CN116089980A - OFD document sensitive information encryption and decryption method and system - Google Patents
OFD document sensitive information encryption and decryption method and system Download PDFInfo
- Publication number
- CN116089980A CN116089980A CN202310063765.9A CN202310063765A CN116089980A CN 116089980 A CN116089980 A CN 116089980A CN 202310063765 A CN202310063765 A CN 202310063765A CN 116089980 A CN116089980 A CN 116089980A
- Authority
- CN
- China
- Prior art keywords
- ofd document
- file
- ciphertext
- plaintext
- ofd
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
Abstract
A method and a system for encrypting and decrypting OFD document sensitive information, wherein the method comprises the following steps: acquiring an OFD document, selecting sensitive information in the OFD document, and carrying out SM4 encryption on the selected sensitive information by adopting a file encryption key; using a password to derive an SM4 symmetric key, and encrypting a file encryption key by using the SM4 symmetric key to obtain a file encryption key ciphertext to obtain a file encryption key description file; constructing an explicit ciphertext mapping table of the OFD document, and replacing plaintext by ciphertext in the explicit ciphertext mapping table to obtain the ciphertext of the OFD document; constructing a decryption entry file by utilizing an explicit ciphertext mapping table and a file encryption key ciphertext of the OFD document, and writing the explicit ciphertext mapping table, the file encryption key description file and the decryption entry file into the OFD document to construct a completely encrypted OFD document; and decrypting the completely encrypted OFD document according to the password and the decryption entry file to obtain the plaintext of the OFD document.
Description
Technical Field
The invention relates to the technical field of document encryption, in particular to an OFD document sensitive information encryption and decryption method and system.
Background
In the prior art, the encryption mode of the OFD document is usually full-text file encryption, however, the full-text encryption generally cannot solve the problem of encryption according to pages or appointed contents, compared with encryption of only partial contents, the efficiency is low, decryption is needed when the document is checked, and the requirement of partial encryption of the OFD document is not friendly. Therefore, the prior art cannot encrypt and decrypt partial contents such as partial sensitive words, paragraphs, lines and the like of the OFD document, so that the conventional OFD document is difficult to encrypt partial sensitive information under the condition that normal reading of the document is not affected.
Disclosure of Invention
One of the purposes of the invention is to provide an encryption and decryption method and system for sensitive information of an OFD document, which are used for encrypting the sensitive words, partial paragraphs and partial document pages in the document by using an SM4 algorithm, so that the sensitive information of the OFD document can be protected, and the integral reading of the OFD document is not influenced.
The invention further aims to provide an encryption and decryption method and system for the sensitive information of the OFD document, and the method and the system adopt an SM4 algorithm to decrypt the sensitive information of the OFD document in a password mode, so that the security of the sensitive information of the document is ensured while the sensitive content is convenient to view.
The invention further aims to provide an encryption and decryption method and system for the sensitive information of the OFD document, which are used for encrypting the sensitive information content of the OFD document serving as a part and replacing the original sensitive information content by the encrypted mark, so that the integral structure of the OFD document is not damaged.
In order to achieve at least one of the above objects, the present invention further provides an encryption and decryption method for sensitive information of an OFD document, the method comprising:
acquiring an OFD document, selecting sensitive information in the OFD document, and carrying out SM4 encryption on the selected sensitive information by adopting a file encryption key;
using a password to derive an SM4 symmetric key, encrypting a file encryption key by using the SM4 symmetric key to obtain a file encryption key ciphertext, performing base64 encoding on the file encryption key ciphertext, and assembling the encoded content into an xml node to obtain a file encryption key description file;
constructing an explicit ciphertext mapping table of the OFD document, and replacing plaintext by ciphertext in the explicit ciphertext mapping table to obtain the ciphertext of the OFD document;
constructing a decryption entry file by utilizing an explicit ciphertext mapping table and a file encryption key ciphertext of the OFD document, and writing the explicit ciphertext mapping table, the file encryption key description file and the decryption entry file into the OFD document to construct a completely encrypted OFD document;
and decrypting the completely encrypted OFD document according to the encrypted password and the decryption entry file to obtain the plaintext of the OFD document.
According to one preferred embodiment of the invention, after the selected sensitive information is obtained and SM4 encryption is carried out, a mapping relation is established between plaintext and ciphertext of the sensitive information, the encrypted ciphertext is obtained, and the sensitive information is replaced by an encryption mark.
According to another preferred embodiment of the present invention, after the sensitive information is replaced by the encryption mark, the encrypted ciphertext of the OFD document is assembled into the XML node, and the plaintext of the plaintext mapping table of the OFD document is generated.
According to another preferred embodiment of the present invention, after obtaining the plaintext of the plaintext mapping table of the OFD document, the file encryption key is further used to encrypt the plaintext of the plaintext mapping table of the OFD document by SM4, so as to obtain the ciphertext of the plaintext mapping table of the OFD document.
According to another preferred embodiment of the present invention, the path information of the plaintext mapping table ciphertext of the OFD document and the path information of the file encryption key description file are constructed as XML nodes, a decryption entry file in XML format is generated, and the decryption entry file in XML format is placed in the root directory of the OFD document.
According to another preferred embodiment of the present invention, the decryption method includes: inputting a password, reading the decryption entry file, analyzing the ciphertext path information of the plaintext mapping table of the OFD document and the path information of the file encryption key description file, obtaining the file encryption key description file according to the path information, decoding by a base64, and obtaining a file decryption key after SM4 decryption.
According to another preferred embodiment of the present invention, after the path information is obtained according to the decryption entry file, the plaintext of the plaintext mapping table of the OFD document is obtained, and the plaintext of the plaintext mapping table of the OFD document is obtained by performing SM4 decryption on the plaintext of the plaintext mapping table of the OFD document.
According to another preferred embodiment of the invention, after obtaining the plaintext of the plaintext mapping table of the OFD document, XML node information of the plaintext mapping table of the OFD document is obtained, and the mapping relation of the plaintext of the OFD document is obtained according to the XML node information, and further the ciphertext part of the OFD document is decrypted by adopting the file decryption key, and the decrypted content is replaced with the encryption mark of the corresponding position.
In order to achieve at least one of the above objects, the present invention further provides an OFD document sensitive information encryption and decryption system, which executes the above method for encrypting and decrypting OFD document sensitive information.
The invention further provides a computer readable storage medium storing a computer program executable by a processor to implement the above method for encrypting and decrypting sensitive information of an OFD document.
Drawings
FIG. 1 shows a flow chart of an encryption and decryption method for sensitive information of an OFD document.
Detailed Description
The following description is presented to enable one of ordinary skill in the art to make and use the invention. The preferred embodiments in the following description are by way of example only and other obvious variations will occur to those skilled in the art. The basic principles of the invention defined in the following description may be applied to other embodiments, variations, modifications, equivalents, and other technical solutions without departing from the spirit and scope of the invention.
It will be understood that the terms "a" and "an" should be interpreted as referring to "at least one" or "one or more," i.e., in one embodiment, the number of elements may be one, while in another embodiment, the number of elements may be plural, and the term "a" should not be interpreted as limiting the number.
Referring to fig. 1, the invention discloses an encryption and decryption method and system for sensitive information of an OFD document, wherein the method mainly comprises an encryption flow and a decryption flow, and the encryption flow comprises: and the application program opens the OFD document, and the application program is utilized to select sensitive information which needs to be encrypted in the OFD document, wherein the sensitive information can be sensitive words, partial paragraphs or partial document pages. Setting a password to encrypt the sensitive information by using SM4 and then replacing the plaintext information of the OFD document at the corresponding position of the original text to obtain the ciphertext of the OFD document, establishing a mapping relation between the plaintext and the ciphertext of the sensitive information by establishing a plaintext-ciphertext mapping table of the OFD document, further encrypting the plaintext-ciphertext mapping table to obtain a plaintext-ciphertext mapping table ciphertext, encoding and encrypting a file encryption key to obtain a file encryption key description file, and generating a decryption entry file according to the plaintext-ciphertext mapping table ciphertext of the OFD document and the file encryption key description file for subsequent decryption operation.
Specifically, a password is set, which is used as an encryption and decryption password, since the decryption process of SM4 is an inverse sequence process of the encryption process. And SM4 is a cryptographic algorithm, and specific steps of the SM4 algorithm are not described in detail. In the encryption process, the SM4 symmetric key is randomly generated by using the encryption password, and the SM4 symmetric key is randomly generated by using the encryption password as a file encryption key. And further carrying out SM4 encryption on the selected sensitive information and the associated resources by using the file encryption key to generate the OFD document ciphertext, wherein only the sensitive information part in the OFD document ciphertext is encrypted, and the non-sensitive information part is still in a plaintext state. Further setting an encryption mark, for example, setting the encryption mark as the encryption mark, and establishing a plaintext of a plaintext mapping table of the OFD document according to the ciphertext of the OFD document and the plaintext of the OFD document, wherein the plaintext of the plaintext mapping table is used for establishing a mapping relation between the plaintext of the OFD document and the ciphertext content position. Such as which plaintext file before encryption the encrypted OFD document ciphertext file corresponds to, what the plaintext corresponding to a few sensitive words after being replaced by using "#", and which position of which page of the original document corresponds to. And further assembling the plaintext of the plaintext mapping table of the OFD document into XML nodes, and generating the plaintext mapping indicating document EntriesMap.
Further, encrypting the plaintext file of the plaintext mapping table of the OFD document by using the file encryption key to obtain the ciphertext file entrismap. Dat of the plaintext mapping table of the OFD document, and deleting the plaintext mapping indicating file EntriesMap. Xml.
Deriving an SM4 symmetric key by using an encryption password, taking the derived SM4 symmetric key as a first encapsulation key, performing SM4 encryption on the file encryption key by using the first encapsulation key to obtain the file encryption key ciphertext, and further performing base64 encoding on the file encryption key, for example: the file encryption key is ' 125<67 #, after being encoded by the base64, the file encryption key is ' MTI1PDY3 Kg= ', the encrypted content of the file encryption key after being encoded by the base64 is assembled into XML nodes to generate a file encryption key description file decrypted. XML, the path information of the explicit ciphertext mapping table ciphertext file entresmap of the OFD file and the file encryption key description file decrypted. XML in the OFD file is assembled into XML files to generate a decryption entry file encryptes. XML, the decryption entry file can be regarded as a path information file of a related encryption file, the corresponding encryption file can be obtained by analyzing the decryption entry file, and the decryption operation of the corresponding encryption file is executed.
It should be noted that, the present invention needs to write the ciphertext file entisma.dat and the file encryption key description file decrypted.xml of the ciphertext mapping table comprising the ciphertext of the OFD document and the plaintext of the OFD document into the OFD document, so as to form the complete encrypted OFD document.
The decryption operation of the complete encrypted OFD document comprises the following steps: and opening the corresponding complete encrypted OFD document by using the application program, and inputting a password, wherein the password is a decryption password in the decryption process, and deriving an SM4 symmetric key by using the password, wherein the SM4 symmetric key derived by the decryption password is a second encapsulation key. Reading the decryption entry file encryptions. XML, analyzing the decryption entry file encryptions. XML to obtain XML node information, obtaining a file encryption key ciphertext according to path information corresponding to the XML node information, further performing base64 decoding on the file encryption key ciphertext, and then performing SM4 decryption on the decoded file encryption key ciphertext, wherein the file decryption key plaintext is described, and because the SM4 encryption process and the decryption process are the result of the mode selection of the reverse sequence, the key is the file encryption key in the encryption mode and the key is the file decryption key in the decryption mode.
Obtaining an explicit ciphertext map table ciphertext file entresmap. Dat of the OFD document according to the path information obtained by analyzing the decryption entry file encryptions. Xml, and performing SM4 decryption operation on the explicit ciphertext map ciphertext file entresmap. Dat of the OFD document to obtain an explicit ciphertext map indication file entresmap. Xml of the OFD document. And further analyzing the plaintext map of the OFD document to indicate the node information of the text file EntriesMap.xml to obtain the node information of the plaintext map of the text file EntriesMap.xml, further obtaining encrypted sensitive information, partial paragraphs and partial pages according to the plaintext file of the plaintext map, and decrypting the encrypted sensitive information, partial paragraphs and partial pages by using an SM4 algorithm to obtain the plaintext of the sensitive information, partial paragraphs and partial pages. And further replacing the decrypted sensitive information, partial paragraph and partial page plaintext and encryption marks at corresponding positions according to the plaintext mapping relation in the plaintext file of the plaintext mapping table, so as to obtain a complete OFD document plaintext, deleting 4 files of encryptions, decrypted, entriesMap, xml and entresmap.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such embodiments, the computer program may be downloaded and installed from a network via a communication portion, and/or installed from a removable medium. The above-described functions defined in the method of the present application are performed when the computer program is executed by a Central Processing Unit (CPU). It should be noted that the computer readable medium described in the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the above. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wire segments, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
It will be understood by those skilled in the art that the embodiments of the present invention described above and shown in the drawings are merely illustrative and not restrictive of the current invention, and that this invention has been shown and described with respect to the functional and structural principles thereof, without departing from such principles, and that any modifications or adaptations of the embodiments of the invention may be possible and practical.
Claims (10)
1. An OFD document sensitive information encryption and decryption method is characterized by comprising the following steps:
acquiring an OFD document, selecting sensitive information in the OFD document, and carrying out SM4 encryption on the selected sensitive information by adopting a file encryption key;
using a password to derive an SM4 symmetric key, encrypting a file encryption key by using the SM4 symmetric key to obtain a file encryption key ciphertext, performing base64 encoding on the file encryption key ciphertext, and assembling the encoded content into an xml node to obtain a file encryption key description file;
constructing an explicit ciphertext mapping table of the OFD document, and replacing plaintext by ciphertext in the explicit ciphertext mapping table to obtain the ciphertext of the OFD document;
constructing a decryption entry file by utilizing an explicit ciphertext mapping table and a file encryption key ciphertext of the OFD document, and writing the explicit ciphertext mapping table, the file encryption key description file and the decryption entry file into the OFD document to construct a completely encrypted OFD document;
and decrypting the completely encrypted OFD document according to the password and the decryption entry file to obtain the plaintext of the OFD document.
2. The method for encrypting and decrypting the sensitive information of the OFD document according to claim 1 is characterized in that after the selected sensitive information is obtained and SM4 encryption is carried out, a mapping relation is established between plaintext and ciphertext of the sensitive information, the ciphertext of the OFD document is obtained, and the sensitive information is replaced by an encryption mark.
3. The method for encrypting and decrypting the sensitive information of the OFD document according to claim 2, wherein after the sensitive information is replaced by an encryption mark, the encrypted OFD document ciphertext is assembled into an XML node, and the plaintext of the plaintext mapping table of the OFD document is generated.
4. The method for encrypting and decrypting the sensitive information of the OFD document according to claim 3, wherein after obtaining the plaintext of the plaintext mapping table of the OFD document, the file encryption key is further adopted to encrypt the plaintext of the plaintext mapping table of the OFD document by SM4, so as to obtain the ciphertext of the plaintext mapping table of the OFD document.
5. The method for encrypting and decrypting the sensitive information of the OFD document according to claim 4, wherein the obtained ciphertext path information of the plaintext mapping table of the OFD document and the path information of the file encryption key description file are built into XML nodes, a decryption entry file in an XML format is generated, and the decryption entry file in the XML format is put into a root directory of the OFD document.
6. The method for encrypting and decrypting the sensitive information of the OFD document according to claim 1, wherein the decrypting method comprises the following steps: inputting a password, reading the decryption entry file, analyzing the ciphertext path information of the plaintext mapping table of the OFD document and the path information of the file encryption key description file, obtaining the file encryption key description file according to the path information, decoding by a base64, and obtaining a file decryption key after SM4 decryption.
7. The method for encrypting and decrypting the sensitive information of the OFD document according to claim 6 is characterized in that after the path information is obtained according to the decryption entry file, the plaintext mapping table ciphertext of the OFD document is obtained, and SM4 decryption is carried out on the plaintext mapping table ciphertext of the OFD document to obtain the plaintext mapping table plaintext of the OFD document.
8. The method for encrypting and decrypting the sensitive information of the OFD document according to claim 7 is characterized in that after the plaintext of the plaintext mapping table of the OFD document is obtained, XML node information of the plaintext mapping table of the OFD document is obtained, the mapping relation of the plaintext of the OFD document is obtained according to the XML node information, the ciphertext part of the OFD document is further decrypted by adopting the file decryption key, and the decrypted content is replaced by the encryption mark of the corresponding position.
9. An OFD document sensitive information encryption and decryption system, wherein the system executes an OFD document sensitive information encryption and decryption method according to any one of claims 1 to 8.
10. A computer-readable storage medium, wherein the computer-readable storage medium stores a computer program executable by a processor to implement an OFD document sensitive information encryption and decryption method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310063765.9A CN116089980A (en) | 2023-01-17 | 2023-01-17 | OFD document sensitive information encryption and decryption method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310063765.9A CN116089980A (en) | 2023-01-17 | 2023-01-17 | OFD document sensitive information encryption and decryption method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116089980A true CN116089980A (en) | 2023-05-09 |
Family
ID=86198907
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310063765.9A Pending CN116089980A (en) | 2023-01-17 | 2023-01-17 | OFD document sensitive information encryption and decryption method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116089980A (en) |
-
2023
- 2023-01-17 CN CN202310063765.9A patent/CN116089980A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10891384B2 (en) | Blockchain transaction device and method | |
| KR100753932B1 (en) | contents encryption method, system and method for providing contents through network using the encryption method | |
| US10922435B2 (en) | Image encryption method, image viewing method, system, and terminal | |
| CN102163268B (en) | The term of execution verifying software code the method and apparatus of integrality | |
| US9020149B1 (en) | Protected storage for cryptographic materials | |
| US20140143553A1 (en) | Method and Apparatus for Encapsulating and Encrypting Files in Computer Device | |
| CN109495459B (en) | Media data encryption method, system, device and storage medium | |
| CN109981266B (en) | Method and device for storing and reading key and sensitive information | |
| CN111190974B (en) | Method, device and equipment for forwarding and acquiring verifiable statement | |
| CN106682521B (en) | File transparent encryption and decryption system and method based on driver layer | |
| CN110855433A (en) | Data encryption method and device based on encryption algorithm and computer equipment | |
| CN106446697A (en) | Method and device for saving private data | |
| WO2020044095A1 (en) | File encryption method and apparatus, device, terminal, server, and computer-readable storage medium | |
| CN111104693A (en) | Android platform software data cracking method, terminal device and storage medium | |
| CN116455572A (en) | Data encryption method, device and equipment | |
| CN116089980A (en) | OFD document sensitive information encryption and decryption method and system | |
| CN108985109A (en) | A kind of date storage method and device | |
| CN112242970B (en) | Data segmentation encryption security reinforcing method and device | |
| CN111859226A (en) | Page jump method, device and related equipment | |
| CN110543772A (en) | Offline decryption method and device | |
| JP2020155801A (en) | Information management system and method therefor | |
| CN113360859B (en) | Python interpreter-based encrypted file security control method and device | |
| CN116743461B (en) | Commodity data encryption method and device based on time stamp | |
| CN117938546B (en) | Verification and data access method of electronic account | |
| CN114595206A (en) | Log management method and log safety system for vehicle application program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |