CN115694922A - File transmission encryption method and equipment under domestic CPU and OS - Google Patents
File transmission encryption method and equipment under domestic CPU and OS Download PDFInfo
- Publication number
- CN115694922A CN115694922A CN202211244482.6A CN202211244482A CN115694922A CN 115694922 A CN115694922 A CN 115694922A CN 202211244482 A CN202211244482 A CN 202211244482A CN 115694922 A CN115694922 A CN 115694922A
- Authority
- CN
- China
- Prior art keywords
- key
- file
- encrypted
- domestic
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 50
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000012795 verification Methods 0.000 claims description 9
- 238000012546 transfer Methods 0.000 claims description 5
- 238000012545 processing Methods 0.000 abstract description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000011084 recovery Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
Images
Abstract
The invention discloses a file transmission encryption method and equipment under domestic CPUs (central processing units) and OSs (operating systems), belonging to the technical field of file transmission encryption, wherein a key end is arranged for uniformly managing keys and generating random keys, and the key end is provided with a domestic encryption algorithm management system; the method comprises the following implementation processes: the key end receives and transmits the file data to be encrypted sent by the transmitting party; a key terminal generates a random key, and the random key and a file to be encrypted are calculated through a domestic password to generate encrypted file data; the key end encrypts the random key through a domestic password to obtain an encrypted random key ciphertext; the key terminal sends the encrypted file data and the encrypted random key to a receiver at the same time; and the receiver decrypts the encrypted random key and then decrypts the encrypted file data by using the random key to obtain the decrypted file data. The invention has strong compatibility and good safety and reduces the consumption of computing resources.
Description
Technical Field
The invention relates to the technical field of file transmission encryption, in particular to a file transmission encryption method and equipment under domestic CPUs and OSs.
Background
The rapid development of the network technology facilitates the daily life of people, improves the working efficiency and promotes the communication. The network does bring much convenience to people, but the network security problem also troubles people from time to time, and the network security problem also becomes a key problem of social attention. Document transmission security is one of the security concerns of the general public, and a document may contain many secrets, and once stolen by a hacker, the loss is not imaginable.
With the trend of government affair office informatization, more and more various office business scenes relate to file transmission requirements, file transmission safety is an important component of government affair safety, and a person skilled in the art needs to solve the problem of how to protect the safety of file data in the transmission process under the environment of domestic CPUs and OSs.
At present, file transmission under a domestic terminal environment is usually directly transmitted through plaintext or directly encrypted by adopting a universal commercial password on the international world, and is easy to be stolen and tampered by an attacker; meanwhile, the encryption scenes are more, the application scene with larger files to be encrypted is also greatly influenced, a large amount of calculation power is consumed, the arrangement under domestic CPUs and OSs is relatively difficult, and the consumption of terminal resources is larger.
Disclosure of Invention
The technical task of the invention is to provide a file transmission encryption method and equipment under a domestic CPU and OS, the file transmission encryption based on a domestic password has strong compatibility and good safety, is convenient for a user to use the domestic CPU and an operating system to safely transmit files, strengthens the requirement of safety and controllability of special industries, and gets rid of excessive dependence on foreign technologies and products.
The technical scheme adopted by the invention for solving the technical problem is as follows:
the file transmission encryption method under domestic CPU and OS is characterized in that a key end is arranged and used for carrying out unified management on keys and generating random keys, and the key end is provided with a domestic encryption algorithm management system; the method is realized as follows:
1) The key end receives the file data to be encrypted sent by the sender;
2) Generating a random key at the key end, and generating encrypted file data by calculating the random key and a file to be encrypted through a domestic password;
3) Encrypting the random key by the key end through a domestic password to obtain an encrypted random key ciphertext;
4) The key end simultaneously sends the encrypted file data and the encrypted random key to a receiver;
5) And the receiver decrypts the encrypted random key and then decrypts the encrypted file data by using the random key to obtain the decrypted file data.
In the file transmission process, the key distribution and the file data are credible, the file data encryption and decryption are based on domestic passwords, and the encryption and decryption operation is performed by the key end for places needing to occupy a large number of encryption and decryption operation resources, so that the consumption of computing resources is reduced, and the working efficiency is improved. The method improves the security of file transmission in the domestic terminal environment, ensures the authenticity and reliability of file data, and solves the problems of low security and low efficiency of file transmission encryption in the domestic terminal environment.
Preferably, the key end is an encryption and decryption hardware device.
Preferably, the domestic encryption algorithm installed at the key end comprises a domestic symmetric key algorithm (SM 1, SM 4), a domestic asymmetric key algorithm (SM 2) and a hash algorithm (SM 3), and the security of the key life cycle such as generation, use, storage, recovery and the like of the key is guaranteed.
Furthermore, in the process of file data transmission encryption, signature adding operation is carried out on the transmitted file data and the key according to the signature of the sender; and the receiver performs the label-removing operation after receiving the data, and performs the corresponding decryption operation after the verification is passed. The safety and the integrity of the file data are ensured.
Preferably, the key terminal completes the encryption of the file data through a WEB guidance type and a graphical interface.
Preferably, the method comprises the following specific implementation steps:
1) The sender sends file data;
2) The key end receives the file data transmitted by the transmitting party;
3) The key end performs key distribution and corresponding encryption operation;
4) The secret key end carries out signature on the transmission data;
5) Receiving the data packet by the receiving party;
6) The receiver checks the received data;
7) And after the signature verification is passed, the receiver decrypts the file data.
The present invention is also claimed in a file transfer encryption device under a domestic CPU and OS, the device having a domestic encryption algorithm management system for uniformly managing keys and generating random keys, the device comprising a file receiving module, a file encryption module, a key encryption module and an encrypted file transmitting module,
the file receiving module is used for receiving file data to be encrypted sent by a sender;
the file encryption module generates a random key, and generates encrypted file data by calculating the random key and a file to be encrypted through a domestic password;
the key encryption module encrypts the random key through a domestic password to obtain an encrypted random key ciphertext;
and the encrypted file sending module sends the encrypted file data and the encrypted random key to a receiver at the same time.
A sender sends file data to be encrypted to the file transmission encryption equipment, a file receiving module receives the file data to be encrypted, the encryption of the file data and the encryption of a random key are realized through a file encryption module and a key encryption module, and the encrypted file data and the encrypted random key are sent to a receiver through an encrypted file sending module; and the receiver decrypts the encrypted random key and then decrypts the encrypted file data by using the random key to obtain the decrypted file data.
Preferably, the domestic encryption algorithm installed in the device comprises a domestic secret symmetric key algorithm, a domestic secret asymmetric key algorithm and a hash algorithm.
And the data signing module is used for signing the transmitted file data and the key according to the signature of the sender.
And the receiver performs the de-signing operation after receiving the data, and performs the corresponding decryption operation after the verification is passed, so that the safety and the integrity of the file data are ensured.
Preferably, the device completes the encryption of the file data through a WEB guidance type and graphical interface.
Compared with the prior art, the file transmission encryption method and the file transmission encryption equipment under the domestic CPU and the OS have the following beneficial effects:
according to the method, under a domestic operating system, a file transmission encryption method based on a domestic password is adopted, and national algorithms with independent intellectual property rights are adopted for file encryption and decryption and file data credible authentication, so that the traditional international commercial algorithm is abandoned, the safety in the transmission process is enhanced, and the requirement on safety and controllability of special industries is also enhanced;
under a domestic operating system, the file transmission encryption method based on domestic passwords performs encryption and decryption operations by using special hardware equipment at places needing to occupy a large amount of encryption and decryption operation resources in the processes of file encryption and decryption and file data trusted authentication, so that the consumption of computing resources is reduced, and the encryption transmission efficiency is improved.
The method fully considers the compatibility of different domestic CPUs, OSs, algorithms and browsers under the pure domestic environment.
Drawings
Fig. 1 is a flowchart of an implementation of a file transfer encryption method under a domestic CPU and an OS according to an embodiment of the present invention.
Detailed Description
The present invention will be further described with reference to the following specific examples.
The file transmission encryption method under domestic CPU and OS is characterized in that a key end is arranged and used for carrying out unified management on keys and generating random keys, and the key end is provided with a domestic encryption algorithm management system; and the key end is an encryption and decryption hardware device. The key end provides a perfect system for managing the national secret symmetric key algorithms (SM 1 and SM 4), the national secret asymmetric key algorithm (SM 2) and the hash algorithm (SM 3), and the security of key life cycles such as generation, use, storage, recovery and the like of the key is guaranteed.
The method is realized as follows:
1) And the key end receives and transmits the file data to be encrypted, which is transmitted by the transmitting party. In daily operation, file data needing to be transmitted exist in plaintext data, so that great potential safety hazards exist in the file transmission process, and the file data to be encrypted needs to be sent to a key terminal for encryption processing.
2) The secret key end carries out unified management on the secret key to generate a random secret key, and the obtained random secret key and the file to be encrypted are calculated through a domestic password to generate encrypted file data;
3) Encrypting the random key by the key end through a domestic password to obtain an encrypted random key ciphertext;
in this embodiment, the key end performs an encryption operation on the random key of the encrypted file through a secret asymmetric key algorithm (SM 2), so as to obtain an encrypted ciphertext of the random key. The SM2 algorithm is asymmetric encryption, which is disclosed based on ECC. Since the algorithm is based on ECC, the signature speed and the key generation speed are faster than those of RSA. The security strength of the ECC 256 bits (the SM2 adopts one of the ECC 256 bits) is higher than that of the RSA2048 bits, but the operation speed is faster than that of the RSA. Therefore, the SM2 algorithm has higher cipher complexity, higher processing speed and lower machine performance consumption. The SM2 algorithm is divided into a public key and a private key, the public key is used for encrypting the random key of the encrypted file to obtain a ciphertext of the encrypted random key, meanwhile, the corresponding private key is transmitted to a receiving party, and the receiving party decrypts the ciphertext of the encrypted random key by using the private key to obtain the random key for the encrypted file.
4) The key end simultaneously sends the encrypted file data and the encrypted random key to a receiver;
5) And the receiver decrypts the encrypted random key and then decrypts the encrypted file data by using the random key to obtain the decrypted file data.
The key end sends the encrypted file data and the encrypted random key to the receiving party at the same time, the receiving party decrypts the file data according to a private key of a domestic password (SM 2) after receiving the file data to obtain a plaintext of the random key used for encrypting the file data, and then the encrypted file data is decrypted by the random key to obtain the decrypted file data.
In the process of file transmission encryption, in order to ensure the security and the integrity of file data, the signature operation is carried out on the transmitted file data and the secret key according to the signature of a sender, so that the file data and the secret key are prevented from being tampered in the transmission process. Meanwhile, the receiver can perform the label-removing operation after receiving the data, and performs the corresponding decryption operation after the verification is passed. The safety and the integrity of the file data are ensured.
And the key end completes the encryption of the file data through a WEB guiding type and a graphical interface.
According to the method, domestic passwords with independent intellectual property rights are adopted for file encryption and decryption and file data credibility certification, a traditional international commercial algorithm is abandoned, the safety in the transmission process is enhanced, and the requirement on safety and controllability of a special industry is enhanced;
in the file encryption and decryption and file data credible authentication process, encryption and decryption operations are performed by special hardware equipment for places needing to occupy a large number of encryption and decryption operation resources, so that the consumption of calculation resources is reduced, and the encryption transmission efficiency is improved.
Under the pure domestic environment, domestic CPUs, OSs and algorithms of different models are fully considered, and the compatibility of the browser is fully considered.
As shown in fig. 1, the method comprises the following specific steps:
1) The sender sends file data;
2) The key end receives and transmits the file data transmitted by the transmitting party;
3) The key end performs key distribution and corresponding encryption operation;
4) The secret key end carries out signature on the transmission data;
5) Receiving the data packet by the receiving party;
6) The receiver checks the received data;
7) And after the signature verification is passed, the receiver decrypts the file data.
The embodiment of the invention also provides a file transmission encryption device under the domestic CPU and OS, which is provided with a domestic encryption algorithm management system used for uniformly managing the secret key and generating a random secret key, and comprises a file receiving module, a file encryption module, a secret key encryption module, an encrypted file sending module and a data signing module,
the file receiving module is used for receiving file data to be encrypted sent by a sender;
the file encryption module generates a random key, and generates encrypted file data after calculating the random key and a file to be encrypted through a domestic password;
the key encryption module encrypts the random key through a domestic password to obtain an encrypted random key ciphertext;
and the encrypted file sending module sends the encrypted file data and the encrypted random key to a receiver at the same time.
And the data signing module is used for signing the transmitted file data and the key according to the signature of the sender.
The file transmission encryption device comprises a file transmission module, a file receiving module, a file encryption module, a key encryption module and an encrypted file sending module, wherein the file transmission module is used for transmitting file data to be encrypted to the file transmission encryption device; and the receiver decrypts the encrypted random key and then decrypts the encrypted file data by using the random key to obtain the decrypted file data.
And the receiver performs the de-signing operation after receiving the data, and performs the corresponding decryption operation after the verification is passed, so that the safety and the integrity of the file data are ensured.
The domestic encryption algorithm installed in the equipment comprises a national secret key symmetric algorithm, a national secret key asymmetric algorithm and a hash algorithm.
The equipment completes the encryption of file data through a WEB guiding type and graphical interface. The implementation of the file transmission encryption process under the domestic CPU and OS by the device may refer to the implementation of the file transmission encryption method under the domestic CPU and OS in the above embodiment:
1) The sender sends file data;
2) The key end receives the file data transmitted by the transmitting party;
3) The key end carries out key distribution and corresponding encryption operation;
4) The secret key end carries out signature on the transmission data;
5) Receiving the data packet by the receiving party;
6) The receiving party checks the received data;
7) And after the signature verification is passed, the receiver decrypts the file data.
The present invention can be easily implemented by those skilled in the art from the above detailed description. It should be understood, however, that the intention is not to limit the invention to the particular embodiments described. On the basis of the embodiments disclosed, a person skilled in the art can combine different technical features at will, thereby implementing different technical solutions.
Except for the technical features described in the specification, the method is known by the technical personnel in the field.
Claims (10)
1. The file transmission encryption method under domestic CPU and OS is characterized in that a key end is arranged and used for carrying out unified management on keys and generating random keys, and the key end is provided with a domestic encryption algorithm management system; the method comprises the following implementation processes:
1) The key end receives and transmits the file data to be encrypted, which is transmitted by the transmitting party;
2) Generating a random key at the key end, and generating encrypted file data by calculating the random key and a file to be encrypted through a domestic password;
3) Encrypting the random key by the key end through a domestic password to obtain an encrypted random key ciphertext;
4) The key terminal sends the encrypted file data and the encrypted random key to a receiver at the same time;
5) And the receiver decrypts the encrypted random key and then decrypts the encrypted file data by using the random key to obtain the decrypted file data.
2. The file transmission encryption method under domestic CPU and OS according to claim 1, characterized in that said key terminal is an encryption/decryption hardware device.
3. The file transmission encryption method under domestic CPU and OS according to claim 1 or 2, characterized in that the domestic encryption algorithm installed at the key end includes a domestic symmetric key algorithm, a domestic asymmetric key algorithm and a hash algorithm.
4. The file transmission encryption method under domestic CPU and OS according to claim 1, characterized in that in the file data transmission encryption process, a signature operation is performed on the transmitted file data and the key according to the signature of the sender; and the receiver performs the label-removing operation after receiving the data, and performs the corresponding decryption operation after the verification is passed.
5. The file transmission encryption method under domestic CPUs and OSs according to claim 1 or 2, wherein said key side completes encryption of said file data through WEB-guided and graphical interfaces.
6. The file transmission encryption method under the domestic CPU and OS according to claim 4, characterized in that the method is implemented as follows:
1) The sender sends file data;
2) The key end receives and transmits the file data transmitted by the transmitting party;
3) The key end carries out key distribution and corresponding encryption operation;
4) The secret key end carries out signature on the transmission data;
5) Receiving the data packet by the receiving party;
6) The receiving party checks the received data;
7) And after the signature verification is passed, the receiver decrypts the file data.
7. The file transmission encryption equipment under domestic CPU and OS is characterized in that the equipment is provided with a domestic encryption algorithm management system which is used for carrying out unified management on keys and generating random keys, and comprises a file receiving module, a file encryption module, a key encryption module and an encrypted file sending module,
the file receiving module is used for receiving file data to be encrypted, which is sent by a sender;
the file encryption module generates a random key, and generates encrypted file data after calculating the random key and a file to be encrypted through a domestic password;
the key encryption module encrypts the random key through a domestic password to obtain an encrypted random key ciphertext;
and the encrypted file sending module sends the encrypted file data and the encrypted random key to a receiver at the same time.
8. The file transfer encryption device under a domestic CPU and OS according to claim 7, wherein the device-installed domestic encryption algorithm includes a domestic key symmetric key algorithm, a domestic key asymmetric key algorithm, and a hash algorithm.
9. The file transfer encryption device under a domestic CPU and OS according to claim 7 or 8, further comprising a data signing module for signing the transferred file data and the key based on the signature of the sender.
10. The encryption device for file transfer under domestic CPU and OS according to claim 9, wherein the encryption of file data is done through WEB-guided and graphical interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211244482.6A CN115694922A (en) | 2022-10-12 | 2022-10-12 | File transmission encryption method and equipment under domestic CPU and OS |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211244482.6A CN115694922A (en) | 2022-10-12 | 2022-10-12 | File transmission encryption method and equipment under domestic CPU and OS |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115694922A true CN115694922A (en) | 2023-02-03 |
Family
ID=85063874
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211244482.6A Pending CN115694922A (en) | 2022-10-12 | 2022-10-12 | File transmission encryption method and equipment under domestic CPU and OS |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115694922A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116846689A (en) * | 2023-09-01 | 2023-10-03 | 建信金融科技有限责任公司 | Financial business data transmission method, device, computer equipment and storage medium |
-
2022
- 2022-10-12 CN CN202211244482.6A patent/CN115694922A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116846689A (en) * | 2023-09-01 | 2023-10-03 | 建信金融科技有限责任公司 | Financial business data transmission method, device, computer equipment and storage medium |
| CN116846689B (en) * | 2023-09-01 | 2023-12-26 | 建信金融科技有限责任公司 | Financial business data transmission method, device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109800584B (en) | Identity or attribute encryption calculation method and system based on Intel SGX mechanism | |
| CN102082790B (en) | Method and device for encryption/decryption of digital signature | |
| CN110958219B (en) | SM2 proxy re-encryption method and device for medical cloud shared data | |
| CN104253694A (en) | Encrypting method for network data transmission | |
| CN111371549A (en) | Message data transmission method, device and system | |
| CN104270242A (en) | Encryption and decryption device used for network data encryption transmission | |
| Kapoor et al. | A hybrid cryptography technique for improving network security | |
| CN204180095U (en) | A kind of ciphering and deciphering device for network data encryption transmission | |
| CN113542428B (en) | Vehicle data uploading method and device, vehicle, system and storage medium | |
| CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
| CN101931623B (en) | Safety communication method suitable for remote control with limited capability at controlled end | |
| CN108632251A (en) | Authentic authentication method based on cloud computing data service and its Encryption Algorithm | |
| CN110519226B (en) | Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate | |
| CN111163108A (en) | Electric power Internet of things security terminal chip composite encryption system and method | |
| CN114531239A (en) | Data transmission method and system for multiple encryption keys | |
| CN115694922A (en) | File transmission encryption method and equipment under domestic CPU and OS | |
| WO2020042023A1 (en) | Instant messaging data encryption method and apparatus | |
| CN112800462A (en) | Method for storing confidential information in cloud computing environment | |
| CN114650181B (en) | E-mail encryption and decryption method, system, equipment and computer readable storage medium | |
| CN112787819B (en) | Industrial control safety communication system and communication method | |
| CN112055071B (en) | Industrial control safety communication system and method based on 5G | |
| CN110365482B (en) | Data communication method and device | |
| CN109787772B (en) | Anti-quantum computation signcryption method and system based on symmetric key pool | |
| CN109787773B (en) | Anti-quantum computation signcryption method and system based on private key pool and Elgamal | |
| Hwang | Scheme for secure digital mobile communications based on symmetric key cryptography |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |