CN116170180A - Encryption method, encryption device, storage medium and electronic equipment - Google Patents

Encryption method, encryption device, storage medium and electronic equipment Download PDF

Info

Publication number
CN116170180A
CN116170180A CN202211686104.3A CN202211686104A CN116170180A CN 116170180 A CN116170180 A CN 116170180A CN 202211686104 A CN202211686104 A CN 202211686104A CN 116170180 A CN116170180 A CN 116170180A
Authority
CN
China
Prior art keywords
encryption
ciphertext
initialization vector
key
original
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211686104.3A
Other languages
Chinese (zh)
Inventor
马单
徐东明
付迎鑫
徐锐
王健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202211686104.3A priority Critical patent/CN116170180A/en
Publication of CN116170180A publication Critical patent/CN116170180A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses an encryption method, an encryption device, a storage medium and electronic equipment. Wherein the method comprises the following steps: determining an original key, and iterating the original key for a preset number of times through a data encryption algorithm to obtain an encryption key; acquiring an initialization vector in a ciphertext structure, and acquiring an encrypted original ciphertext according to an encryption key and the initialization vector; and obtaining encryption salt, and splicing the encrypted original ciphertext, the initialization vector, the encryption salt and the preset times to obtain a target ciphertext. The method and the device solve the technical problems that the key management is difficult and the encryption strength is fixed, so that different encryption strength requirements on different systems cannot be adopted.

Description

Encryption method, encryption device, storage medium and electronic equipment
Technical Field
The present invention relates to the field of cryptography, and in particular, to an encryption method, an encryption device, a storage medium, and an electronic device.
Background
With the rapid development of online business, the types and the quantity of orders received by the system are gradually increased, various sensitive information of users is also stored in the system, and encryption processing is needed to be carried out on the information in order to prevent information leakage during interaction between the systems. The related technology has the defects of difficult management of binary format keys, fixed security intensity, weak usability and the like, can not really meet the high efficiency and usability of an encryption mechanism of an application system, and can not realize the requirements of adopting different encryption intensities for different systems.
In view of the above problems, no effective solution has been proposed at present.
Disclosure of Invention
The embodiment of the application provides an encryption method, an encryption device, a storage medium and electronic equipment, which at least solve the technical problems that the key management is difficult and the encryption strength is fixed, so that different encryption strength requirements on different systems cannot be adopted.
According to an aspect of the embodiments of the present application, there is provided an encryption method, including: determining an original key, and iterating the original key for a preset number of times through a data encryption algorithm to obtain an encryption key; acquiring an initialization vector in a ciphertext structure, and acquiring an encrypted original ciphertext according to an encryption key and the initialization vector; and obtaining encryption salt, and splicing the encrypted original ciphertext, the initialization vector, the encryption salt and the preset times to obtain a target ciphertext.
Optionally, obtaining the encrypted original ciphertext according to the encryption key and the initialization vector includes: and encrypting the plaintext through a cipher block chain mode of the cipher block link according to the encryption key and the initialization vector to obtain an encrypted original ciphertext.
Optionally, iterating the original key a predetermined number of times through a data encryption algorithm to obtain an encryption key, including: determining a base number and an index in a ciphertext structure; and obtaining the preset times according to the base number and the index.
Optionally, determining the base and the index includes: determining a security level of the encrypted data; and determining the base and the index according to the security level, wherein the higher the security level is, the larger the base and the index are.
Optionally, determining the base and the exponent according to the security level includes: judging whether the encrypted data contains personal information and an order number; under the condition that the encrypted data contains personal information and order numbers, determining that the security level of the encrypted data is greater than a preset level; under the condition that the security level is greater than a preset level, acquiring a target range corresponding to the base number and the index; and selecting the values respectively corresponding to the base number and the index from the target range.
Optionally, splicing the encrypted original ciphertext, the initialization vector, the encryption salt and the preset times to obtain a target ciphertext, including: determining the blocks of a plaintext, and obtaining a base number and an index; and sequentially splicing the blocks, the base numbers, the indexes, the encryption salt, the initialization vector and the encrypted original ciphertext to obtain the target ciphertext.
Optionally, after the encrypted original ciphertext, the initialization vector, the encryption salt and the predetermined times are spliced to obtain the target ciphertext, the method further comprises: after the target ciphertext is obtained, converting the binary ciphertext corresponding to the target ciphertext into hexadecimal ciphertext.
Optionally, the method further comprises: acquiring hexadecimal ciphertext, and converting the hexadecimal ciphertext into binary ciphertext; splitting the encrypted original ciphertext from the binary ciphertext, and iterating the original key for a preset number of times through a data encryption algorithm to obtain an encryption key; and decrypting the encrypted original ciphertext according to the encryption key to obtain a plaintext.
Optionally, the encryption salt is determined by: inserting a specific character string into any fixed position of the original ciphertext, and randomly generating a first preset number of bytes as encryption salt after encryption; the initialization vector is determined as follows: when encryption is performed in the ciphertext block chaining mode, a second predetermined number of bytes are randomly generated as an initialization vector after encryption, wherein the first predetermined number is smaller than the second predetermined number.
According to another aspect of the embodiments of the present application, there is also provided an encryption apparatus, including: the determining module is used for determining an original key, and iterating the original key for a preset number of times through a data encryption algorithm to obtain an encryption key; the acquisition module is used for acquiring an initialization vector in the ciphertext structure and acquiring an encrypted original ciphertext according to the encryption key and the initialization vector; and the splicing module is used for acquiring the encryption salt, and splicing the encrypted original ciphertext, the initialization vector, the encryption salt and the preset times to obtain the target ciphertext.
According to another aspect of the embodiments of the present application, there is also provided a nonvolatile storage medium including: the storage medium includes a stored program, wherein the program, when run, controls a device in which the storage medium resides to perform any one of the encryption methods.
According to another aspect of the embodiments of the present application, there is also provided an electronic device, including: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to execute instructions to implement any one of the encryption methods.
In the embodiment of the application, a mode of dynamically adjusting the encryption iteration number to control the encryption strength is adopted, and an original key is determined and iterated for a preset number of times through a data encryption algorithm to obtain an encryption key; acquiring an initialization vector in a ciphertext structure, and acquiring an encrypted original ciphertext according to an encryption key and the initialization vector; the method comprises the steps of obtaining encryption salt, splicing an original encrypted ciphertext, an initialization vector, the encryption salt and preset times to obtain a target encrypted ciphertext, simplifying a key management mode, enhancing usability of an encryption mechanism, and improving network transmission efficiency of the encrypted ciphertext, so that the technical effect that encryption strength can be dynamically adjusted is achieved, and further the technical problem that different encryption strength requirements cannot be adopted for different systems due to the fact that related technologies are difficult in key management and fixed in encryption strength is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
FIG. 1 is a flow diagram of an encryption method according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a ciphertext structure according to an embodiment of the present application;
FIG. 3 is a schematic diagram of an encrypted device according to an embodiment of the present application;
fig. 4 is a schematic block diagram of an example electronic device 400, according to an embodiment of the present application.
Detailed Description
In order to make the present application solution better understood by those skilled in the art, the following description will be made in detail and with reference to the accompanying drawings in the embodiments of the present application, it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that embodiments of the present application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For a better understanding of those skilled in the art, related embodiments of the present application will now be described with reference to the technical terms or partial terms that may be used in the present application:
the encryption strength parameter refers to iteration times, and the execution times of the PBKDF2 algorithm are configured by the power of M (index) of N (base), so that the strength of the encryption algorithm can be adjusted according to actual needs to adapt to various scene requirements.
The random encryption salt is formed by inserting a specific character string at any fixed position of the password, so that the hashed result does not coincide with the hashed result using the original password.
The initialization vector is the data block that needs to be introduced as selected when using the cipher block chain mode.
In accordance with the embodiments of the present application, an encryption method embodiment is provided, it being noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system, such as a set of computer executable instructions, and although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order other than that illustrated herein.
Fig. 1 is an encryption method according to an embodiment of the present application, as shown in fig. 1, the method includes the steps of:
step S102, determining an original key, and iterating the original key for a preset number of times through a data encryption algorithm to obtain an encryption key;
step S104, an initialization vector in a ciphertext structure is obtained, and an encrypted original ciphertext is obtained according to an encryption key and the initialization vector;
and S106, obtaining encryption salt, and splicing the encrypted original ciphertext, the initialization vector, the encryption salt and the preset times to obtain a target ciphertext.
In the embodiment of the application, a mode of dynamically adjusting the encryption iteration number to control the encryption strength is adopted, and an original key is determined and iterated for a preset number of times through a data encryption algorithm to obtain an encryption key; acquiring an initialization vector in a ciphertext structure, and acquiring an encrypted original ciphertext according to an encryption key and the initialization vector; the method comprises the steps of obtaining encryption salt, splicing an original encrypted ciphertext, an initialization vector, the encryption salt and preset times to obtain a target encrypted ciphertext, simplifying a key management mode, enhancing usability of an encryption mechanism, and improving network transmission efficiency of the encrypted ciphertext, so that the technical effect that encryption strength can be dynamically adjusted is achieved, and further the technical problem that different encryption strength requirements cannot be adopted for different systems due to the fact that related technologies are difficult in key management and fixed in encryption strength is solved.
In some optional embodiments of the present application, obtaining the encrypted original ciphertext according to the encryption key and the initialization vector includes: and encrypting the plaintext through a cipher block chain mode of the cipher block link according to the encryption key and the initialization vector to obtain an encrypted original ciphertext.
As an alternative embodiment, iterating the original key through the data encryption algorithm a predetermined number of times to obtain the encryption key, including: determining a base number and an index in a ciphertext structure; and obtaining the preset times according to the base number and the index.
For example, assuming a base of 2 and an index of 2, the number of iterations is 2 2 =4。
In an exemplary embodiment of the present application, determining the base and the exponent includes: determining a security level of the encrypted data; and determining the base and the index according to the security level, wherein the higher the security level is, the larger the base and the index are.
It can be understood that when data with higher security level is transferred, larger base number and index are used to generate larger iteration times, so that the decoding difficulty is increased; when data with lower security level is transferred, smaller indexes and bases are used, smaller iteration times are generated, and the resource consumption of encryption and decryption is reduced.
It should be noted that the maximum number of iterations can support 255 255 And twice.
As an alternative embodiment, determining the base and the index according to the security level includes: judging whether the encrypted data contains personal information and an order number; under the condition that the encrypted data contains personal information and order numbers, determining that the security level of the encrypted data is greater than a preset level; under the condition that the security level is greater than a preset level, acquiring a target range corresponding to the base number and the index; and selecting the values respectively corresponding to the base number and the index from the target range.
It should be noted that the preset level is a common security level.
For example, the range of values from 0 to 255 can be divided into three ranges, 0 to 85 being the target range for low security level to obtain the base and the index, 85 to 170 being the target range for normal security level to obtain the base and the index, and 170 to 255 being the target range for high security level to obtain the base and the index.
In some optional embodiments of the present application, splicing the encrypted original ciphertext, the initialization vector, the encryption salt, and the predetermined number of times to obtain the target ciphertext includes: determining the blocks of a plaintext, and obtaining a base number and an index; and sequentially splicing the blocks, the base numbers, the indexes, the encryption salt, the initialization vector and the encrypted original ciphertext to obtain the target ciphertext.
In an exemplary embodiment of the present application, after the target ciphertext is obtained by splicing the encrypted original ciphertext, the initialization vector, the encryption salt and the predetermined number of times, the method further includes: after the target ciphertext is obtained, converting the binary ciphertext corresponding to the target ciphertext into hexadecimal ciphertext.
The binary ciphertext is converted into hexadecimal, so that network transmission of the ciphertext is facilitated.
In some optional embodiments of the present application, the method further comprises: acquiring hexadecimal ciphertext, and converting the hexadecimal ciphertext into binary ciphertext; splitting the encrypted original ciphertext from the binary ciphertext, and iterating the original key for a preset number of times through a data encryption algorithm to obtain an encryption key; and decrypting the encrypted original ciphertext according to the encryption key to obtain a plaintext.
As an alternative embodiment, the encryption salt is determined by: inserting a specific character string into any fixed position of the original ciphertext, and randomly generating a first preset number of bytes as encryption salt after encryption; the initialization vector is determined as follows: when encryption is performed in the ciphertext block chaining mode, a second predetermined number of bytes are randomly generated as an initialization vector after encryption, wherein the first predetermined number is smaller than the second predetermined number.
The first predetermined number is 8, the second predetermined number is 16, that is, the encryption salt length is 8 bytes, and the initialization vector length is 16 bytes.
In order to facilitate a better understanding of the technical solutions of the present application, a specific embodiment will now be described.
Specifically, the process mainly comprises the following steps:
1. the encryption flow comprises the following steps:
(1) Randomly generating encryption salt, wherein the length of the encryption salt is 8 bytes;
(2) Randomly generating an initialization vector with the length of 16 bytes;
(3) Generating an encryption key, and generating the encryption key by using a PBKDF2 algorithm: the original key in string format is iterated a predetermined number of times using the SHA-1PRF algorithm (N M ) Obtaining an encryption key with the length of 32 bytes;
the number of iterations is obtained by determining the values of the base and the index, where N is the base and M is the index.
It can be understood that when data with higher security level is transferred, larger base number and index are used to generate larger iteration times, so that the decoding difficulty is increased; when data with lower security level is transferred, smaller indexes and bases are used to generate smaller iteration times, so that the resource consumption of encryption and decryption is reduced.
(4) Acquiring a CBC mode ciphertext: obtaining an encryption key and an initialization vector, and encrypting a plaintext according to the encryption key and the initialization vector through an AES-256 algorithm and a CBC mode to obtain an original ciphertext;
(5) Splicing the base number, the index, the encryption salt, the initialization vector and the CBC mode original ciphertext to obtain a binary ciphertext;
fig. 2 is a schematic diagram of a ciphertext structure according to an embodiment of the application, as shown in fig. 2, the structure comprising: base (base), exponent (index), encryption salt (encryption salt), initialization Vector (IV), CBC pattern ciphertext (cipheredext).
(6) The binary ciphertext is converted to a final hexadecimal ciphertext.
2. Decryption flow:
(1) Converting hexadecimal ciphertext into binary ciphertext;
(2) Resolving binary ciphertext: splitting the structure of the binary ciphertext into fields of a base number, an index, encryption salts, an initialization vector and a CBC mode ciphertext;
(3) Generating an encryption key: iterating the ciphertext in the character string format for a predetermined number of times by using an SHA-1PRF algorithm to obtain an encryption key with the length of 32 bytes;
(4) Obtaining a plaintext: using the encryption key and the initialization vector, decrypting with AES-256 algorithm and CBC mode to obtain plaintext.
The method for controlling the encryption strength by dynamically adjusting the encryption iteration times has the following beneficial effects:
(1) The ciphertext structure of the method and the device splice the random values required by decryption into the ciphertext, the ciphertext structure is secret, the decoding difficulty is increased, the final ciphertext is converted into hexadecimal, network transmission of the ciphertext is facilitated, and the ciphertext format of the AES algorithm adopted by the related technology is binary, so that direct transmission is inconvenient.
(2) The security intensity of the method can be adjusted, and the security intensity can be dynamically adjusted by transmitting iteration times in the custom ciphertext structure so as to adapt to various scene requirements, and both sides of encryption and decryption by using a PBKDF2 algorithm in the related technology need to agree on fixed iteration times.
(3) The key of the method is in a character string format, an original key in the character string format is adopted, a specific 256-bit binary key is dynamically generated during encryption, so that the original key is more convenient to manage, and an AES algorithm key adopted in the related technology is 256-bit binary, so that the key management is inconvenient.
Fig. 3 is a schematic structural diagram of an encryption device according to an embodiment of the present application, as shown in fig. 3, the device includes:
a determining module 30, configured to determine an original key, iterate the original key through a data encryption algorithm for a predetermined number of times to obtain an encryption key;
the obtaining module 32 is configured to obtain an initialization vector in the ciphertext structure, and obtain an encrypted original ciphertext according to the encryption key and the initialization vector;
and the splicing module 34 is used for acquiring the encryption salt, and splicing the encrypted original ciphertext, the initialization vector, the encryption salt and the preset times to obtain the target ciphertext.
In the device, a determining module 30 is configured to determine an original key, iterate the original key for a predetermined number of times through a data encryption algorithm to obtain an encryption key; the obtaining module 32 is configured to obtain an initialization vector in the ciphertext structure, and obtain an encrypted original ciphertext according to the encryption key and the initialization vector; the splicing module 34 is configured to obtain the encryption salt, splice the encrypted original ciphertext, the initialization vector, the encryption salt and the predetermined number of times to obtain the target ciphertext, thereby simplifying a key management manner, enhancing usability of an encryption mechanism, and improving network transmission efficiency of the ciphertext, so as to achieve a technical effect that encryption strength can be dynamically adjusted, and further solve a technical problem that different encryption strength requirements cannot be met for different systems due to difficulty in managing keys in the related art and incapability of realizing fixed encryption strength.
According to another aspect of the embodiments of the present application, there is also provided a nonvolatile storage medium including a stored program, where the device in which the nonvolatile storage medium is controlled to execute any one encryption method when the program runs.
Specifically, the storage medium is configured to store program instructions for the following functions, and implement the following functions:
determining an original key, and iterating the original key for a preset number of times through a data encryption algorithm to obtain an encryption key; acquiring an initialization vector in a ciphertext structure, and acquiring an encrypted original ciphertext according to an encryption key and the initialization vector; and obtaining encryption salt, and splicing the encrypted original ciphertext, the initialization vector, the encryption salt and the preset times to obtain a target ciphertext.
Alternatively, in the present embodiment, the storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
In an exemplary embodiment of the present application, there is also provided a computer program product comprising a computer program which, when executed by a processor, implements any of the encryption methods described above.
Optionally, the computer program may, when executed by a processor, implement the steps of:
determining an original key, and iterating the original key for a preset number of times through a data encryption algorithm to obtain an encryption key; acquiring an initialization vector in a ciphertext structure, and acquiring an encrypted original ciphertext according to an encryption key and the initialization vector; and obtaining encryption salt, and splicing the encrypted original ciphertext, the initialization vector, the encryption salt and the preset times to obtain a target ciphertext.
There is provided, according to an embodiment of the present application, an electronic device including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform any one of the encryption methods described above.
Optionally, the electronic device may further include a transmission device and an input/output device, where the transmission device is connected to the processor, and the input device is connected to the processor.
Fig. 4 is a schematic block diagram of an example electronic device 400, according to an embodiment of the present application. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the application described and/or claimed herein.
As shown in fig. 4, the apparatus 400 includes a computing unit 401 that can perform various suitable actions and processes according to a computer program stored in a Read Only Memory (ROM) 402 or a computer program loaded from a storage unit 408 into a Random Access Memory (RAM) 403. In RAM 403, various programs and data required for the operation of device 400 may also be stored. The computing unit 401, ROM 402, and RAM 403 are connected to each other by a bus 404. An input/output (I/O) interface 405 is also connected to bus 404.
Various components in device 400 are connected to I/O interface 405, including: an input unit 406 such as a keyboard, a mouse, etc.; an output unit 407 such as various types of displays, speakers, and the like; a storage unit 408, such as a magnetic disk, optical disk, etc.; and a communication unit 409 such as a network card, modem, wireless communication transceiver, etc. The communication unit 409 allows the device 400 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
The computing unit 401 may be a variety of general purpose and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 401 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 401 performs the respective methods and processes described above, such as an encryption method. For example, in some embodiments, the encryption method may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as the storage unit 408. In some embodiments, part or all of the computer program may be loaded and/or installed onto the device 400 via the ROM 402 and/or the communication unit 409. When the computer program is loaded into RAM 403 and executed by computing unit 401, one or more steps of the encryption method described above may be performed. Alternatively, in other embodiments, the computing unit 401 may be configured to perform the encryption method by any other suitable means (e.g. by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for carrying out methods of the present application may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus such that the program code, when executed by the processor or controller, causes the functions/operations specified in the flowchart and/or block diagram to be implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this application, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and pointing device (e.g., a mouse or trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the internet.
The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server incorporating a blockchain.
The foregoing embodiment numbers of the present application are merely for describing, and do not represent advantages or disadvantages of the embodiments.
In the foregoing embodiments of the present application, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed technology content may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, for example, may be a logic function division, and may be implemented in another manner, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely a preferred embodiment of the present application and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present application and are intended to be comprehended within the scope of the present application.

Claims (12)

1. An encryption method, comprising:
determining an original key, and iterating the original key for a preset number of times through a data encryption algorithm to obtain an encryption key;
acquiring an initialization vector in a ciphertext structure, and acquiring an encrypted original ciphertext according to the encryption key and the initialization vector;
and obtaining encryption salt, and splicing the encrypted original ciphertext, the initialization vector, the encryption salt and the preset times to obtain a target ciphertext.
2. The method of claim 1, wherein obtaining the encrypted original ciphertext from the encryption key and the initialization vector comprises: and encrypting the plaintext through a cipher block chain mode of the cipher block link according to the encryption key and the initialization vector to obtain an encrypted original ciphertext.
3. The method of claim 2, wherein iterating the original key a predetermined number of times through a data encryption algorithm to obtain an encryption key, comprising:
determining the base number and the index in the ciphertext structure;
and obtaining the preset times according to the base number and the index.
4. A method according to claim 3, wherein determining the base and the index comprises:
determining a security level of the encrypted data;
and determining the base and the index according to the security level, wherein the base and the index are larger as the security level is higher.
5. The method of claim 4, wherein determining the base and the exponent from the security level comprises:
judging whether the encrypted data contains personal information and an order number;
determining that the security level of the encrypted data is greater than a preset level in the case where the encrypted data contains the personal information and the order number;
acquiring a target range corresponding to the base number and the index under the condition that the security level is greater than the preset level;
and selecting the value corresponding to each of the base number and the index from the target range.
6. The method of claim 3, wherein concatenating the encrypted original ciphertext, the initialization vector, the encryption salt, and a predetermined number of times to obtain a target ciphertext comprises:
determining the block of the plaintext, and acquiring the base number and the index;
and splicing the blocks, the base numbers, the indexes, the encryption salt, the initialization vector and the encrypted original ciphertext in sequence to obtain the target ciphertext.
7. The method of claim 1, further comprising, after concatenating the encrypted original ciphertext, the initialization vector, the encryption salt, and a predetermined number of times to obtain a target ciphertext: and after the target ciphertext is obtained, converting the binary ciphertext corresponding to the target ciphertext into hexadecimal ciphertext.
8. The method of claim 7, wherein the method further comprises:
acquiring the hexadecimal ciphertext, and converting the hexadecimal ciphertext into the binary ciphertext;
splitting the encrypted original ciphertext from the binary ciphertext, and iterating the original key for a preset number of times through a data encryption algorithm to obtain an encryption key;
and decrypting the encrypted original ciphertext according to the encryption key to obtain a plaintext.
9. The method of claim 1, wherein the step of determining the position of the substrate comprises,
the encryption salt is determined by: inserting a specific character string into any fixed position of the original ciphertext, and randomly generating a first preset number of bytes as the encryption salt after encryption;
the initialization vector is determined as follows: and when encryption is performed in the ciphertext block chaining mode, randomly generating a second preset number of bytes as the initialization vector after encryption, wherein the first preset number is smaller than the second preset number.
10. An encryption apparatus, comprising:
the determining module is used for determining an original key, and iterating the original key for a preset number of times through a data encryption algorithm to obtain an encryption key;
the acquisition module is used for acquiring an initialization vector in the ciphertext structure and acquiring an encrypted original ciphertext according to the encryption key and the initialization vector;
and the splicing module is used for acquiring the encryption salt, and splicing the encrypted original ciphertext, the initialization vector, the encryption salt and the preset times to obtain a target ciphertext.
11. A non-volatile storage medium, characterized in that the storage medium comprises a stored program, wherein the program, when run, controls a device in which the storage medium is located to perform the encryption method according to any one of claims 1 to 9.
12. An electronic device, comprising:
a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the encryption method of any one of claims 1 to 9.
CN202211686104.3A 2022-12-27 2022-12-27 Encryption method, encryption device, storage medium and electronic equipment Pending CN116170180A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211686104.3A CN116170180A (en) 2022-12-27 2022-12-27 Encryption method, encryption device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211686104.3A CN116170180A (en) 2022-12-27 2022-12-27 Encryption method, encryption device, storage medium and electronic equipment

Publications (1)

Publication Number Publication Date
CN116170180A true CN116170180A (en) 2023-05-26

Family

ID=86415637

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211686104.3A Pending CN116170180A (en) 2022-12-27 2022-12-27 Encryption method, encryption device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN116170180A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116961908A (en) * 2023-09-21 2023-10-27 深圳市纽创信安科技开发有限公司 Encryption method, electronic device, electronic apparatus, and computer storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116961908A (en) * 2023-09-21 2023-10-27 深圳市纽创信安科技开发有限公司 Encryption method, electronic device, electronic apparatus, and computer storage medium
CN116961908B (en) * 2023-09-21 2024-01-05 深圳市纽创信安科技开发有限公司 Encryption method, electronic device, electronic apparatus, and computer storage medium

Similar Documents

Publication Publication Date Title
KR102040106B1 (en) Method for homomorphic encryption of plain text in real numbers
CN105122721B (en) For managing the method and system for being directed to the trustship of encryption data and calculating safely
KR102297536B1 (en) Apparatus for processing non-polynomial operation on encrypted messages and methods thereof
CN110312054B (en) Image encryption and decryption method, related device and storage medium
CN111950030A (en) Data sharing storage method based on block chain, terminal equipment and storage medium
US20210117533A1 (en) Private password constraint validation
JP7170878B2 (en) Apparatus and method for performing non-polynomial arithmetic on ciphertext
CN109936546A (en) Data encryption storage method and device and calculating equipment
CN113794706B (en) Data processing method and device, electronic equipment and readable storage medium
CN112765642A (en) Data processing method, data processing apparatus, electronic device, and medium
CN116170180A (en) Encryption method, encryption device, storage medium and electronic equipment
KR102443255B1 (en) Method for Generating Encryption Key and Digital Signature Based on Lattices
CN116781425B (en) Service data acquisition method, device, equipment and storage medium
CN104636662A (en) Data processing method and terminal device
CN108595973B (en) Instruction determination method, equipment control method, device and system
US11750367B2 (en) Simulation device and method for homomorphic cryptosystem
KR102304992B1 (en) Apparatus for processing non-polynomial operation on homoprophic encrypted messages and methods thereof
KR20230003954A (en) Ciphertext processing method for zero-knowledge proof and apparatus thereof
CN113609156A (en) Data query and write-in method and device, electronic equipment and readable storage medium
KR20200087708A (en) Verifiable computing for approximate computation
KR102257779B1 (en) Tweaked interpolation for multiparty computation
CN115333868B (en) Symmetric encryption method, symmetric decryption method, symmetric encryption device, symmetric decryption device and symmetric encryption device based on odd-even round robin
KR102393941B1 (en) Encoding or decoding for approximate encrypted messages
KR102418016B1 (en) Identity-based encryption mtthod based on lattices
CN112615712B (en) Data processing method, related device and computer program product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination