp and a first ciphertext password1 in the first data string, and verifies timeout time by using the timestamp, if the verification passes, the server automatically generates a second ciphertext corresponding to the first ciphertext and sends the second ciphertext to the client, so that the client encrypts the first ciphertext by using the second ciphertext to obtain a fourth ciphertext, which is the final encryption result of the information to be encrypted.
107. And generating a second secret key corresponding to the information to be encrypted based on the first ciphertext and the timestamp.
For the embodiment of the present invention, the timestamp is used for verifying the timeout time, and the specific verification method is as follows: judging whether the time difference between the current system time and the time in the timestamp is smaller than a preset time difference or not; if the time difference is smaller than the preset time difference, generating a second secret key corresponding to the information to be encrypted based on the first ciphertext; and if the time difference is greater than or equal to the preset time difference, generating alarm information for forbidding encryption, and sending the alarm information to the client.
The current system time is the time displayed in the current server, and the preset time difference is determined according to the past encryption time. Specifically, the time recorded in the timestamp is obtained, the current time of the system is subtracted from the time recorded in the timestamp to obtain a time difference, whether the time difference is smaller than a preset time difference is judged, if the time difference is smaller than the preset time difference, it is determined that the information encryption time is within a specified range, at this time, the server automatically generates a second secret key corresponding to the information to be encrypted, and sends the second secret key to the client, so that the client encrypts the first ciphertext by using the second secret key to obtain a final encryption result, if the time difference between the current time of the system and the time recorded in the timestamp is larger than or equal to the preset time difference, it is determined that the encryption time exceeds the preset time, the generation of the second secret key corresponding to the information to be encrypted is prohibited, the alarm information is generated, the alarm information is sent to the client, after the client receives the alarm information, the client performs identity identification on a user of the client, and if the identification is passed, the information encryption is performed again.
108. And sending the second secret key to a client.
109. And encrypting the first ciphertext by using the second secret key to obtain a fourth ciphertext corresponding to the information to be encrypted, and using the fourth ciphertext as an encryption result corresponding to the information to be encrypted.
For the embodiment of the invention, after doubly encrypting the information to be encrypted to obtain a second ciphertext and a third ciphertext, the client transmits the second ciphertext and the third ciphertext to the server together, the server decrypts a first ciphertext and a timestamp from the second ciphertext and the third ciphertext, the timestamp is used for verifying timeout time to prevent the ciphertext from being attacked by long-time replay, if the verification is passed, the server calls hardware encryption and decryption equipment (HSM) to generate a symmetric key ZPK of an SM4 inside the encryption machine, namely a second key, and transmits the second secret key to the client, and the client finally encrypts the first ciphertext by using the second secret key transmitted by the server to obtain a fourth key as a final encryption result of the information to be encrypted, and after encrypting the information to be encrypted to obtain a fourth ciphertext, the client can transmit the fourth ciphertext to the server for storage. Therefore, information to be encrypted is encrypted by using the first secret key to obtain a first ciphertext, the first ciphertext and the timestamp are encrypted again to obtain a second ciphertext and a third ciphertext, the second ciphertext and the third ciphertext are transmitted to the server side, so that the server side generates a second secret key based on the second ciphertext and the third ciphertext and transmits the second secret key to the customer service side, the client side encrypts the first ciphertext by using the second secret key to obtain a fourth ciphertext serving as a final encryption result, the risk of leakage in the process that the first ciphertext and the timestamp are transmitted to the server side from the client side is avoided, and therefore the safety of the information is guaranteed.
According to the information encryption method provided by the invention, compared with the mode that the plaintext is transmitted from a customer service end to a service end for encryption at present, the information to be encrypted and the corresponding timestamp are acquired; encrypting the information to be encrypted by using a first secret key in a preset encryption algorithm to obtain a first ciphertext corresponding to the information to be encrypted; meanwhile, the first ciphertext and the timestamp are encrypted to obtain a second ciphertext and a third ciphertext corresponding to the information to be encrypted; then, the second ciphertext and the third ciphertext are sent to a server side, and a second secret key corresponding to the information to be encrypted, which is generated by the server side based on the second ciphertext and the third ciphertext, is obtained; and finally, encrypting the first ciphertext by using the second key to obtain a fourth ciphertext corresponding to the information to be encrypted, wherein the fourth ciphertext is used as an encryption result corresponding to the information to be encrypted, the first ciphertext is obtained by encrypting the information to be encrypted by using the first secret key in a preset encryption algorithm, the first ciphertext and the timestamp are encrypted again to obtain a second ciphertext and a third ciphertext, and the second ciphertext and the third ciphertext are transmitted to the server side, so that the server side generates a second key based on the second ciphertext and the third ciphertext, the client side finally encrypts the first ciphertext by using the second key to obtain the fourth ciphertext as a final encryption result, the information to be encrypted is encrypted by using the preset encryption algorithm, the problem of slow transmission caused by the overlong secret key in the international universal encryption algorithm can be solved, the information encryption efficiency is improved, the information encryption information is transmitted from the client side by using multiple encryption of the information to be encrypted, the risk that the information to be encrypted is transmitted from the client side is avoided, and the security of the information is guaranteed.
Further, as a specific implementation of fig. 1, an embodiment of the present invention provides an information encryption apparatus, as shown in fig. 2, the apparatus includes: an acquisition unit 31, a first encryption unit 32, a second encryption unit 33, a transmission unit 34, and a third encryption unit 35.
The obtaining unit 31 may be configured to obtain information to be encrypted and a timestamp corresponding to the information.
The first encryption unit 32 may be configured to encrypt the information to be encrypted by using a first key in a preset encryption algorithm, so as to obtain a first ciphertext corresponding to the information to be encrypted.
The second encryption unit 33 may be configured to encrypt the first ciphertext and the timestamp to obtain a second ciphertext and a third ciphertext corresponding to the information to be encrypted.
The sending unit 34 may be configured to send the second ciphertext and the third ciphertext to a server, and obtain a second key corresponding to the information to be encrypted, where the second ciphertext and the third ciphertext are generated by the server based on the second ciphertext and the third ciphertext.
The third encrypting unit 35 may be configured to encrypt the first ciphertext with the second key to obtain a second ciphertext corresponding to the information to be encrypted, and use the second ciphertext as an encryption result corresponding to the information to be encrypted.
In a specific application scenario, in order to perform encryption processing on the first ciphertext and the timestamp, the second encryption unit 33 includes a generation module 331, a concatenation module 332, and an encryption module 333.
The generating module 331 may be configured to randomly generate a third key, an initialization vector, and a fourth key based on the first ciphertext and the timestamp, and send a private key corresponding to the fourth key to the server.
The concatenation module 332 may be configured to concatenate the first ciphertext and the timestamp to obtain a first data string.
The encrypting module 333 is configured to encrypt the first data string by using the third key and the initialization vector, so as to obtain a second ciphertext corresponding to the information to be encrypted.
The encryption module 333 may be further configured to encrypt the third key and the initialization vector by using a fourth key to obtain a third ciphertext.
In a specific application scenario, in order to determine the second ciphertext corresponding to the information to be encrypted, the encryption module 333 includes a concatenation sub-module and an encryption sub-module.
The splicing submodule may be configured to splice the initialization vector and the first data string to obtain a second data string.
The encryption sub-module may be configured to encrypt the second data string with the third key to obtain a second ciphertext corresponding to the information to be encrypted.
It should be noted that other corresponding descriptions of the functional modules related to the information encryption apparatus provided in the embodiment of the present invention may refer to the corresponding description of the method shown in fig. 1, and are not described herein again.
Based on the method shown in fig. 1, correspondingly, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the following steps: acquiring information to be encrypted and a timestamp corresponding to the information to be encrypted; encrypting the information to be encrypted by using a first secret key in a preset encryption algorithm to obtain a first ciphertext corresponding to the information to be encrypted; encrypting the first ciphertext and the timestamp to obtain a second ciphertext and a third ciphertext corresponding to the information to be encrypted; sending the second ciphertext and the third ciphertext to a server, and acquiring a second secret key corresponding to the information to be encrypted, which is generated by the server based on the second ciphertext and the third ciphertext; and encrypting the first ciphertext by using the second secret key to obtain a fourth ciphertext corresponding to the information to be encrypted, and using the fourth ciphertext as an encryption result corresponding to the information to be encrypted.
Based on the above embodiments of the method shown in fig. 1 and the apparatus shown in fig. 2, an embodiment of the present invention further provides an entity structure diagram of a computer device, as shown in fig. 4, where the computer device includes: a processor 41, a memory 42, and a computer program stored on the memory 42 and executable on the processor, wherein the memory 42 and the processor 41 are both arranged on a bus 43 such that when the processor 41 executes the program, the following steps are performed: acquiring information to be encrypted and a timestamp corresponding to the information to be encrypted; encrypting the information to be encrypted by using a first secret key in a preset encryption algorithm to obtain a first ciphertext corresponding to the information to be encrypted; encrypting the first ciphertext and the timestamp to obtain a second ciphertext and a third ciphertext corresponding to the information to be encrypted; sending the second ciphertext and the third ciphertext to a server, and acquiring a second secret key corresponding to the information to be encrypted, which is generated by the server based on the second ciphertext and the third ciphertext; and encrypting the first ciphertext by using the second secret key to obtain a fourth ciphertext corresponding to the information to be encrypted, and using the fourth ciphertext as an encryption result corresponding to the information to be encrypted.
Further, as a specific implementation of fig. 1, another information encryption apparatus is provided in an embodiment of the present invention, and as shown in fig. 3, the apparatus includes: a receiving unit 51, a decryption unit 52 and a generating unit 53.
The receiving unit 51 may be configured to receive the second ciphertext and the third ciphertext sent by the client.
The decryption unit 52 may be configured to decrypt the second ciphertext and the third ciphertext to obtain a first ciphertext and a timestamp.
The generating unit 53 may be configured to generate a second secret key corresponding to the information to be encrypted based on the first secret key and the timestamp, and send the second secret key to the client, so that the client encrypts a first secret key corresponding to the information to be encrypted by using the second secret key to obtain a fourth secret key corresponding to the information to be encrypted.
In a specific application scenario, in order to decrypt the second ciphertext and the third ciphertext to obtain the first ciphertext and the timestamp, the decryption unit 52 includes a decryption module 521 and a splitting module 522.
The decryption module 521 may be configured to receive a private key corresponding to the fourth secret key sent by the client, and decrypt the third ciphertext with the private key to obtain a third secret key and an initialization vector.
The splitting module 522 may be configured to decrypt the second ciphertext by using the third key and the initialization vector to obtain a first data string formed by splicing the first ciphertext and the timestamp, and split the first ciphertext and the timestamp in the first data string.
In a specific application scenario, in order to generate the second key corresponding to the information to be encrypted based on the first ciphertext in the first data string and the timestamp, the generating unit 53 includes a determining module 531 and a generating module 532.
The determining module 531 may be configured to determine whether a time difference between the current system time and the time in the timestamp is smaller than a preset time difference.
The generating module 532 may be configured to generate a second secret key corresponding to the information to be encrypted based on the first ciphertext if the time difference is smaller than the preset time difference.
The generating module 532 may be further configured to generate alarm information prohibited from being encrypted if the time difference is greater than or equal to the preset time difference, and send the alarm information to the client.
It should be noted that other corresponding descriptions of the functional modules related to the server provided in the embodiment of the present invention may refer to the corresponding description of the method shown in fig. 1, and are not described herein again.
Based on the method shown in fig. 1, correspondingly, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the following steps: receiving a second ciphertext and a third ciphertext sent by the client; decrypting the second ciphertext and the third ciphertext to obtain a first ciphertext and a timestamp corresponding to the information to be encrypted; and generating a second secret key corresponding to the information to be encrypted based on the first secret key and the timestamp, and sending the second secret key to the client, so that the client can encrypt the first secret key corresponding to the information to be encrypted by using the second secret key to obtain a fourth secret key corresponding to the information to be encrypted.
Based on the above embodiments of the method shown in fig. 1 and the apparatus shown in fig. 3, an embodiment of the present invention further provides an entity structure diagram of a computer device, as shown in fig. 5, where the computer device includes: a processor 61, a memory 62, and a computer program stored on the memory 62 and executable on the processor, wherein the memory 62 and the processor 61 are both arranged on a bus 63 such that when the processor 61 executes the program, the following steps are performed: receiving a second ciphertext and a third ciphertext sent by the client; decrypting the second ciphertext and the third ciphertext to obtain a first ciphertext and a timestamp corresponding to the information to be encrypted; and generating a second secret key corresponding to the information to be encrypted based on the first secret key and the timestamp, and sending the second secret key to the client, so that the client can encrypt the first secret key corresponding to the information to be encrypted by using the second secret key to obtain a fourth secret key corresponding to the information to be encrypted.
According to the technical scheme, the information to be encrypted, the corresponding identification information and the corresponding timestamp are obtained; encrypting the information to be encrypted by using a first secret key in a preset encryption algorithm to obtain a first ciphertext corresponding to the information to be encrypted; the first ciphertext and the timestamp are encrypted to obtain a second ciphertext and a third ciphertext, the second ciphertext and the third ciphertext are sent to a server, after the server receives the second ciphertext and the third ciphertext, the second ciphertext and the third ciphertext are decrypted to obtain the first ciphertext and the timestamp, a second secret key corresponding to the information to be encrypted is generated based on the first ciphertext and the timestamp, the second secret key is sent to the client, the client encrypts the first ciphertext by using the second secret key to obtain a fourth ciphertext which is a final encryption result of the information to be encrypted, and therefore the problem that the transmission is slow due to the secret key in the international universal encryption algorithm can be solved by encrypting the information to be encrypted through the preset encryption algorithm, the efficiency of information encryption is improved, meanwhile, the information to be encrypted is transmitted to the server from the client in a ciphertext mode through multiple encryption of the information to be encrypted, the risk that the information to be encrypted is transmitted to the server from the client is avoided, and therefore the safety of the information is guaranteed.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. An information encryption method, applied to a client, includes:
acquiring information to be encrypted and a timestamp corresponding to the information to be encrypted;
encrypting the information to be encrypted by using a first secret key in a preset encryption algorithm to obtain a first ciphertext corresponding to the information to be encrypted;
encrypting the first ciphertext and the timestamp to obtain a second ciphertext and a third ciphertext corresponding to the information to be encrypted;
sending the second ciphertext and the third ciphertext to a server, and acquiring a second secret key corresponding to the information to be encrypted, which is generated by the server based on the second ciphertext and the third ciphertext;
and encrypting the first ciphertext by using the second secret key to obtain a fourth ciphertext corresponding to the information to be encrypted, and using the fourth ciphertext as an encryption result corresponding to the information to be encrypted.
2. The method according to claim 1, wherein the encrypting the first ciphertext and the timestamp to obtain a second ciphertext and a third ciphertext corresponding to the information to be encrypted comprises:
based on the first ciphertext and the timestamp, randomly generating a third secret key, an initialization vector and a fourth secret key, and sending a private key corresponding to the fourth secret key to a server;
splicing the first ciphertext and the timestamp to obtain a first data string;
encrypting the first data string by using the third secret key and the initialization vector to obtain a second ciphertext corresponding to the information to be encrypted;
and encrypting the third secret key and the initialization vector by using the fourth secret key to obtain a third ciphertext.
3. The method according to claim 2, wherein the encrypting the first data string by using the third key and the initialization vector to obtain a second ciphertext corresponding to the information to be encrypted comprises:
splicing the initialization vector with the first data string to obtain a second data string;
and encrypting the second data string by using the third secret key to obtain a second ciphertext corresponding to the information to be encrypted.
4. An information encryption method is applied to a server side and comprises the following steps:
receiving a second ciphertext and a third ciphertext sent by the client;
decrypting the second ciphertext and the third ciphertext to obtain a first ciphertext and a timestamp corresponding to the information to be encrypted;
and generating a second secret key corresponding to the information to be encrypted based on the first secret key and the timestamp, and sending the second secret key to the client, so that the client can encrypt the first secret key corresponding to the information to be encrypted by using the second secret key to obtain a fourth secret key corresponding to the information to be encrypted.
5. The method of claim 4, wherein the decrypting the second ciphertext and the third ciphertext to obtain the first ciphertext and the timestamp comprises:
receiving a private key corresponding to a fourth secret key sent by the client, and decrypting the third ciphertext by using the private key to obtain a third secret key and an initialization vector;
and decrypting the second ciphertext by using the third secret key and the initialization vector to obtain a first data string spliced by the first ciphertext and the timestamp, and splitting the first ciphertext and the timestamp in the first data string.
6. The method according to claim 4, wherein the generating a second key corresponding to the information to be encrypted based on the first ciphertext and the timestamp comprises:
judging whether the time difference between the current system time and the time in the timestamp is smaller than a preset time difference or not;
if the time difference is smaller than the preset time difference, generating a second secret key corresponding to the information to be encrypted based on the first ciphertext;
and if the time difference is greater than or equal to the preset time difference, generating alarm information which is forbidden to be encrypted, and sending the alarm information to the client.
7. An information encryption device, applied to a client, includes:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring information to be encrypted and a timestamp corresponding to the information to be encrypted;
the first encryption unit is used for encrypting the information to be encrypted by using a first secret key in a preset encryption algorithm to obtain a first ciphertext corresponding to the information to be encrypted;
the second encryption unit is used for encrypting the first ciphertext and the timestamp to obtain a second ciphertext and a third ciphertext corresponding to the information to be encrypted;
the sending unit is used for sending the second ciphertext and the third ciphertext to a server side, and acquiring a second secret key corresponding to the information to be encrypted, which is generated by the server side based on the second ciphertext and the third ciphertext;
and the third encryption unit is used for encrypting the first ciphertext by using the second secret key to obtain a fourth ciphertext corresponding to the information to be encrypted, and the fourth ciphertext is used as an encryption result corresponding to the information to be encrypted.
8. An information encryption device, applied to a server, includes:
the receiving unit is used for receiving a second ciphertext and a third ciphertext transmitted by the client;
the decryption unit is used for decrypting the second ciphertext and the third ciphertext to obtain a first ciphertext and a timestamp corresponding to the information to be encrypted;
and the generating unit is used for generating a second secret key corresponding to the information to be encrypted based on the first secret key and the timestamp, and sending the second secret key to the client, so that the client can encrypt a first secret key corresponding to the information to be encrypted by using the second secret key to obtain a fourth secret key corresponding to the information to be encrypted.
9. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 6.
10. A computer arrangement comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the computer program realizes the steps of the method of any of claims 1 to 6 when executed by the processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210974598.9A CN115314313A (en) | 2022-08-15 | 2022-08-15 | Information encryption method and device, storage medium and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210974598.9A CN115314313A (en) | 2022-08-15 | 2022-08-15 | Information encryption method and device, storage medium and computer equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115314313A true CN115314313A (en) | 2022-11-08 |
Family
ID=83861973
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210974598.9A Pending CN115314313A (en) | 2022-08-15 | 2022-08-15 | Information encryption method and device, storage medium and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115314313A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116743461A (en) * | 2023-06-15 | 2023-09-12 | 上海银满仓数字科技有限公司 | Commodity data encryption method and device based on time stamp |
| CN117592091A (en) * | 2024-01-19 | 2024-02-23 | 石家庄学院 | Computer information anti-theft method and system |
-
2022
- 2022-08-15 CN CN202210974598.9A patent/CN115314313A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116743461A (en) * | 2023-06-15 | 2023-09-12 | 上海银满仓数字科技有限公司 | Commodity data encryption method and device based on time stamp |
| CN116743461B (en) * | 2023-06-15 | 2023-12-22 | 上海银满仓数字科技有限公司 | Commodity data encryption method and device based on time stamp |
| CN117592091A (en) * | 2024-01-19 | 2024-02-23 | 石家庄学院 | Computer information anti-theft method and system |
| CN117592091B (en) * | 2024-01-19 | 2024-03-29 | 石家庄学院 | Computer information anti-theft method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10785019B2 (en) | Data transmission method and apparatus | |
| US11063754B2 (en) | Systems, devices, and methods for hybrid secret sharing | |
| CN107294937B (en) | Data transmission method based on network communication, client and server | |
| CN107317677B (en) | Secret key storage and equipment identity authentication method and device | |
| EP3476078B1 (en) | Systems and methods for authenticating communications using a single message exchange and symmetric key | |
| CN110059458B (en) | User password encryption authentication method, device and system | |
| CN109981255B (en) | Method and system for updating key pool | |
| CN108347419A (en) | Data transmission method and device | |
| CN112702318A (en) | Communication encryption method, decryption method, client and server | |
| CN110868291B (en) | Data encryption transmission method, device, system and storage medium | |
| CN108809633B (en) | Identity authentication method, device and system | |
| CN115314313A (en) | Information encryption method and device, storage medium and computer equipment | |
| CN113806772A (en) | Information encryption transmission method and device based on block chain | |
| CN112861148B (en) | Data processing method, server, client and encryption machine | |
| US20180013832A1 (en) | Health device, gateway device and method for securing protocol using the same | |
| KR20080025121A (en) | Generating a secret key from an asymmetric private key | |
| CN111064572B (en) | Data communication method and device | |
| CN108737087B (en) | Protection method for mailbox account password and computer readable storage medium | |
| CN114499837A (en) | Method, device, system and equipment for preventing leakage of message | |
| WO2024139347A1 (en) | Method, system and apparatus for securely acquiring sensitive information, and electronic device | |
| CN114785527B (en) | Data transmission method, device, equipment and storage medium | |
| CN111431846B (en) | Data transmission method, device and system | |
| CN110768792B (en) | Main key generation method, device and encryption and decryption method for sensitive security parameters | |
| CN114285557A (en) | Communication encryption method, system and device | |
| KR100401063B1 (en) | the method and the system for passward based key change |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |