CN115442046A - Signature method, signature device, electronic equipment and storage medium - Google Patents

Signature method, signature device, electronic equipment and storage medium Download PDF

Info

Publication number
CN115442046A
CN115442046A CN202210802116.1A CN202210802116A CN115442046A CN 115442046 A CN115442046 A CN 115442046A CN 202210802116 A CN202210802116 A CN 202210802116A CN 115442046 A CN115442046 A CN 115442046A
Authority
CN
China
Prior art keywords
service
key
target data
signature
password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210802116.1A
Other languages
Chinese (zh)
Inventor
赵杰乐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Co Wheels Technology Co Ltd
Original Assignee
Beijing Co Wheels Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Co Wheels Technology Co Ltd filed Critical Beijing Co Wheels Technology Co Ltd
Priority to CN202210802116.1A priority Critical patent/CN115442046A/en
Publication of CN115442046A publication Critical patent/CN115442046A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a signature method, a signature device, an electronic device and a storage medium, wherein the method comprises the following steps: the method comprises the steps of obtaining service data to be signed and an encrypted service key, obtaining target data obtained by performing security operation on a service password from a server, wherein the security operation comprises at least one of signature and encryption, performing at least one of signature verification and decryption corresponding to the security operation on the target data to obtain the service password, decrypting the encrypted service key by using the service password to obtain a decrypted service key, and signing the service data by using the decrypted service key to ensure the security of the service key.

Description

Signature method, signature device, electronic equipment and storage medium
Technical Field
The present application relates to the field of data security technologies, and in particular, to a signature method and apparatus, an electronic device, and a storage medium.
Background
As Technology advances, the functions of products are continuously optimized, application software or system upgrades are performed through Over-the-Air Technology (OTA), and in an OTA scenario, service data needs to be digitally signed, for example, a software version to be released is digitally signed, to ensure the reliability and integrity of a data source.
In the related art, the security of the service key for digital signature cannot be guaranteed.
Disclosure of Invention
The application provides a signature method, a signature device, an electronic device and a storage medium, which improve the security of a service key and solve the technical problem of poor security of the service key in the related technology.
An embodiment of an aspect of the present application provides a signature method, including:
acquiring service data to be signed and an encrypted service key;
acquiring target data obtained by performing security operation on the service password from a server; wherein the security operation includes at least one of a signature and encryption;
executing at least one operation of signature verification and decryption corresponding to the security operation on the target data to obtain a service password;
decrypting the encrypted service key by adopting the service password to obtain a decrypted service key;
and signing the service data by adopting the decrypted service key.
Another embodiment of the present application provides another signature method, including:
acquiring a service password;
performing security operation on the service password to obtain target data; wherein the security operation includes at least one of a signature and encryption;
and sending the target data to a terminal device so that the terminal device executes at least one of signature verification and decryption corresponding to the security operation on the target data to obtain a service password, decrypting the encrypted service key by using the service password to obtain a decrypted service key, and signing the service data by using the decrypted service key.
In another aspect, an embodiment of the present application provides a signature apparatus, including:
the first acquisition module is used for acquiring the service data to be signed and the encrypted service key;
the second acquisition module is used for acquiring target data obtained by performing security operation on the service password from the server; wherein the security operation includes at least one of a signature and encryption;
the processing module is used for executing at least one operation of signature verification and decryption corresponding to the security operation on the target data to obtain a service password;
the decryption module is used for decrypting the encrypted service key by adopting the service password to obtain a decrypted service key;
and the signature module is used for signing the service data by adopting the decrypted service key.
In another aspect, an embodiment of the present application provides another signature apparatus, including:
the acquisition module is used for acquiring the service password;
the processing module is used for executing security operation on the service password to obtain target data; wherein the security operation includes at least one of a signature and encryption;
and the sending module is used for sending the target data to a terminal device so that the terminal device executes at least one of signature verification and decryption corresponding to the security operation on the target data to obtain a service password, the encrypted service key is decrypted by adopting the service password to obtain a decrypted service key, and the service data is signed by adopting the decrypted service key.
An embodiment of another aspect of the present application provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor executes the program to implement the method according to the foregoing one aspect or the method according to the foregoing another aspect.
Another embodiment of the present application proposes a non-transitory computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the method according to the aforementioned one aspect or the aforementioned another aspect.
An embodiment of another aspect of the present application proposes a computer program product having a computer program stored thereon, which when executed by a processor implements the method according to the one aspect or the method according to the other aspect.
The signing method, the signing device, the electronic equipment and the storage medium obtain service data to be signed and an encrypted service key, obtain target data obtained by performing security operation on a service password from a server, wherein the security operation comprises at least one of signature and encryption, perform at least one of signature verification and decryption corresponding to the security operation on the target data to obtain the service password, decrypt the encrypted service key by using the service password to obtain a decrypted service key, and sign the service data by using the decrypted service key, so that the security of the service key is guaranteed.
Drawings
The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is a schematic flowchart of a signature method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of another signature method provided in an embodiment of the present application;
fig. 3 is a schematic flowchart of another signature method provided in an embodiment of the present application;
fig. 4 is a schematic flowchart of another signature method provided in an embodiment of the present application;
fig. 5 is a schematic flowchart of another signature method provided in the embodiment of the present application;
fig. 6 is a schematic structural diagram of a signature apparatus according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of another signature apparatus provided in an embodiment of the present application;
fig. 8 is a block diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative and intended to explain the present application and should not be construed as limiting the present application.
The signature method, apparatus, electronic device, and storage medium of the embodiments of the present application are described below with reference to the accompanying drawings.
Fig. 1 is a schematic flowchart of a signature method according to an embodiment of the present disclosure.
The execution main body of the signature method in the embodiment of the application is the signature device, the device can be arranged in terminal equipment, the terminal equipment can be electronic equipment, and the electronic equipment comprises a smart phone, a palm computer, intelligent wearable equipment and the like, and the embodiment of the application is not limited.
As shown in fig. 1, the method may include the steps of:
step 101, acquiring service data to be signed and an encrypted service key.
The service data is data related to a service scene, for example, in a code service scene, the service data is a code to be issued; in an online system upgrade (OTA) scenario, the service data is data corresponding to The system upgrade.
In the embodiment of the application, the decryption password of the encrypted service key, namely the service password, is stored in the server, and the security of the service key stored in the terminal equipment is improved by respectively storing the encrypted service key and the service password for decryption. And after the encrypted service key is decrypted, the encrypted service key is used for signing the acquired service data to be digitally signed.
In an implementation manner of the embodiment of the application, the service data to be signed and the encrypted service key are stored in the same storage unit, so that after the encrypted service key is decrypted by the obtained service password, the service data can be signed by using the decrypted service key, the integrated processing of the project is facilitated, and the efficiency is improved.
And 102, acquiring target data obtained by performing security operation on the service password from the server.
Wherein the security operation comprises at least one of a signature and an encryption. In cryptography, encryption (english: encryption) is a process of changing plaintext information into ciphertext content that is difficult to read, making it unreadable. Only by decrypting through the password, the ciphertext can be restored to the normally readable content. Signatures, using techniques in the field of public key cryptography, are used to authenticate digital information.
In the embodiment of the application, the target data comprises the service password for decrypting the encrypted service key, the service password is stored in the server, and the target data obtained by adopting the security operation is transmitted to the terminal equipment, so that the service password is prevented from being leaked and tampered, and the security is improved.
And 103, executing at least one operation of signature verification and decryption corresponding to the security operation on the target data to obtain a service password.
In one scenario of the embodiment of the present application, the security operation includes a signature operation. And acquiring target data obtained by signature operation from the server, namely signature data, wherein the signature data comprises a digital signature and a service password. And further, performing corresponding signature verification on the target data, and obtaining the service password under the condition that the signature verification is passed, namely determining the service password to be a valid service password. The signature verification method is used as an implementation method, and comprises the steps of carrying out hash processing on a service password in obtained signature data to obtain hash data, carrying out signature on the hash data to obtain a digital signature to be verified, matching the digital signature to be verified with the digital signature obtained from a server, and determining that the service password obtained according to target data is a valid password under the condition that the digital signature to be verified and the digital signature obtained from the server are verified.
In another scenario of the embodiment of the present application, the security operation includes an encryption operation. And then, the target data obtained by adopting the encryption operation is acquired from the server and is the password data, and further, the corresponding decryption operation is executed on the target data to obtain a service password, and the service password is used for decrypting the encrypted service key.
And 104, decrypting the encrypted service key by using the service password to obtain the decrypted service key.
In the embodiment of the application, the service cipher is adopted to decrypt the encrypted service key to obtain the decrypted service key, so that the service key and the service data to be signed are stored in the same position in a data encryption mode, the service data is convenient to process on the premise of ensuring the safety of the service key, and the efficiency is improved.
And step 105, signing the service data by using the decrypted service key.
And signing the service data by adopting the decrypted service key to obtain the signed service data, thereby ensuring the reliability of the service data.
In the signing method of the embodiment of the application, the service data to be signed and the encrypted service key are acquired, the target data obtained by performing security operation on the service password is acquired from the server, wherein the security operation comprises at least one of signature and encryption, at least one of signature verification and decryption corresponding to the security operation is performed on the target data to obtain the service password, the encrypted service key is decrypted by using the service password to obtain the decrypted service key, and the service data is signed by using the decrypted service key, so that the security of the service key is guaranteed.
Based on the foregoing embodiment, fig. 2 is a schematic flowchart of another signature method provided in the embodiment of the present application, and illustrates a process of how to determine a service password in a scenario where security operation is encryption and target data is obtained by a server encrypting the service password according to a random public key in a random key pair, as shown in fig. 2, the method includes the following steps:
step 201, acquiring service data to be signed and an encrypted service key.
In step 201, the explanation in the foregoing embodiment can be referred to, and the principle is the same, which is not described again in this embodiment.
Step 202, target data obtained by adopting security operation is obtained from a server.
The security operation is encryption, and the target data is obtained by encrypting the service cipher by the server according to the random public key in the random key pair.
In an implementation manner of the embodiment of the present application, the random key pair may be generated randomly by the server, and the random key pair includes a random public key and a random private key, for example, the random key pair generated by using an asymmetric encryption algorithm is temporarily generated to encrypt the service password by using the random public key to obtain the target data, so that the reliability of the target data is improved.
In another implementation manner of the embodiment of the application, the random key pair is generated randomly by the terminal device, and the random key pair includes a random public key and a random private key, for example, the random key pair generated by using an asymmetric encryption algorithm is temporarily generated to encrypt the service password by using the random public key to obtain the target data, so that the reliability of the target data is improved.
And step 203, decrypting the target data by adopting a random private key in the random key pair to obtain a service password.
In the embodiment of the application, the terminal device obtains the random private key in the random private key pair, and decrypts the target data obtained from the server by using the random private key to obtain the decrypted service password.
The random private key may be generated by the terminal device itself or obtained from a server.
And step 204, decrypting the encrypted service key by using the service password to obtain a decrypted service key.
And step 205, signing the service data by using the decrypted service key.
Step 204 and step 205 may refer to the explanations in the foregoing embodiments, and the principle is the same, which is not described herein again.
In the signing method of the embodiment of the application, the decryption password of the service key is placed in the server, when the service key needs to be decrypted, the target data obtained by adopting security operation is obtained from the server, the target data is encrypted data obtained by encrypting the service password, the service password is obtained by decryption, the security of service password transmission is ensured, the encrypted service key is decrypted according to the service password to obtain the decrypted service key, namely the plaintext of the service key, and the service data is signed by adopting the decrypted service key, so that the service data and the encrypted service key are placed at one position on the premise of ensuring the security of the service key, and the integration and the processing efficiency of the service data are improved.
Based on the foregoing embodiment, fig. 3 is a schematic flowchart of another signing method provided in the embodiment of the present application, where security operation is signing, and target data is a process how to determine a service password in a scenario where a server signs a service password according to a set private key in a set key pair, as shown in fig. 3, the method includes the following steps:
step 301, acquiring service data to be signed and an encrypted service key.
Step 302, target data obtained by adopting security operation is obtained from a server.
Wherein the security operation is a signature. The target data is signature data obtained by the server according to the set private key in the set key pair to sign the service password.
And 303, performing signature verification on the signature data in the target data by using the set public key in the set key pair.
The set key pair is determined by negotiation between the server and the terminal device, and as an implementation manner, the set key pair is generated by the server, wherein the set key pair comprises a set public key and a set private key, the set private key is stored in the server, and the set public key is sent to the terminal device by the server.
In the embodiment of the application, the target data is signature data, the signature data comprises a service password and a digital signature, after the terminal device obtains the target data, the terminal device decrypts the digital signature by using a set public key to obtain summary data to be verified corresponding to the signature data sent by the server, meanwhile, the terminal device performs hash processing on the service password by using the same hash function to obtain the summary data for comparison, the summary data for comparison and the summary data to be verified are compared, if the similarity is greater than a set threshold value, it is determined that the signature data passes verification, and otherwise, it is determined that the signature data does not pass verification.
And 304, responding to the signature data, and obtaining the service password after the signature verification is passed.
In the embodiment of the application, when the digital signature to be verified and the digital signature in the signature data acquired from the server pass verification, the digital signature is determined to pass verification, so that the service password acquired according to the target data is determined to be a valid password.
And 305, decrypting the encrypted service key by using the service password to obtain a decrypted service key.
And step 306, signing the service data by using the decrypted service key.
The step 305 and the step 306 can refer to the explanations in the foregoing embodiments, and the principle is the same, which is not described herein again.
In the signing method of the embodiment of the application, the decryption password of the service key is placed in the server, when the service key needs to be decrypted, the target data obtained by adopting security operation is obtained from the server, the target data is the signature data obtained by signing the service password, the service password is obtained after signature verification, the integrity of the service password in the transmission process is ensured, the encrypted service key is decrypted according to the service password to obtain the decrypted service key, namely the plaintext of the service key, and the service data is signed by adopting the decrypted service key.
Based on the foregoing embodiment, fig. 4 is a schematic flow chart of another signature method provided in the embodiment of the present application, and illustrates a process of how to determine a service password in a scenario where target data is obtained by a server signing a service password first and then encrypting the signature data, as shown in fig. 4, the method includes the following steps:
step 401, acquiring the service data to be signed and the encrypted service key.
In step 401, reference may be made to the explanations in the foregoing embodiments, and the principle is the same, which is not described again in this embodiment.
At step 402, a random key pair is generated.
Wherein, the random key pair comprises a random public key and a random private key.
In the embodiment of the present application, when the terminal device has a requirement for signing service data to be signed, that is, the terminal device needs to obtain a service password for decrypting an encrypted service key from the server, the terminal device is required to generate a temporary random key pair, where the random key pair may be obtained based on an asymmetric encryption algorithm, for example, an RSA encryption algorithm. The random private key is stored in the terminal device and used for decrypting the target data subsequently so as to improve the accuracy of encryption.
Step 403, sending the random public key to the server.
The random public key is used for encrypting the service password or the signature data by the server.
In the embodiment of the application, the random public key is sent to the server, so that the server encrypts the signature data according to the random public key after signing the service password by using the set private key to obtain the signature data, and the transmission safety of the target data to the terminal equipment is ensured.
Step 404, obtaining target data obtained by performing security operation on the service data from the server.
Step 404 may refer to the explanations in the foregoing embodiments, and the principle is the same, which is not described again in this embodiment.
In the embodiment of the application, the target data is obtained by performing signature operation on the service password and then performing encryption operation.
And 405, decrypting the target data by using a random private key to obtain signature data.
And step 406, performing signature verification on the signature data by using the set public key in the set key pair.
The set key pair is determined by negotiation between the server and the terminal device, and as an implementation manner, the set key pair is generated by the server side, wherein the set key pair comprises a set public key and a set private key, the set private key is stored in the server, and the set public key is sent to the terminal device by the server.
And step 407, responding to the signature verification, and obtaining a service password.
In the embodiment of the application, the terminal device decrypts the target data according to the random private key in the temporarily generated random key pair to obtain the decrypted target data, and then performs signature verification on the decrypted target data by using the set public key in the set key pair stored in the terminal device, and obtains the service password in response to the passing of the signature verification, that is, the service password is an accurate and complete service password. The method for signature verification may refer to the explanations in the foregoing embodiments, and the principles are the same, which are not described in detail in this embodiment.
And step 408, decrypting the encrypted service key by using the service password to obtain a decrypted service key.
And step 409, signing the service data by using the decrypted service key.
Step 408 and step 409 may refer to the explanations in the foregoing embodiments, and the principle is the same, which is not described again in this embodiment.
In the signing method of the embodiment of the application, the decryption password of the service key is placed in the server, when the service key needs to be decrypted, the target data obtained by adopting security operation is obtained from the server, the target data comprises the signature data obtained by signing the service password and the encrypted data obtained by encrypting the service password, after the signature data is verified, the availability of the service password obtained by decryption is determined, the accuracy and the integrity of the service password are ensured through decryption and signature verification, the encrypted service key is decrypted according to the service password to obtain the decrypted service key, namely the plaintext of the service key, and the service data is signed by adopting the decrypted service key.
Based on the foregoing embodiments, an embodiment of the present application provides another signing method, where an execution subject is a server, and fig. 5 is a schematic flow chart of the another signing method provided in the embodiment of the present application, as shown in fig. 5, the method includes the following steps:
step 501, acquiring a service password.
And 502, performing security operation on the service password to obtain target data.
Wherein the security operation includes at least one of a signature and encryption.
As a first implementation manner, the security operation is an encryption operation, a random public key in a random key pair sent by the terminal device is obtained, and the service password is encrypted by using the random public key to obtain the target data. The target data is encrypted data and is not signed.
As a second implementation manner, the security operation is a signature operation, and the service password is signed by using a set private key in a stored set key pair to obtain target data. The target data is signature data and is not encrypted.
As a third implementation manner, the security operation includes a signature operation and an encryption operation, and the set private key in the stored set key pair is used to sign the service password to obtain signature data, and then a random public key in a random key pair sent by the terminal device is obtained, and the random public key is used to encrypt the signature data to obtain target data.
Step 503, sending the target data to the terminal device.
The target data is used for the terminal equipment to execute at least one operation of signature verification and decryption corresponding to the security operation on the target data to obtain a service password, the encrypted service key is decrypted by the service password to obtain a decrypted service key, and the service data is signed by the decrypted service key.
It should be noted that the explanations and effects in the foregoing embodiments are also applicable to the method of the present embodiment, and the principle is the same, and are not described again in the present embodiment.
In order to implement the foregoing embodiment, an embodiment of the present application further provides a signature apparatus, where the signature apparatus is disposed in a terminal device.
Fig. 6 is a schematic structural diagram of a signature apparatus according to an embodiment of the present application.
As shown in fig. 6, the apparatus may include:
the first obtaining module 61 is configured to obtain service data to be signed and an encrypted service key.
A second obtaining module 62, configured to obtain, from the server, target data obtained by performing security operation on the service password; wherein the security operation includes at least one of a signature and encryption.
And the processing module 63 is configured to perform at least one of signature verification and decryption corresponding to the security operation on the target data to obtain a service password.
And a decryption module 64, configured to decrypt the encrypted service key with the service password to obtain a decrypted service key.
And the signature module 65 is configured to sign the service data with the decrypted service key.
Further, in an implementation manner of the embodiment of the present application, the security operation is encryption, and the target data is obtained by encrypting the service password by the server according to a random public key in a random key pair; the processing module 63 is specifically configured to:
and decrypting the target data by adopting a random private key in the random key pair to obtain the service password.
In an implementation manner of the embodiment of the present application, the security operation is a signature, and the target data is obtained by the server signing the service password according to a set private key in a set key pair; the processing module 63 is specifically configured to:
adopting a set public key in the set key pair to carry out signature verification on the target data;
and responding to the passing of the target data verification to obtain the service password.
In one implementation of the embodiment of the present application, the security operation includes signing and encryption; the target data is obtained after the server signs and encrypts the service password respectively according to a set private key in a set key pair and a random convention in a random key pair; the processing module 63 is specifically configured to:
decrypting the target data by adopting a random private key in a random private key pair to obtain signature data;
adopting a set public key in a set key pair to carry out signature verification on the signature data;
and responding to the signature verification passing, and obtaining the service password.
In an implementation manner of the embodiment of the present application, the apparatus further includes:
a generation module for generating a random key pair; wherein, the random key pair comprises a random public key and a random private key;
a sending module, configured to send the random public key to the server; the random public key is used for encrypting the service password stored by the server to obtain the password data.
It should be noted that the foregoing explanation of the method embodiment is also applicable to the apparatus of the embodiment, and is not repeated herein.
In the signing device in the embodiment of the application, the service data to be signed and the encrypted service key are acquired, the target data obtained by adopting the security operation is acquired from the server, wherein the security operation comprises at least one of signature and encryption, at least one of signature verification and decryption corresponding to the security operation is performed on the target data to obtain the service password, the encrypted service key is decrypted by adopting the service password to obtain the decrypted service key, and the service data is signed by adopting the decrypted service key, so that the security of the service key is ensured.
In order to implement the foregoing embodiment, an embodiment of the present application further provides a signature apparatus, where the signature apparatus is disposed in a server.
Fig. 7 is a schematic structural diagram of a signature apparatus according to an embodiment of the present application.
As shown in fig. 7, the apparatus may include:
and an obtaining module 71, configured to obtain the service password.
A processing module 72, configured to perform a security operation on the service password to obtain target data; wherein the security operation includes at least one of a signature and encryption.
The sending module 73 is configured to send the target data to a terminal device, so that the terminal device performs at least one of signature verification and decryption corresponding to the security operation on the target data to obtain a service password, decrypts the encrypted service key with the service password to obtain a decrypted service key, and signs the service data with the decrypted service key.
In an implementation manner of the embodiment of the present application, the processing module 72 is specifically configured to:
acquiring a random public key in a random key pair sent by the terminal equipment;
and encrypting the service password by adopting the random public key to obtain target data.
In an implementation manner of the embodiment of the present application, the processing module 72 is further specifically configured to:
and signing the service password by adopting a set private key in a set key pair to obtain target data.
In an implementation manner of the embodiment of the present application, the processing module 72 is further specifically configured to:
signing the service password by using a set private key in a stored set key pair to obtain signature data;
acquiring a random public key in a random key pair sent by a terminal device;
and encrypting the signature data by adopting the random public key to obtain the target data.
It should be noted that the foregoing explanation of the method embodiment is also applicable to the apparatus of the embodiment, and is not repeated herein.
In the signing device of the embodiment of the application, the service data to be signed and the encrypted service key are obtained, the target data obtained by adopting the security operation is obtained from the server, wherein the security operation comprises at least one of signature and encryption, at least one of signature verification and decryption corresponding to the security operation is executed on the target data to obtain the service password, the encrypted service key is decrypted by adopting the service password to obtain the decrypted service key, and the service data is signed by adopting the decrypted service key, so that the security of the service key is ensured.
In order to implement the foregoing embodiments, the present application further proposes an electronic device, which includes a memory, a processor and a computer program stored on the memory and executable on the processor, and when the processor executes the program, the electronic device implements the method according to the foregoing method embodiments.
In order to implement the above-mentioned embodiments, the present application also proposes a non-transitory computer-readable storage medium on which a computer program is stored, which, when executed by a processor, implements the method as described in the foregoing method embodiments.
In order to implement the above-mentioned embodiments, the present application further proposes a computer program product having a computer program stored thereon, which, when executed by a processor, implements the method as described in the foregoing method embodiments.
Fig. 8 is a block diagram of an electronic device according to an embodiment of the present disclosure. The electronic device shown in fig. 8 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure. The electronic device may be a terminal device or a server.
As shown in fig. 8, the electronic device 10 includes a processor 11, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 12 or a program loaded from a Memory 16 into a Random Access Memory (RAM) 13. In the RAM 13, various programs and data necessary for the operation of the electronic apparatus 10 are also stored. The processor 11, the ROM 12, and the RAM 13 are connected to each other via a bus 14. An Input/Output (I/O) interface 15 is also connected to the bus 14.
The following components are connected to the I/O interface 15: a memory 16 including a hard disk and the like; and a communication section 17 including a Network interface card such as a LAN (Local Area Network) card, a modem, or the like, the communication section 17 performing communication processing via a Network such as the internet; a drive 18 is also connected to the I/O interface 15 as necessary.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program embodied on a computer readable medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 17. The computer program, when executed by the processor 11, performs the above-described functions defined in the method of the present disclosure.
In an exemplary embodiment, there is also provided a storage medium comprising instructions, such as the memory 16 comprising instructions, executable by the processor 11 of the electronic device 10 to perform the above-described method. Alternatively, the storage medium may be a non-transitory computer readable storage medium, which may be, for example, a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
It is noted that, in this document, relational terms such as "first" and "second," and the like, are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.

Claims (13)

1. A signature method, comprising:
acquiring service data to be signed and an encrypted service key;
acquiring target data obtained by performing security operation on the service password from a server; wherein the security operation includes at least one of a signature and encryption;
executing at least one operation of signature verification and decryption corresponding to the security operation on the target data to obtain the service password;
decrypting the encrypted service key by adopting the service password to obtain a decrypted service key;
and signing the service data by adopting the decrypted service key.
2. The method of claim 1, wherein the security operation is encryption, and the target data is obtained by the server encrypting the service password according to a random public key in a random key pair; executing a decryption operation corresponding to the security operation on the target data to obtain the service password, including:
and decrypting the target data by adopting a random private key in the random key pair to obtain the service password.
3. The method of claim 1, wherein the security operation is signing, and the target data is obtained by the server signing the service password according to a set private key in a set key pair; the executing a decryption operation corresponding to the security operation on the target data to obtain the service password includes:
adopting a set public key in the set key pair to carry out signature verification on the target data;
and responding to the passing of the target data verification to obtain the service password.
4. The method of claim 1, wherein the security operations include signing and encryption; the performing at least one of signature verification and decryption corresponding to the security operation on the target data to obtain the service password includes:
decrypting the target data by adopting a random private key in a random private key pair to obtain signature data;
adopting a set public key in a set key pair to carry out signature verification on the signature data;
and responding to the signature verification passing, and obtaining the service password.
5. The method of claim 2 or 4, wherein before obtaining the target data obtained by adopting the security operation on the service password from the server, the method comprises:
generating a random key pair; wherein, the random key pair comprises a random public key and a random private key;
and sending the random public key to the server.
6. A signature method, comprising:
acquiring a service password;
performing security operation on the service password to obtain target data; wherein the security operation includes at least one of a signature and encryption;
and sending the target data to a terminal device so that the terminal device executes at least one of signature verification and decryption corresponding to the security operation on the target data to obtain a service password, decrypting the encrypted service key by using the service password to obtain a decrypted service key, and signing the service data by using the decrypted service key.
7. The method of claim 6, wherein performing the security operation on the service password results in target data comprising:
acquiring a random public key in a random key pair sent by the terminal equipment;
and encrypting the service password by adopting the random public key to obtain target data.
8. The method of claim 6, wherein performing the security operation on the service password results in target data comprising:
and signing the service password by adopting a set private key in a set key pair to obtain target data.
9. The method of claim 6, wherein performing the security operation on the service password results in target data comprising:
signing the service password by using a set private key in a set key pair to obtain signature data;
acquiring a random public key in a random key pair sent by a terminal device;
and encrypting the signature data by adopting the random public key to obtain the target data.
10. A signature apparatus, comprising:
the first acquisition module is used for acquiring the service data to be signed and the encrypted service key;
the second acquisition module is used for acquiring target data obtained by performing security operation on the service password from the server; wherein the security operation includes at least one of a signature and encryption;
the processing module is used for executing at least one operation of signature verification and decryption corresponding to the security operation on the target data to obtain the service password;
the decryption module is used for decrypting the encrypted service key by adopting the service password to obtain a decrypted service key;
and the signature module is used for signing the service data by adopting the decrypted service key.
11. A signature apparatus, comprising:
the acquisition module is used for acquiring the service password;
the processing module is used for executing security operation on the service password to obtain target data; wherein the security operation includes at least one of a signature and encryption;
and the sending module is used for sending the target data to a terminal device so that the terminal device executes at least one of signature verification and decryption corresponding to the security operation on the target data to obtain a service password, the encrypted service key is decrypted by adopting the service password to obtain a decrypted service key, and the service data is signed by adopting the decrypted service key.
12. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method according to any of claims 1-5 or implementing the method according to any of claims 6-9 when executing the program.
13. A non-transitory computer readable storage medium having stored thereon a computer program, wherein the computer program, when executed by a processor, implements the method of any one of claims 1-5 or implements the method of any one of claims 6-9.
CN202210802116.1A 2022-07-08 2022-07-08 Signature method, signature device, electronic equipment and storage medium Pending CN115442046A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210802116.1A CN115442046A (en) 2022-07-08 2022-07-08 Signature method, signature device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210802116.1A CN115442046A (en) 2022-07-08 2022-07-08 Signature method, signature device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN115442046A true CN115442046A (en) 2022-12-06

Family

ID=84241170

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210802116.1A Pending CN115442046A (en) 2022-07-08 2022-07-08 Signature method, signature device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115442046A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116506120A (en) * 2023-06-25 2023-07-28 鼎铉商用密码测评技术(深圳)有限公司 Key loading method, key system and readable storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116506120A (en) * 2023-06-25 2023-07-28 鼎铉商用密码测评技术(深圳)有限公司 Key loading method, key system and readable storage medium
CN116506120B (en) * 2023-06-25 2023-09-29 鼎铉商用密码测评技术(深圳)有限公司 Key loading method, key system and readable storage medium

Similar Documents

Publication Publication Date Title
US8495383B2 (en) Method for the secure storing of program state data in an electronic device
CN109194625B (en) Client application protection method and device based on cloud server and storage medium
US20180219688A1 (en) Information Transmission Method and Mobile Device
CN107005577B (en) Fingerprint data processing method and processing device
CN110868291B (en) Data encryption transmission method, device, system and storage medium
CN109145628B (en) Data acquisition method and system based on trusted execution environment
US20230325516A1 (en) Method for file encryption, terminal, electronic device and computer-readable storage medium
US20200089867A1 (en) System and method for authentication
CN112232814A (en) Encryption and decryption method of payment key, payment authentication method and terminal equipment
CN113114668A (en) Information transmission method, mobile terminal, storage medium and electronic equipment
US11288381B2 (en) Calculation device, calculation method, calculation program and calculation system
CN114915504B (en) Security chip initial authentication method and system
CN114780923A (en) Electronic seal management and control method and system
CN106411520B (en) Method, device and system for processing virtual resource data
CN114124364A (en) Key security processing method, device, equipment and computer readable storage medium
CN111177748A (en) Fingerprint storage encryption method, device and system
CN115442046A (en) Signature method, signature device, electronic equipment and storage medium
WO2018033017A1 (en) Terminal state conversion method and system for credit granting
CN113810779B (en) Code stream signature verification method, device, electronic equipment and computer readable medium
CN110968878A (en) Information transmission method, system, electronic device and readable medium
CN113111360A (en) File processing method
CN114091088B (en) Method and apparatus for improving communication security
CN114125830B (en) APP data encryption transmission method, device and medium
CN112422293B (en) Key generation method, device and information processing method
CN113806749B (en) Upgrading method, device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination