CN116599763A - File encryption method, system, terminal and storage medium - Google Patents
File encryption method, system, terminal and storage medium Download PDFInfo
- Publication number
- CN116599763A CN116599763A CN202310768718.4A CN202310768718A CN116599763A CN 116599763 A CN116599763 A CN 116599763A CN 202310768718 A CN202310768718 A CN 202310768718A CN 116599763 A CN116599763 A CN 116599763A
- Authority
- CN
- China
- Prior art keywords
- node
- leaf
- encryption
- file
- link information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000004590 computer program Methods 0.000 claims description 19
- 238000012795 verification Methods 0.000 claims description 8
- 238000010276 construction Methods 0.000 claims description 4
- 238000001514 detection method Methods 0.000 claims description 4
- 230000000694 effects Effects 0.000 abstract description 6
- 238000010586 diagram Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 4
- 238000005192 partition Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000007670 refining Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a file encryption method, a system, a terminal and a storage medium, wherein the method comprises the following steps: dividing the file to be encrypted to obtain divided files, and constructing a directed acyclic graph by taking each divided file as a node; setting encryption keys for each leaf node in the directed acyclic graph, and encrypting the corresponding leaf node according to each encryption key to obtain a leaf encryption node; node replacement is carried out on each leaf node in the directed acyclic graph according to each leaf encryption node; in the directed acyclic graph after node replacement, adding the link information of each leaf encryption node into a parent node until the root node finishes adding the link information; encrypting the root node, and setting the encrypted link information of the root node as the link information of the file to be encrypted. According to the embodiment of the application, the partial leaf nodes can be effectively decoded based on the link information in the father node, so that the partial disclosure effect of the file to be encrypted is achieved, and the use experience of a user is improved.
Description
Technical Field
The present application relates to the field of data encryption technologies, and in particular, to a file encryption method, system, terminal, and storage medium.
Background
In daily life and work of people, file transmission is often required by using a network, and security in file transmission is very important, especially for transmission of confidential files. In order to ensure the security of file transmission, a file encryption technology is generally utilized to encrypt a file to be transmitted, and then the encrypted file is transmitted.
In the existing file encryption process, the control granularity of an encryption key is that one file is encrypted by using one key, so that the content of the disclosure file cannot be partially disclosed, and the use experience of a user is reduced.
Disclosure of Invention
The embodiment of the application aims to provide a file encryption method, a system, a terminal and a storage medium, which aim to solve the problem that the existing file encryption cannot partially disclose file contents.
The embodiment of the application is realized in such a way that the file encryption method comprises the following steps:
dividing a file to be encrypted to obtain divided files, and constructing a directed acyclic graph by taking each divided file as a node;
setting encryption keys for each leaf node in the directed acyclic graph, and encrypting the corresponding leaf node according to each encryption key to obtain a leaf encryption node;
node replacement is carried out on each leaf node in the directed acyclic graph according to each leaf encryption node;
in the directed acyclic graph after node replacement, adding the link information of each leaf encryption node into a parent node until the root node in the directed acyclic graph completes the addition of the link information;
encrypting the root node, and setting the encrypted link information of the root node as the link information of the file to be encrypted.
Preferably, the adding the link information of each leaf encryption node to the parent node includes:
respectively calculating hash values of the leaf encryption nodes, and generating content identifiers of the leaf encryption nodes according to the hash values;
adding the content identifier and the encryption key of each leaf encryption node to the corresponding parent node;
wherein the link information includes the content identifier and the encryption key, the encryption key including a corresponding encryption algorithm, key length, and key content.
Preferably, the setting of encryption keys for each leaf node in the directed acyclic graph includes:
and respectively calculating the hash value of each leaf encryption node, and setting the hash value of each leaf encryption node as the encryption key.
Preferably, after setting the encrypted link information of the root node as the link information of the file to be encrypted, the method further includes:
acquiring the encrypted root node, and decrypting the encrypted root node according to the link information of the file to be encrypted;
acquiring an encryption key and a content identifier of each child node according to the decrypted root node, and performing node acquisition and node decryption according to the encryption key and the content identifier of each child node until each leaf node is acquired;
and performing file splicing according to each leaf node to obtain the file to be encrypted.
Preferably, before the file splicing according to each leaf node, the method further includes:
performing content verification on each leaf node according to the content identifiers stored in each parent node;
and if the content verification of any leaf node is not qualified, tamper prompt is carried out on the leaf node.
Preferably, after the link information of each leaf encryption node is added to the parent node, the method further includes:
performing duplicate checking detection on content identifiers stored in each father node;
and if the same content identification exists, deleting the link information corresponding to the content identification to one.
Preferably, the encryption key of each leaf node is a symmetric key, and the key of the root node is an asymmetric key.
It is another object of an embodiment of the present application to provide a file encryption system, the system including:
the loop-free graph construction module is used for dividing the file to be encrypted to obtain divided files, and constructing a directed loop-free graph by taking each divided file as a node;
the node encryption module is used for respectively setting encryption keys for the leaf nodes in the directed acyclic graph, and encrypting the corresponding leaf nodes according to the encryption keys to obtain leaf encryption nodes;
the node replacement module is used for replacing each leaf node in the directed acyclic graph according to each leaf encryption node;
the information adding module is used for adding the link information of each leaf encryption node to a father node in the directed acyclic graph after node replacement until the root node in the directed acyclic graph completes the addition of the link information;
and the link setting module is used for encrypting the root node and setting the encrypted link information of the root node as the link information of the file to be encrypted.
It is a further object of an embodiment of the present application to provide a terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, which processor implements the steps of the method as described above when executing the computer program.
It is a further object of embodiments of the present application to provide a computer readable storage medium storing a computer program which, when executed by a processor, implements the steps of the above method.
According to the embodiment of the application, the encryption key is set for each leaf node in the directed acyclic graph, each leaf node can be effectively encrypted based on each encryption key, so that the control granularity of the encryption key is the leaf node, and part of the leaf nodes can be effectively decoded based on the link information in the father node by adding the link information of each leaf encryption node into the father node, so that the partial disclosure effect of the file to be encrypted is achieved, and the use experience of a user is further improved.
Drawings
FIG. 1 is a flowchart of a file encryption method according to a first embodiment of the present application;
FIG. 2 is a schematic illustration of a directed acyclic graph provided by a first embodiment of the application;
FIG. 3 is a schematic diagram of a symmetric key provided by a first embodiment of the present application;
FIG. 4 is a schematic diagram of the content of an intermediate node according to the first embodiment of the present application;
FIG. 5 is a schematic diagram of the content of a parent node after adding link information according to the first embodiment of the present application;
FIG. 6 is a flowchart of a file encryption method according to a second embodiment of the present application;
FIG. 7 is a schematic diagram of a file encryption system according to a third embodiment of the present application;
fig. 8 is a schematic structural diagram of a terminal device according to a fourth embodiment of the present application.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
In order to illustrate the technical scheme of the application, the following description is made by specific examples.
Example 1
Referring to fig. 1, a flowchart of a file encryption method according to a first embodiment of the present application is provided, where the file encryption method can be applied to any terminal device or system, and the file encryption method includes the steps of:
s10, dividing a file to be encrypted to obtain divided files, and constructing a directed acyclic graph by taking each divided file as a node;
the partition size of the file to be encrypted may be set according to requirements, for example, the partition size may be set to 256KB, that is, each leaf node stores a file segment of 256KB in the constructed directed acyclic graph (Directed Acyclic Graph, DAG). Referring to fig. 2, in the directed acyclic graph, a leaf node is at the bottom, an intermediate node is at the middle, a root node is at the top, intermediate nodes linked with each leaf node are parent nodes of the corresponding leaf node, the intermediate node and the root node do not store contents, but store content identifiers (cid) of the leaf nodes linked with the intermediate node and the root node, the cid contains a node hash value, which can be used to verify whether file contents are tampered, and in the interstellar file system, routing information of the file node can also be found according to the cid of the file, so the cid can also be regarded as the link of the node.
Step S20, encryption key setting is carried out on each leaf node in the directed acyclic graph, and corresponding leaf nodes are encrypted according to each encryption key to obtain leaf encryption nodes;
the encryption key of each leaf node can be a symmetric key, the encryption key is recorded as a password by randomly generating a symmetric encryption key for each leaf node, and the leaf node is encrypted according to the symmetric key to obtain a leaf encryption node; referring to fig. 3, the password is recorded in a self-explanatory manner, and includes a corresponding encryption algorithm, a key length, and key content.
Optionally, the setting an encryption key for each leaf node in the directed acyclic graph includes: and respectively calculating the hash value of each leaf encryption node, and setting the hash value of each leaf encryption node as the encryption key.
Step S30, node replacement is carried out on each leaf node in the directed acyclic graph according to each leaf encryption node;
wherein, the encrypted leaf node (leaf encryption node) replaces the original node;
step S40, in the directed acyclic graph after node replacement, adding the link information of each leaf encryption node into a parent node until the root node in the directed acyclic graph completes the addition of the link information;
referring to fig. 4, the leaf nodes only include original file content segments, all the leaf nodes can restore the original file after being spliced in sequence, the intermediate node and the root node include links pointing to child nodes, and in the content addressing system, the links refer to cid generated by hashing the content of the child nodes and according to a fixed format.
Optionally, the adding the link information of each leaf encryption node to the parent node includes:
respectively calculating hash values of the leaf encryption nodes, and generating content identifiers of the leaf encryption nodes according to the hash values;
adding the content identifier and the encryption key of each leaf encryption node to the corresponding parent node;
the link information includes a content identifier and an encryption key, the content identifier of each leaf encryption node is generated according to each hash value and is marked as encryptCid, the password and encryptCid of the leaf encryption node are added in the parent node of the leaf encryption node, and after the addition, the content of the parent node is shown in fig. 5.
Further, after the link information of each leaf encryption node is added to the parent node, the method further includes:
performing duplicate checking detection on content identifiers stored in each father node;
if the same content identification exists, deleting the link information corresponding to the content identification to one; if the same encryptCid exists between the father nodes or in the father nodes, the link information corresponding to the encryptCid is deleted to one. In the encryption process of the leaf nodes, the hash value of the original document of the node is used as an encryption key instead of a random number, and the encryption nodes of the same file node in the system can be ensured to be consistent, so that the encryption and duplication removal effects are achieved. The DAG structure may comprise a folder structure and may be used as an encryption method for a file system.
Step S50, encrypting the root node, and setting the encrypted link information of the root node as the link information of the file to be encrypted;
the key of the root node may be an asymmetric key, and the cid of the root node after encryption is the cid of the file to be encrypted, and the key of the root node is the key of the file to be encrypted.
In this embodiment, if only part of the content of the disclosure document of another person is needed, only the link information of part of the leaf encryption nodes in the parent node can be shared, so that the fine granularity control effect on the file key is achieved, and the use experience of the user is improved.
In this embodiment, encryption keys are set for each leaf node in the directed acyclic graph, and each leaf node can be effectively encrypted based on each encryption key, so that the control granularity of the encryption key is the leaf node.
Example two
Referring to fig. 6, a flowchart of a file encryption method according to a second embodiment of the present application is provided, and the method is used for further refining the first embodiment, and includes the steps of:
step S60, the encrypted root node is obtained, and the encrypted root node is decrypted according to the link information of the file to be encrypted;
the root node is pulled, and the root node is decoded according to the link information of the file to be encrypted, so that the link information stored in the root node is obtained;
step S70, according to the decrypted root node, the encryption key and the content identifier of the child node are obtained, and node obtaining and node decrypting are carried out according to the encryption key and the content identifier of each child node until each leaf node is obtained;
according to the link information of the decrypted root node, recursively carrying out node pulling and node decryption until all leaf nodes are pulled;
step S80, file splicing is carried out according to each leaf node, and the file to be encrypted is obtained;
optionally, before the file splicing according to each leaf node, the method further includes:
performing content verification on each leaf node according to the content identifiers stored in each parent node;
if the content verification of any leaf node is not qualified, tamper prompt is carried out on the leaf node; the parent node of each node actually contains the cid before encryption of the node, so that whether the file content is tampered can be effectively verified.
In this embodiment, the encryption key of each leaf node is different, and the user only needs to master the root node to decrypt the whole file, and based on the link information in the parent node, part of the leaf nodes can be effectively decoded, so as to achieve the effect of partially disclosing the file to be encrypted, and improve the use experience of the user.
Example III
Referring to fig. 7, a schematic structural diagram of a file encryption system 100 according to a third embodiment of the present application includes: the system comprises a loop-free diagram construction module 10, a node encryption module 11, an information adding module 12, a link setting module 13 and a file decoding module 14, wherein:
the acyclic graph construction module 10 is configured to divide a file to be encrypted to obtain divided files, and construct a directed acyclic graph by using each divided file as a node. The partition size of the file to be encrypted may be set according to requirements, for example, the partition size may be set to 256KB, that is, each leaf node stores a file segment of 256KB in the constructed directed acyclic graph.
And the node encryption module 11 is used for respectively setting encryption keys for the leaf nodes in the directed acyclic graph, and encrypting the corresponding leaf nodes according to the encryption keys to obtain leaf encryption nodes. The encryption key of each leaf node can be a symmetric key, and the leaf node is encrypted according to the symmetric key by randomly generating a symmetric encryption key for each leaf node and marking the symmetric encryption key as a password, so that the leaf encryption node is obtained.
Optionally, the node encryption module 11 is further configured to: and respectively calculating the hash value of each leaf encryption node, and setting the hash value of each leaf encryption node as the encryption key.
And the node replacement module is used for replacing the nodes of each leaf node in the directed acyclic graph according to each leaf encryption node.
And the information adding module 12 is configured to add the link information of each leaf encryption node to a parent node in the directed acyclic graph after node replacement until the root node in the directed acyclic graph completes the addition of the link information.
Optionally, the information adding module 12 is further configured to: respectively calculating hash values of the leaf encryption nodes, and generating content identifiers of the leaf encryption nodes according to the hash values;
adding the content identifier and the encryption key of each leaf encryption node to the corresponding parent node;
wherein the link information includes the content identifier and the encryption key, the encryption key including a corresponding encryption algorithm, key length, and key content.
Optionally, the information adding module 12 is further configured to: performing duplicate checking detection on content identifiers stored in each father node;
and if the same content identification exists, deleting the link information corresponding to the content identification to one.
And the link setting module 13 is used for encrypting the root node and setting the encrypted link information of the root node as the link information of the file to be encrypted.
The file decoding module 14 is configured to obtain the encrypted root node, and decrypt the encrypted root node according to the link information of the file to be encrypted;
acquiring an encryption key and a content identifier of each child node according to the decrypted root node, and performing node acquisition and node decryption according to the encryption key and the content identifier of each child node until each leaf node is acquired;
and performing file splicing according to each leaf node to obtain the file to be encrypted.
Optionally, the file decoding module 14 is further configured to: performing content verification on each leaf node according to the content identifiers stored in each parent node;
and if the content verification of any leaf node is not qualified, tamper prompt is carried out on the leaf node.
According to the embodiment, the encryption key is set for each leaf node in the directed acyclic graph, each leaf node can be effectively encrypted based on each encryption key, so that the control granularity of the encryption key is the leaf node, part of the leaf nodes can be effectively decoded based on the link information in the father node by adding the link information of each leaf encryption node to the father node, the partial disclosure effect of the file to be encrypted is achieved, and the use experience of a user is further improved.
Example IV
Fig. 8 is a block diagram of a terminal device 2 according to a fourth embodiment of the present application. As shown in fig. 8, the terminal device 2 of this embodiment includes: a processor 20, a memory 21 and a computer program 22, such as a program of a file encryption method, stored in said memory 21 and executable on said processor 20. The steps of the various embodiments of the file encryption method described above are implemented by the processor 20 when executing the computer program 22.
Illustratively, the computer program 22 may be partitioned into one or more modules that are stored in the memory 21 and executed by the processor 20 to complete the present application. The one or more modules may be a series of computer program instruction segments capable of performing specific functions for describing the execution of the computer program 22 in the terminal device 2. The terminal device may include, but is not limited to, a processor 20, a memory 21.
The processor 20 may be a central processing unit (Central Processing Unit, CPU), other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 21 may be an internal storage unit of the terminal device 2, such as a hard disk or a memory of the terminal device 2. The memory 21 may be an external storage device of the terminal device 2, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the terminal device 2. Further, the memory 21 may also include both an internal storage unit and an external storage device of the terminal device 2. The memory 21 is used for storing the computer program as well as other programs and data required by the terminal device. The memory 21 may also be used for temporarily storing data that has been output or is to be output.
In addition, each functional module in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated modules, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Wherein the computer readable storage medium may be nonvolatile or volatile. Based on such understanding, the present application may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the steps of each method embodiment described above may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, executable files or in some intermediate form, etc. The computer readable storage medium may include: any entity or device capable of carrying computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth. It should be noted that the content of the computer readable storage medium may be appropriately scaled according to the requirements of jurisdictions in which such computer readable storage medium does not include electrical carrier signals and telecommunication signals, for example, according to jurisdictions and patent practices.
The above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application.
Claims (10)
1. A method of encrypting a file, the method comprising:
dividing a file to be encrypted to obtain divided files, and constructing a directed acyclic graph by taking each divided file as a node;
setting encryption keys for each leaf node in the directed acyclic graph, and encrypting the corresponding leaf node according to each encryption key to obtain a leaf encryption node;
node replacement is carried out on each leaf node in the directed acyclic graph according to each leaf encryption node;
in the directed acyclic graph after node replacement, adding the link information of each leaf encryption node into a parent node until the root node in the directed acyclic graph completes the addition of the link information;
encrypting the root node, and setting the encrypted link information of the root node as the link information of the file to be encrypted.
2. The file encryption method according to claim 1, wherein the adding of the link information of each leaf encryption node to the parent node includes:
respectively calculating hash values of the leaf encryption nodes, and generating content identifiers of the leaf encryption nodes according to the hash values;
adding the content identifier and the encryption key of each leaf encryption node to the corresponding parent node;
wherein the link information includes the content identifier and the encryption key, the encryption key including a corresponding encryption algorithm, key length, and key content.
3. The method for encrypting a file according to claim 1, wherein said respectively performing encryption key setting on each leaf node in said directed acyclic graph comprises:
and respectively calculating the hash value of each leaf encryption node, and setting the hash value of each leaf encryption node as the encryption key.
4. The file encryption method according to claim 2, wherein after setting the encrypted link information of the root node as the link information of the file to be encrypted, further comprising:
acquiring the encrypted root node, and decrypting the encrypted root node according to the link information of the file to be encrypted;
acquiring an encryption key and a content identifier of each child node according to the decrypted root node, and performing node acquisition and node decryption according to the encryption key and the content identifier of each child node until each leaf node is acquired;
and performing file splicing according to each leaf node to obtain the file to be encrypted.
5. The method for encrypting a file according to claim 4, wherein before said splicing the file according to each leaf node, further comprising:
performing content verification on each leaf node according to the content identifiers stored in each parent node;
and if the content verification of any leaf node is not qualified, tamper prompt is carried out on the leaf node.
6. The file encryption method according to claim 2, wherein after the link information of each leaf encryption node is added to the parent node, further comprising:
performing duplicate checking detection on content identifiers stored in each father node;
and if the same content identification exists, deleting the link information corresponding to the content identification to one.
7. A method of encrypting a file as claimed in any one of claims 1 to 6, wherein the encryption key of each leaf node is a symmetric key and the key of the root node is an asymmetric key.
8. A file encryption system, the system comprising:
the loop-free graph construction module is used for dividing the file to be encrypted to obtain divided files, and constructing a directed loop-free graph by taking each divided file as a node;
the node encryption module is used for respectively setting encryption keys for the leaf nodes in the directed acyclic graph, and encrypting the corresponding leaf nodes according to the encryption keys to obtain leaf encryption nodes;
the node replacement module is used for replacing each leaf node in the directed acyclic graph according to each leaf encryption node;
the information adding module is used for adding the link information of each leaf encryption node to a father node in the directed acyclic graph after node replacement until the root node in the directed acyclic graph completes the addition of the link information;
and the link setting module is used for encrypting the root node and setting the encrypted link information of the root node as the link information of the file to be encrypted.
9. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any of claims 1 to 7 when the computer program is executed.
10. A computer readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the steps of the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310768718.4A CN116599763A (en) | 2023-06-27 | 2023-06-27 | File encryption method, system, terminal and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310768718.4A CN116599763A (en) | 2023-06-27 | 2023-06-27 | File encryption method, system, terminal and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116599763A true CN116599763A (en) | 2023-08-15 |
Family
ID=87604582
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310768718.4A Pending CN116599763A (en) | 2023-06-27 | 2023-06-27 | File encryption method, system, terminal and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116599763A (en) |
-
2023
- 2023-06-27 CN CN202310768718.4A patent/CN116599763A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10630474B2 (en) | Method and system for encrypted data synchronization for secure data management | |
| KR20050035140A (en) | Content processing apparatus and content protection program | |
| CN109547201B (en) | Encryption method of root key, computer readable storage medium and terminal equipment | |
| CN111130770A (en) | Block chain based information evidence storage method and system, user terminal, electronic equipment and storage medium | |
| CN112734361B (en) | Distributed cooperative office data processing method and system | |
| CN111342966B (en) | Data storage method, data recovery method, device and equipment | |
| US20150172044A1 (en) | Order-preserving encryption system, encryption device, decryption device, encryption method, decryption method, and programs thereof | |
| WO2020177514A1 (en) | Image access method and system therefor | |
| Peng et al. | Secure and traceable copyright management system based on blockchain | |
| CN109474616B (en) | Multi-platform data sharing method and device and computer readable storage medium | |
| CN111404892B (en) | Data supervision method and device and server | |
| CN115964728A (en) | File encryption method and device based on consensus algorithm | |
| CN114398623A (en) | Method for determining security policy | |
| CN111104693A (en) | Android platform software data cracking method, terminal device and storage medium | |
| US20220345292A1 (en) | Method and device for encryption of video stream, communication equipment, and storage medium | |
| CN116599763A (en) | File encryption method, system, terminal and storage medium | |
| CN115603907A (en) | Method, device, equipment and storage medium for encrypting storage data | |
| CN115022042A (en) | Compliance code verification method for protecting data privacy and computer readable medium | |
| CN111061720B (en) | Data screening method and device and electronic equipment | |
| CN113111396A (en) | Method, system, device and medium for enhancing storage medium security | |
| CN111130788B (en) | Data processing method and system, data reading method and iSCSI server | |
| CN110838909A (en) | Encryption and decryption method and system for key file | |
| CN116743461B (en) | Commodity data encryption method and device based on time stamp | |
| CN116074110B (en) | Method, system, equipment and medium for realizing encrypted file sharing in cloud environment | |
| CN111199044B (en) | Data storage method, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |