CN116881939A - Encryption verification method, device and equipment based on digital signature algorithm selection - Google Patents
Encryption verification method, device and equipment based on digital signature algorithm selection Download PDFInfo
- Publication number
- CN116881939A CN116881939A CN202310830383.4A CN202310830383A CN116881939A CN 116881939 A CN116881939 A CN 116881939A CN 202310830383 A CN202310830383 A CN 202310830383A CN 116881939 A CN116881939 A CN 116881939A
- Authority
- CN
- China
- Prior art keywords
- target
- encryption
- algorithm
- strategy
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004422 calculation algorithm Methods 0.000 title claims abstract description 223
- 238000012795 verification Methods 0.000 title claims abstract description 112
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000004590 computer program Methods 0.000 claims description 17
- 238000004364 calculation method Methods 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 238000011161 development Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 235000019800 disodium phosphate Nutrition 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides an encryption verification method, a device and equipment based on digital signature algorithm selection, wherein the method is applied to an encryption verification system, the encryption verification system comprises a transmitting end and a receiving end, and the method comprises the following steps: the transmitting end generates a random number according to a preset random number algorithm; the transmitting end selects a strategy to determine a target encryption strategy according to the random number and a preset algorithm; the sending end encrypts preset parameter data according to a target encryption strategy to obtain encryption information; the sending end sends the encryption information and the target encryption strategy to the receiving end; the receiving end determines a corresponding target verification strategy according to the target encryption strategy; and the receiving end checks the encrypted information according to the target check strategy to obtain a corresponding check result. The embodiment of the invention can determine the target encryption strategy and the target verification strategy corresponding to the target encryption strategy according to the random number and the algorithm selection strategy, and can effectively improve the protection capability of the system safety.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to an encryption verification method, device and equipment based on digital signature algorithm selection.
Background
Currently, the mainstream Solid State Disk (SSD) basically has an encryption mechanism, and in order to ensure the validity and security of the data transmission of the solid state disk, a verification function is usually realized through digital signature. A digital signature is a digital string that cannot be forged by others, which is generated only by the sender of the information, and is a valid proof of the authenticity of the information sent by the sender of the information. The digital signature is the application of the asymmetric key encryption technology and the digital digest technology, and the security performance level is higher.
The existing digital signature implementation mode is usually implemented based on a HASH algorithm and an RSA algorithm, wherein the SHA algorithm is a secure HASH algorithm proposed by the national security agency of the United states, has potential information safety hazards and does not meet the future development requirements of the current international situation and domestic information security market.
Therefore, the existing digital signature implementation mode has the problem of information security hidden danger.
Disclosure of Invention
The embodiment of the invention provides an encryption verification method, device and equipment based on digital signature algorithm selection, and aims to solve the problem that the existing digital signature implementation mode has information potential safety hazards.
In a first aspect, an embodiment of the present invention provides an encryption verification method selected based on a digital signature algorithm, where the method is applied to an encryption verification system, where the encryption verification system includes a transmitting end and a receiving end, and the method includes:
the sending end generates a random number according to a preset random number algorithm;
the sending end selects a strategy to determine a target encryption strategy according to the random number and a preset algorithm;
the sending end encrypts preset parameter data according to a target encryption strategy to obtain encryption information;
the sending end sends the encryption information and the target encryption strategy to the receiving end;
the receiving end determines a corresponding target verification strategy according to the target encryption strategy;
and the receiving end checks the encrypted information according to the target checking strategy to obtain a corresponding checking result.
In a second aspect, an embodiment of the present invention further provides an encryption verification device selected based on a digital signature algorithm, where the device includes a generating unit, a first determining unit, an encrypting unit, and a transmitting unit configured at the transmitting end, and the device further includes a second determining unit and a verification unit configured at the receiving end;
the generating unit is used for generating random numbers by the transmitting end according to a preset random number algorithm;
the first determining unit is used for determining a target encryption strategy by the transmitting end according to the random number and a preset algorithm selection strategy;
the encryption unit is used for encrypting the preset parameter data according to the target encryption strategy by the sending end to obtain encryption information;
the sending unit is used for sending the encryption information and the target encryption strategy to the receiving end by the sending end;
the second determining unit is configured to determine a corresponding target verification policy according to the target encryption policy by using the receiving end;
and the verification unit is used for verifying the encrypted information by the receiving end according to the target verification strategy to obtain a corresponding verification result.
In a third aspect, an embodiment of the present invention further provides an electronic device, which includes a memory and a processor, where the memory stores a computer program, and the processor implements the method described in the first aspect when executing the computer program.
In a fourth aspect, embodiments of the present invention also provide a computer readable storage medium storing a computer program comprising program instructions which, when executed by a processor, implement the method of the first aspect.
The embodiment of the invention provides an encryption verification method, a device and equipment based on digital signature algorithm selection, wherein the method is applied to an encryption verification system, the encryption verification system comprises a transmitting end and a receiving end, and the method comprises the following steps: the sending end generates a random number according to a preset random number algorithm; the sending end selects a strategy to determine a target encryption strategy according to the random number and a preset algorithm; the sending end encrypts preset parameter data according to a target encryption strategy to obtain encryption information; the sending end sends the encryption information and the target encryption strategy to the receiving end; the receiving end determines a corresponding target verification strategy according to the target encryption strategy; and the receiving end checks the encrypted information according to the target checking strategy to obtain a corresponding checking result. The embodiment of the invention can determine the target encryption strategy and the target verification strategy corresponding to the target encryption strategy according to the random number and the algorithm selection strategy, and can effectively improve the protection capability of the system safety.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of an encryption verification method selected based on a digital signature algorithm according to an embodiment of the present invention;
FIG. 2 is a schematic sub-flowchart of an encryption verification method selected based on a digital signature algorithm according to an embodiment of the present invention;
FIG. 3 is a schematic block diagram of an encryption verification device selected based on a digital signature algorithm according to an embodiment of the present invention;
fig. 4 is a schematic block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations. The embodiment of the invention provides an encryption verification method, device and equipment based on digital signature algorithm selection, wherein the method is applied to an encryption verification system, and the encryption verification system comprises a transmitting end and a receiving end.
Fig. 1 is a schematic flow chart of an encryption verification method selected based on a digital signature algorithm according to an embodiment of the present invention. As shown in fig. 1, the method includes the following steps S110 to S160.
S110, the sending end generates a random number according to a preset random number algorithm.
In this embodiment, the transmitting end generates a random number according to a preset random number algorithm, and selects different algorithm schemes according to the parity of the random number, so that the protection capability of system security can be effectively improved. The random number may be current date information.
S120, the sending end selects a strategy to determine a target encryption strategy according to the random number and a preset algorithm.
In this embodiment, the target encryption policy may be determined according to the parity of the random number, or a remainder result may be obtained by taking a remainder of a preset integer by using the random number, and the target encryption policy may be determined according to the remainder result.
In one implementation, the target encryption policy includes a target algorithm and a target encryption key corresponding to the target algorithm, and step S120 includes:
s1201, determining a target algorithm according to the parity of the random number;
s1202, determining a target encryption key corresponding to the random number according to a selection strategy corresponding to the target algorithm.
In this embodiment, the target encryption policy includes a target algorithm and a target encryption key corresponding to the target algorithm, and the target algorithm is determined according to the parity of the random number, where the target algorithm may be a first algorithm or a second algorithm. The target encryption key includes a target public key and a target private key. And determining a target algorithm and a target encryption algorithm according to the random number, so that the protection capability of system safety can be effectively improved.
In one embodiment, step S1201 includes: if the random number is even, configuring a first algorithm as a target algorithm; and if the random number is odd, configuring the second algorithm as a target algorithm.
In this embodiment, if the random number is even, the first algorithm is configured as the target algorithm; and if the random number is odd, configuring the second algorithm as a target algorithm. And determining a target algorithm according to the parity of the random number, so that the protection capability of system safety can be effectively improved.
In one embodiment, step S1202 includes: acquiring a corresponding calculated value from a selection strategy corresponding to the target algorithm; performing remainder calculation on the random number according to the calculated value to obtain a corresponding remainder value; and obtaining a key corresponding to the residual value from a key set of a selection strategy corresponding to the target algorithm according to the residual value, and taking the key corresponding to the residual value as a target encryption key.
In this embodiment, a corresponding calculated value is obtained from a selection policy corresponding to the target algorithm, where the calculated value is a random integer value N, and a key set of the selection policy corresponding to the target algorithm is selected according to the calculated value, that is, a set of keys is selected from N sets of keys of the key set as a target encryption key. Performing remainder calculation on the random number according to the calculated value to obtain a corresponding remainder value M, wherein an M-th group key in the N groups of keys is a target encryption key at the moment; the size of the remainder depends on the number of key sets, i.e. the calculated value N is not greater than the number of key sets.
For example, the target algorithm is a first algorithm, the key set includes three sets of keys, the corresponding calculated value n=3, if the random number is 5, the remainder calculation is performed on the random number according to the calculated value, that is, 5 is divided by 3, so as to obtain the corresponding remainder value m=2, and at this time, the second set of keys in the key set is the target encryption key.
S130, the sending end encrypts preset parameter data according to a target encryption strategy to obtain encryption information.
In this embodiment, the sending end performs encryption processing on preset parameter data according to a target encryption policy to obtain encryption information, where the parameter data may be encryption data, and the encryption data may be a version number or a software or hardware name.
In one embodiment, step S130 includes: calculating preset parameter data according to an encryption algorithm in the target encryption strategy to obtain data to be verified; signing the data to be verified according to a signature algorithm and a target private key in the target encryption strategy to obtain a digital signature; the target private key is a target private key of a target encryption key in the target encryption strategy; and combining the digital signature and the parameter data to obtain encryption information.
In this embodiment, a target algorithm is determined according to the parity of the random number; if the random number is even, configuring a first algorithm as a target algorithm; and if the random number is odd, configuring the second algorithm as a target algorithm. The first algorithm includes a first encryption algorithm, which may be a SHA256 hash algorithm, and a first signature algorithm, which may be an RSA algorithm. The SHA algorithm is a secure hash algorithm proposed by the national security agency, and in order to meet future development requirements of the national information security market, a second algorithm is proposed, the second algorithm comprises a second encryption algorithm and a second signature algorithm, the second encryption algorithm can be an SM3 hash algorithm, the second signature algorithm can be an SM2 algorithm, the SM3 hash algorithm is a cryptographic hash function standard issued by the national password administration, and the use of the SM3 hash algorithm can better meet the development requirements of the future information market.
If the random number is even, configuring a first algorithm as a target algorithm; calculating preset parameter data according to an SHA256 hash algorithm to obtain data to be verified; signing the data to be verified according to an RSA algorithm to obtain a digital signature; and combining the digital signature and the parameter data to obtain encryption information. If the random number is odd, configuring a second algorithm as a target algorithm; calculating preset parameter data according to an SM3 hash algorithm to obtain data to be verified; signing the data to be verified according to an SM2 algorithm to obtain a digital signature; and combining the digital signature and the parameter data to obtain encryption information.
And S140, the sending end sends the encryption information and the target encryption strategy to the receiving end.
In this embodiment, the receiving end may determine a corresponding target verification policy according to the received target encryption policy, and the receiving end may verify the encrypted information according to the target verification policy to obtain a verification result, where the verification result may verify the integrity of the information.
S150, the receiving end determines a corresponding target verification strategy according to the target encryption strategy.
In this embodiment, if the encryption algorithm in the target encryption policy is a SHA256 hash algorithm, the encryption algorithm in the target verification policy is also a SHA256 hash algorithm, and the signature algorithm in the target encryption policy is an RSA algorithm, and the signature algorithm in the target verification algorithm is also an RSA algorithm.
If the encryption algorithm in the target encryption strategy is an SM3 hash algorithm, the encryption algorithm in the target verification strategy is also an SM3 hash algorithm, and the signature algorithm in the target encryption strategy is an SM2 algorithm, and the signature algorithm in the target verification algorithm is also an SM2 algorithm.
And S160, the receiving end checks the encrypted information according to the target check strategy to obtain a corresponding check result.
In this embodiment, the receiving end performs verification on the encrypted information according to the target verification policy to obtain a corresponding verification result, where the verification result can verify the integrity of the information, and detect whether the transmitted data is tampered.
In one implementation, step S160 includes: analyzing the encryption information to obtain first data to be verified and second data to be verified; calculating the first data to be verified according to an encryption algorithm in the target verification strategy to obtain a first characteristic sequence; signing and untagging the second data to be verified according to a signing algorithm and a target public key in the target verification strategy to obtain a second characteristic sequence; the target public key is a target public key of a target encryption key in the target encryption strategy; and comparing the first characteristic sequence with the second characteristic sequence to obtain a verification result.
In this embodiment, the first data to be verified corresponds to parameter data in the encrypted information sent by the sending end, and the second data to be verified corresponds to a digital signature in the encrypted information sent by the sending end.
If the target algorithm is a first algorithm, the encryption algorithm of the target verification strategy is a SHA256 hash algorithm, the signature algorithm in the target verification strategy is an RSA algorithm, and the first data to be verified is calculated according to the SHA256 hash algorithm to obtain a first feature sequence; signing the second data to be verified according to an RSA algorithm and a target public key to obtain a second characteristic sequence; the target public key is a target public key of a target encryption key in the target encryption strategy; and comparing the first characteristic sequence with the second characteristic sequence to obtain a verification result. If the comparison results are the same, the data is proved not to be tampered in the transmission process, and if the comparison results are different, the data is proved to be modified in the transmission process.
If the target algorithm is the second algorithm, the encryption algorithm in the target verification strategy is an SM3 hash algorithm, and the signature algorithm in the target verification strategy is an SM2 algorithm. Calculating the first data to be verified according to an SM3 hash algorithm to obtain a first feature sequence; signing and signing the second data to be verified according to an SM2 algorithm and a target public key to obtain a second characteristic sequence; the target public key is a target public key of a target encryption key in the target encryption strategy; and comparing the first characteristic sequence with the second characteristic sequence to obtain a verification result. If the comparison results are the same, the data is proved not to be tampered in the transmission process, and if the comparison results are different, the data is proved to be modified in the transmission process.
In summary, the embodiment of the invention can determine the target encryption strategy and the target verification strategy corresponding to the target encryption strategy according to the random number and the algorithm selection strategy, and can effectively improve the protection capability of the system security.
Fig. 3 is a schematic block diagram of an encryption verification device selected based on a digital signature algorithm according to an embodiment of the present invention. As shown in fig. 3, corresponding to the above encryption verification method selected based on the digital signature algorithm, the present invention further provides an encryption verification device selected based on the digital signature algorithm, where the device is configured in an encryption verification system, and the encryption verification system includes a transmitting end and a receiving end. Specifically, referring to fig. 3, the apparatus 700 includes a generating unit 701, a first determining unit 702, an encrypting unit 703, and a transmitting unit 704 configured at the transmitting end, and the apparatus 700 further includes a second determining unit 705 and a checking unit 706 configured at the receiving end.
The generating unit 701 is configured to generate a random number according to a preset random number algorithm by the transmitting end;
the first determining unit 702 is configured to determine a target encryption policy according to the random number and a preset algorithm selection policy by the transmitting end;
the encryption unit 703 is configured to encrypt preset parameter data according to a target encryption policy by using the sending end to obtain encrypted information;
the sending unit 704 is configured to send the encryption information and the target encryption policy to the receiving end by using the sending end;
the second determining unit 705 is configured to determine a corresponding target verification policy according to the target encryption policy by using the receiving end;
the verification unit 706 is configured to verify the encrypted information according to the target verification policy by using the receiving end, so as to obtain a corresponding verification result.
In some embodiments, the target encryption policy includes a target algorithm and a target encryption key corresponding to the target algorithm; the first determining unit 702 includes: a first determining subunit, configured to determine a target algorithm according to the parity of the random number; and the second determining subunit is used for determining a target encryption key corresponding to the random number according to a selection strategy corresponding to the target algorithm.
In some embodiments, the first determining unit 702 is specifically configured to, when executing the determining target algorithm step according to the parity of the random number:
if the random number is even, configuring a first algorithm as a target algorithm; and if the random number is odd, configuring the second algorithm as a target algorithm.
In some embodiments, the second determining unit 705 is specifically configured to, when executing the step of determining the target encryption key corresponding to the random number according to the selection policy corresponding to the target algorithm:
acquiring a corresponding calculated value from a selection strategy corresponding to the target algorithm; performing remainder calculation on the random number according to the calculated value to obtain a corresponding remainder value; and obtaining a key corresponding to the residual value from a key set of a selection strategy corresponding to the target algorithm according to the residual value, and taking the key corresponding to the residual value as a target encryption key.
In some embodiments, the encryption unit 703 is specifically configured to, when executing the step of performing encryption processing on preset parameter data by the sending end according to the target encryption policy to obtain the encrypted information:
calculating preset parameter data according to an encryption algorithm in the target encryption strategy to obtain data to be verified; signing the data to be verified according to a signature algorithm and a target private key in the target encryption strategy to obtain a digital signature; the target private key is a target private key of a target encryption key in the target encryption strategy; and combining the digital signature and the parameter data to obtain encryption information.
In some embodiments, when performing the step of verifying the encrypted information according to the target verification policy to obtain the corresponding verification result, the verification unit 706 is specifically configured to:
analyzing the encryption information to obtain first data to be verified and second data to be verified; calculating the first data to be verified according to an encryption algorithm in the target verification strategy to obtain a first characteristic sequence; signing and untagging the second data to be verified according to a signing algorithm and a target public key in the target verification strategy to obtain a second characteristic sequence; the target public key is a target public key of a target encryption key in the target encryption strategy; and comparing the first characteristic sequence with the second characteristic sequence to obtain a verification result.
It should be noted that, as those skilled in the art can clearly understand, the specific implementation process of the encryption verification device and each unit selected based on the digital signature algorithm may refer to the corresponding description in the foregoing method embodiment, and for convenience and brevity of description, the description is omitted here.
The above-described encryption verification apparatus selected based on the digital signature algorithm may be implemented in the form of a computer program that can be run on a computer device as shown in fig. 4.
Referring to fig. 4, fig. 4 is a schematic block diagram of an electronic device according to an embodiment of the present invention. The computer device 800 may be a terminal or a server, where the terminal may be an electronic device having a communication function, such as a smart phone, a tablet computer, a notebook computer, a desktop computer, a personal digital assistant, and a wearable device. The server may be an independent server or a server cluster formed by a plurality of servers.
With reference to fig. 4, the electronic device 800 includes a processor 802, a memory, and a network interface 805, which are connected by a system bus 801, wherein the memory may include a non-volatile storage medium 803 and an internal memory 804.
The nonvolatile storage medium 803 may store an operating system 8031 and a computer program 8032. The computer program 8032 includes program instructions that, when executed, cause the processor 802 to perform a cryptographic verification method selected based on a digital signature algorithm.
The processor 802 is operable to provide computing and control capabilities to support the operation of the overall electronic device 800.
The internal memory 804 provides an environment for the execution of the computer program 8032 in the non-volatile storage medium 803, which computer program 8032, when executed by the processor 802, causes the processor 802 to perform a cryptographic verification method selected based on a digital signature algorithm.
The network interface 805 is used for network communication with other devices. It will be appreciated by those skilled in the art that the structure shown in fig. 4 is merely a block diagram of a portion of the structure associated with the present inventive arrangements and is not limiting of the electronic device 800 to which the present inventive arrangements are applied, and that a particular electronic device 800 may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
The encryption verification method is applied to an encryption verification system, the encryption verification system comprises a transmitting end and a receiving end, and the processor 802 is used for running a computer program 8032 stored in a memory so as to realize the following steps:
the sending end generates a random number according to a preset random number algorithm; the sending end selects a strategy to determine a target encryption strategy according to the random number and a preset algorithm; the sending end encrypts preset parameter data according to a target encryption strategy to obtain encryption information; the sending end sends the encryption information and the target encryption strategy to the receiving end; the receiving end determines a corresponding target verification strategy according to the target encryption strategy; and the receiving end checks the encrypted information according to the target checking strategy to obtain a corresponding checking result.
In some embodiments, the target encryption policy includes a target algorithm and a target encryption key corresponding to the target algorithm; when the processor 802 determines the target encryption policy step according to the random number and the preset algorithm selection policy, the following steps are specifically implemented:
determining a target algorithm according to the parity of the random number; and determining a target encryption key corresponding to the random number according to a selection strategy corresponding to the target algorithm.
In some embodiments, the processor 802, when implementing the step of determining the target algorithm based on the parity of the random number, specifically implements the steps of:
if the random number is even, configuring a first algorithm as a target algorithm; and if the random number is odd, configuring the second algorithm as a target algorithm.
In some embodiments, when implementing the step of determining the target encryption key corresponding to the random number according to the selection policy corresponding to the target algorithm, the processor 802 specifically implements the following steps:
acquiring a corresponding calculated value from a selection strategy corresponding to the target algorithm; performing remainder calculation on the random number according to the calculated value to obtain a corresponding remainder value; and obtaining a key corresponding to the residual value from a key set of a selection strategy corresponding to the target algorithm according to the residual value, and taking the key corresponding to the residual value as a target encryption key.
In some embodiments, when implementing the step of encrypting the preset parameter data by the transmitting end according to the target encryption policy to obtain the encrypted information, the processor 802 specifically implements the following steps:
calculating preset parameter data according to an encryption algorithm in the target encryption strategy to obtain data to be verified; signing the data to be verified according to a signature algorithm and a target private key in the target encryption strategy to obtain a digital signature; the target private key is a target private key of a target encryption key in the target encryption strategy; and combining the digital signature and the parameter data to obtain encryption information.
In some embodiments, when implementing the step of verifying the encrypted information according to the target verification policy to obtain the corresponding verification result, the processor 802 specifically implements the following steps:
analyzing the encryption information to obtain first data to be verified and second data to be verified; calculating the first data to be verified according to an encryption algorithm in the target verification strategy to obtain a first characteristic sequence; signing and untagging the second data to be verified according to a signing algorithm and a target public key in the target verification strategy to obtain a second characteristic sequence; the target public key is a target public key of a target encryption key in the target encryption strategy; and comparing the first characteristic sequence with the second characteristic sequence to obtain a verification result.
It should be appreciated that in embodiments of the present invention, the processor 802 may be a central processing unit (Central Processing Unit, CPU), the processor 802 may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSPs), application specific integrated circuits (Application Specific Integrated Circuit, ASICs), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. Wherein the general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Those skilled in the art will appreciate that all or part of the flow in a method embodying the above described embodiments may be accomplished by computer programs instructing the relevant hardware. The computer program comprises program instructions, and the computer program can be stored in a storage medium, which is a computer readable storage medium. The program instructions are executed by at least one processor in the computer system to implement the flow steps of the embodiments of the method described above.
Accordingly, the present invention also provides a storage medium. The storage medium may be a computer readable storage medium. The storage medium stores a computer program, wherein the computer program includes program instructions. The program instructions, when executed by the processor, cause the processor to perform the steps of:
the sending end generates a random number according to a preset random number algorithm; the sending end selects a strategy to determine a target encryption strategy according to the random number and a preset algorithm; the sending end encrypts preset parameter data according to a target encryption strategy to obtain encryption information; the sending end sends the encryption information and the target encryption strategy to the receiving end; the receiving end determines a corresponding target verification strategy according to the target encryption strategy; and the receiving end checks the encrypted information according to the target checking strategy to obtain a corresponding checking result.
In one embodiment, the target encryption policy includes a target algorithm and a target encryption key corresponding to the target algorithm; when the processor executes the step of determining the target encryption strategy according to the random number and the preset algorithm selection strategy, the method specifically realizes the following steps:
determining a target algorithm according to the parity of the random number; and determining a target encryption key corresponding to the random number according to a selection strategy corresponding to the target algorithm.
In one embodiment, the processor, when executing the step of determining the target algorithm according to the parity of the random number, specifically implements the following steps:
if the random number is even, configuring a first algorithm as a target algorithm; and if the random number is odd, configuring the second algorithm as a target algorithm.
In one embodiment, the processor, when executing the step of determining the target encryption key corresponding to the random number according to the selection policy corresponding to the target algorithm, specifically implements the following steps:
acquiring a corresponding calculated value from a selection strategy corresponding to the target algorithm; performing remainder calculation on the random number according to the calculated value to obtain a corresponding remainder value; and obtaining a key corresponding to the residual value from a key set of a selection strategy corresponding to the target algorithm according to the residual value, and taking the key corresponding to the residual value as a target encryption key.
In an embodiment, when the processor performs the step of encrypting the preset parameter data according to the target encryption policy by the transmitting end to obtain the encrypted information, the following steps are specifically implemented:
calculating preset parameter data according to an encryption algorithm in the target encryption strategy to obtain data to be verified; signing the data to be verified according to a signature algorithm and a target private key in the target encryption strategy to obtain a digital signature; the target private key is a target private key of a target encryption key in the target encryption strategy; and combining the digital signature and the parameter data to obtain encryption information.
In an embodiment, when the processor performs the step of verifying the encrypted information according to the target verification policy to obtain a corresponding verification result, the processor specifically implements the following steps:
analyzing the encryption information to obtain first data to be verified and second data to be verified; calculating the first data to be verified according to an encryption algorithm in the target verification strategy to obtain a first characteristic sequence; signing and untagging the second data to be verified according to a signing algorithm and a target public key in the target verification strategy to obtain a second characteristic sequence; the target public key is a target public key of a target encryption key in the target encryption strategy; and comparing the first characteristic sequence with the second characteristic sequence to obtain a verification result.
The storage medium may be a U-disk, a removable hard disk, a Read-Only Memory (ROM), a magnetic disk, or an optical disk, or other various computer-readable storage media that can store program codes.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the elements and steps of the examples have been generally described in terms of function in the foregoing description to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of each unit is only one logic function division, and there may be another division manner in actual implementation. For example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed.
The steps in the method of the embodiment of the invention can be sequentially adjusted, combined and deleted according to actual needs. The units in the device of the embodiment of the invention can be combined, divided and deleted according to actual needs. In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The integrated unit may be stored in a storage medium if implemented in the form of a software functional unit and sold or used as a stand-alone product. Based on such understanding, the technical solution of the present invention is essentially or a part contributing to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a terminal, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention.
While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.
Claims (10)
1. An encryption verification method based on digital signature algorithm selection, the method is applied to an encryption verification system, the encryption verification system comprises a transmitting end and a receiving end, and the method is characterized by comprising the following steps:
the sending end generates a random number according to a preset random number algorithm;
the sending end selects a strategy to determine a target encryption strategy according to the random number and a preset algorithm;
the sending end encrypts preset parameter data according to a target encryption strategy to obtain encryption information;
the sending end sends the encryption information and the target encryption strategy to the receiving end;
the receiving end determines a corresponding target verification strategy according to the target encryption strategy;
and the receiving end checks the encrypted information according to the target checking strategy to obtain a corresponding checking result.
2. The encryption verification method based on digital signature algorithm selection as recited in claim 1, wherein the target encryption policy includes a target algorithm and a target encryption key corresponding to the target algorithm; the determining the target encryption strategy according to the random number and the preset algorithm selection strategy comprises the following steps:
determining a target algorithm according to the parity of the random number;
and determining a target encryption key corresponding to the random number according to a selection strategy corresponding to the target algorithm.
3. The encryption verification method based on digital signature algorithm selection as recited in claim 2, wherein the determining a target algorithm according to the parity of the random number includes:
if the random number is even, configuring a first algorithm as a target algorithm;
and if the random number is odd, configuring the second algorithm as a target algorithm.
4. The method according to claim 2, wherein determining a target encryption key corresponding to the random number according to a selection policy corresponding to the target algorithm, comprises:
acquiring a corresponding calculated value from a selection strategy corresponding to the target algorithm;
performing remainder calculation on the random number according to the calculated value to obtain a corresponding remainder value;
and obtaining a key corresponding to the residual value from a key set of a selection strategy corresponding to the target algorithm according to the residual value, and taking the key corresponding to the residual value as a target encryption key.
5. The encryption verification method based on digital signature algorithm selection as set forth in claim 4, wherein the transmitting end encrypts preset parameter data according to a target encryption policy to obtain encrypted information, and the method includes:
calculating preset parameter data according to an encryption algorithm in the target encryption strategy to obtain data to be verified;
signing the data to be verified according to a signature algorithm and a target private key in the target encryption strategy to obtain a digital signature; the target private key is a target private key of a target encryption key in the target encryption strategy;
and combining the digital signature and the parameter data to obtain encryption information.
6. The method for verifying encryption selected based on the digital signature algorithm as set forth in claim 5, wherein verifying the encrypted information according to the target verification policy to obtain a corresponding verification result includes:
analyzing the encryption information to obtain first data to be verified and second data to be verified;
calculating the first data to be verified according to an encryption algorithm in the target verification strategy to obtain a first characteristic sequence;
performing signature decryption on the second data to be verified according to a signature algorithm and a target public key in the target verification strategy to obtain a second feature sequence; the target public key is a target public key of a target encryption key in the target encryption strategy;
and comparing the first characteristic sequence with the second characteristic sequence to obtain a verification result.
7. An encryption verification device based on digital signature algorithm selection, the device is configured in an encryption verification system, the encryption verification system comprises a transmitting end and a receiving end, and the device is characterized by comprising a generating unit, a first determining unit, an encryption unit and a transmitting unit which are configured at the transmitting end, and further comprising a second determining unit and a verification unit which are configured at the receiving end:
the generating unit is used for generating random numbers by the transmitting end according to a preset random number algorithm;
the first determining unit is used for determining a target encryption strategy by the transmitting end according to the random number and a preset algorithm selection strategy;
the encryption unit is used for encrypting the preset parameter data according to the target encryption strategy by the sending end to obtain encryption information;
the sending unit is used for sending the encryption information and the target encryption strategy to the receiving end by the sending end;
the second determining unit is configured to determine a corresponding target verification policy according to the target encryption policy by using the receiving end;
and the verification unit is used for verifying the encrypted information by the receiving end according to the target verification strategy to obtain a corresponding verification result.
8. The encryption verification device selected based on the digital signature algorithm as set forth in claim 7, wherein the first determining unit includes:
a first determining subunit, configured to determine a target algorithm according to the parity of the random number;
and the second determining subunit is used for determining a target encryption key corresponding to the random number according to a selection strategy corresponding to the target algorithm.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the digital signature algorithm selection based cryptographic verification method of any one of claims 1-6 when the computer program is executed.
10. A computer readable storage medium, characterized in that the storage medium stores a computer program comprising program instructions which, when executed by a processor, cause the processor to perform the cryptographic verification method selected based on a digital signature algorithm as claimed in any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310830383.4A CN116881939A (en) | 2023-07-07 | 2023-07-07 | Encryption verification method, device and equipment based on digital signature algorithm selection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310830383.4A CN116881939A (en) | 2023-07-07 | 2023-07-07 | Encryption verification method, device and equipment based on digital signature algorithm selection |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116881939A true CN116881939A (en) | 2023-10-13 |
Family
ID=88254239
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310830383.4A Pending CN116881939A (en) | 2023-07-07 | 2023-07-07 | Encryption verification method, device and equipment based on digital signature algorithm selection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116881939A (en) |
-
2023
- 2023-07-07 CN CN202310830383.4A patent/CN116881939A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109194466B (en) | Block chain-based cloud data integrity detection method and system | |
| CN110493197B (en) | Login processing method and related equipment | |
| US10116645B1 (en) | Controlling use of encryption keys | |
| US7127067B1 (en) | Secure patch system | |
| US8935528B2 (en) | Techniques for ensuring authentication and integrity of communications | |
| US9311487B2 (en) | Tampering monitoring system, management device, protection control module, and detection module | |
| US8744078B2 (en) | System and method for securing multiple data segments having different lengths using pattern keys having multiple different strengths | |
| KR100702499B1 (en) | System and method for guaranteeing software integrity | |
| US10003467B1 (en) | Controlling digital certificate use | |
| JP2004280284A (en) | Control processor, electronic equipment, and program starting method for electronic equipment, and system module updating method for electronic equipment | |
| US11153074B1 (en) | Trust framework against systematic cryptographic | |
| CN112907375B (en) | Data processing method, device, computer equipment and storage medium | |
| US9515989B1 (en) | Methods and apparatus for silent alarm channels using one-time passcode authentication tokens | |
| CN110990484A (en) | Block chain based information storage method and system, computer equipment and storage medium | |
| CN111294203A (en) | Information transmission method | |
| CN113688399A (en) | Firmware digital signature protection method and device, computer equipment and storage medium | |
| CN113610526A (en) | Data trust method and device, electronic equipment and storage medium | |
| CN111316596A (en) | Encryption chip with identity authentication | |
| US10158490B2 (en) | Double authentication system for electronically signed documents | |
| US8090954B2 (en) | Prevention of unauthorized forwarding and authentication of signatures | |
| KR20120091618A (en) | Digital signing system and method using chained hash | |
| CN112968910B (en) | Replay attack prevention method and device | |
| Bruseghini et al. | Victory by KO: Attacking OpenPGP using key overwriting | |
| CN108848094B (en) | Data security verification method, device, system, computer equipment and storage medium | |
| CN114553566B (en) | Data encryption method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |