CN117200982A - Key generation method, storage medium, electronic device, and vehicle - Google Patents
Key generation method, storage medium, electronic device, and vehicle Download PDFInfo
- Publication number
- CN117200982A CN117200982A CN202210629350.9A CN202210629350A CN117200982A CN 117200982 A CN117200982 A CN 117200982A CN 202210629350 A CN202210629350 A CN 202210629350A CN 117200982 A CN117200982 A CN 117200982A
- Authority
- CN
- China
- Prior art keywords
- information
- key
- ciphertext
- terminal
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 230000005540 biological transmission Effects 0.000 claims abstract description 63
- 238000004806 packaging method and process Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 6
- 238000004891 communication Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 5
- 230000005236 sound signal Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- KLDZYURQCUYZBL-UHFFFAOYSA-N 2-[3-[(2-hydroxyphenyl)methylideneamino]propyliminomethyl]phenol Chemical compound OC1=CC=CC=C1C=NCCCN=CC1=CC=CC=C1O KLDZYURQCUYZBL-UHFFFAOYSA-N 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 201000001098 delayed sleep phase syndrome Diseases 0.000 description 1
- 208000033921 delayed sleep phase type circadian rhythm sleep disease Diseases 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The present disclosure relates to a key generation method, a storage medium, an electronic device, and a vehicle; the method comprises the steps that key information corresponding to a terminal is obtained from a key server, the key information is generated in advance by the key server according to preset safety parameters sent by the terminal, and the key information comprises public parameters and an initial private key; generating a target private key according to the public parameter, the initial private key, the user identification information of the terminal and a first encryption parameter which is generated in advance, wherein the target private key is used for decrypting target ciphertext information sent by an information sending end to obtain transmission information sent by the information sending end; therefore, since the new target private key is generated at the terminal side, even if the initial private key in the key server is leaked, the ciphertext information cannot be decrypted through the initial private key to obtain the transmission information, so that the safety of information transmission is improved.
Description
Technical Field
The present disclosure relates to the field of information security technologies, and in particular, to a key generation method, a storage medium, an electronic device, and a vehicle.
Background
When data transmission is carried out, the transmitted data has security threats such as theft, tampering, counterfeits and the like, and in order to improve the information security level, encryption and decryption functions can be added in the data transmission process so as to reduce the possibility that the data is stolen and attacked in the transmission process, thereby ensuring the security in the data transmission process.
In the related art, for the encryption mode of public key encryption, the private key of the user is generated by the key server of the third party, which easily causes the disclosure of the private key of the user, resulting in lower security of information transmission.
Disclosure of Invention
An object of the present disclosure is to provide a key generation method, a storage medium, an electronic device, and a vehicle.
To achieve the above object, in a first aspect, the present disclosure provides a key generation method, applied to a terminal, the method including: obtaining key information corresponding to a terminal from a key server, wherein the key information is pre-generated by the key server according to preset security parameters sent by the terminal, and the key information comprises public parameters and an initial private key; and generating a target private key according to the public parameter, the initial private key, the user identification information of the terminal and the first encryption parameter which is generated in advance, wherein the target private key is used for decrypting target ciphertext information sent by the information sending end to obtain transmission information sent by the information sending end.
Optionally, the target ciphertext information sent by the information sending end includes first ciphertext information and second ciphertext information, the first ciphertext information is ciphertext information obtained by the information sending end after encrypting the transmission information sent by the information sending end according to the generated symmetric encryption key, the second ciphertext information is ciphertext information obtained by the information sending end after packaging the symmetric encryption key generated by the information sending end according to the user identification information of the terminal, the public parameter and the user public key corresponding to the terminal; the method further comprises the steps of:
determining the first ciphertext information and the second ciphertext information from the target ciphertext information sent by the information sending end; decapsulating the second ciphertext information according to the target private key to obtain a symmetric encryption key generated by the information transmitting end; and decrypting the first ciphertext information according to the symmetric encryption key generated by the information transmitting end to obtain the transmission information transmitted by the information transmitting end.
Optionally, the determining the first ciphertext information and the second ciphertext information from the target ciphertext information sent by the information sending end includes: acquiring preset ciphertext character information, wherein the ciphertext character information comprises character length and initial character information of the first ciphertext information and/or character length and initial character information of the second ciphertext information; and determining the first ciphertext information and the second ciphertext information from the target ciphertext information sent by the information sending end according to the ciphertext character information.
Optionally, the method further comprises: generating a user public key corresponding to the terminal according to the public parameter, the user identification information of the terminal and the first encryption parameter generated in advance; and sending the user public key to a key server so that the key server stores the user public key corresponding to the terminal.
Optionally, the method further comprises: carrying out digital signature on a user public key corresponding to the terminal through a preset signature algorithm to obtain a user signature public key; the step of sending the user public key to a key server so that the key server stores the user public key corresponding to the terminal comprises the following steps: and sending the user signature public key to a key server so that the key server stores the user signature public key.
Optionally, the method further comprises: acquiring a user public key corresponding to an information receiving end from the key server according to user identification information of the information receiving end; encrypting the transmission information sent by the terminal according to the symmetric encryption key generated by the terminal to obtain third ciphertext information; according to the user identification information of the information receiving end, the public parameters and the user public key corresponding to the information receiving end, the symmetric encryption key generated by the terminal is packaged to obtain fourth ciphertext information; obtaining target ciphertext information sent by the terminal according to the third ciphertext information and the fourth ciphertext information; and sending the target ciphertext information sent by the terminal to the information receiving end.
Optionally, the user public key includes a user signature public key corresponding to the information receiving end, where the user signature public key corresponding to the information receiving end is obtained by the information receiving end performing digital signature on the user public key corresponding to the information receiving end; the method further comprises the steps of:
authenticating a user signature public key corresponding to the information receiving end; the step of packaging the symmetric encryption key generated by the terminal to obtain fourth ciphertext information according to the user identification information of the information receiving end, the public parameters and the user public key corresponding to the information receiving end comprises the following steps: and after the user signature public key corresponding to the information receiving end passes the authentication, the symmetric encryption key generated by the terminal is packaged according to the user identification information of the information receiving end, the public parameters and the user signature public key corresponding to the information receiving end to obtain the fourth ciphertext information.
In a second aspect, the present disclosure provides a key generation apparatus, applied to a terminal, including:
the key information acquisition module is used for acquiring key information corresponding to a terminal from a key server, wherein the key information is generated in advance by the key server according to preset security parameters sent by the terminal, and the key information comprises public parameters and an initial private key;
The private key generation module is used for generating a target private key according to the public parameter, the initial private key, the user identification information of the terminal and the first encryption parameter which is generated in advance, wherein the target private key is used for decrypting target ciphertext information sent by the information sending end to obtain transmission information sent by the information sending end.
Optionally, the target ciphertext information sent by the information sending end includes first ciphertext information and second ciphertext information, the first ciphertext information is ciphertext information obtained by the information sending end after encrypting the transmission information sent by the information sending end according to the generated symmetric encryption key, the second ciphertext information is ciphertext information obtained by the information sending end after packaging the symmetric encryption key generated by the information sending end according to the user identification information of the terminal, the public parameter and the user public key corresponding to the terminal; the apparatus further comprises:
the decryption module is used for determining the first ciphertext information and the second ciphertext information from the target ciphertext information sent by the information sending end, decapsulating the second ciphertext information according to the target private key to obtain a symmetric encryption key generated by the information sending end, and decrypting the first ciphertext information according to the symmetric encryption key sent by the information sending end to obtain transmission information sent by the information sending end.
Optionally, the apparatus further comprises:
the ciphertext character acquisition module is used for acquiring preset ciphertext character information, wherein the ciphertext character information comprises character length and initial character information of the first ciphertext information and/or character length and initial character information of the second ciphertext information;
and the ciphertext character recognition module is used for determining the first ciphertext information and the second ciphertext information from the target ciphertext information sent by the information sending end according to the ciphertext character information.
Optionally, the apparatus further comprises:
and the public key generation module is used for generating a user public key corresponding to the terminal according to the public parameter, the user identification information of the terminal and the first encryption parameter which is generated in advance, and sending the user public key to a key server so that the key server stores the user public key corresponding to the terminal.
Optionally, the apparatus further comprises:
the signature module is used for carrying out digital signature on the user public key corresponding to the terminal through a preset signature algorithm to obtain a user signature public key;
and the public key generation module is used for sending the user signature public key to a key server so that the key server stores the user signature public key.
Optionally, the apparatus further comprises:
the public key acquisition module is used for acquiring a user public key corresponding to the information receiving end from the key server according to the user identification information of the information receiving end;
the encryption module is used for encrypting the transmission information sent by the terminal according to the symmetric encryption key generated by the terminal to obtain third ciphertext information;
the packaging module is used for packaging the symmetric encryption key generated by the terminal according to the user identification information of the information receiving end, the public parameters and the user public key corresponding to the information receiving end to obtain fourth ciphertext information;
the ciphertext information acquisition module is used for acquiring target ciphertext information sent by the terminal according to the third ciphertext information and the fourth ciphertext information;
and the ciphertext information sending module is used for sending the target ciphertext information sent by the terminal to the information receiving end.
Optionally, the user public key includes a user signature public key corresponding to the information receiving end, where the user signature public key corresponding to the information receiving end is obtained by the information receiving end performing digital signature on the user public key corresponding to the information receiving end; the apparatus further comprises:
The authentication module is used for authenticating the user signature public key corresponding to the information receiving end;
and the packaging module is used for packaging the symmetric encryption key generated by the terminal according to the user identification information of the information receiving end, the public parameters and the user signature public key corresponding to the information receiving end after the user signature public key corresponding to the information receiving end passes the authentication, so as to obtain the fourth ciphertext information.
In a third aspect, there is provided a non-transitory computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the key generation method described above.
In a fourth aspect, there is provided an electronic device comprising: a memory having a computer program stored thereon; and a processor for executing the computer program in the memory to implement the steps of the key generation method described above.
In a fifth aspect, a vehicle is provided, comprising the electronic device described above.
By adopting the scheme, the key information corresponding to the terminal can be acquired from the key server, wherein the key information is generated in advance by the key server according to the preset security parameters sent by the terminal, and the key information comprises the public parameters and the initial private key; and generating a target private key according to the public parameter, the initial private key, the user identification information of the terminal and the first encryption parameter which is generated in advance, wherein the target private key is used for decrypting target ciphertext information sent by the information sending end to obtain transmission information sent by the information sending end. Therefore, since the new target private key is generated at the terminal side, even if the initial private key in the key server is leaked, the ciphertext information cannot be decrypted through the initial private key to obtain the transmission information, so that the safety of information transmission is improved.
Additional features and advantages of the present disclosure will be set forth in the detailed description which follows.
Drawings
The accompanying drawings are included to provide a further understanding of the disclosure, and are incorporated in and constitute a part of this specification, illustrate the disclosure and together with the description serve to explain, but do not limit the disclosure. In the drawings:
FIG. 1 is a flow chart illustrating a key generation method according to an example embodiment;
FIG. 2 is a flow chart illustrating a method of receiving transmission information according to an exemplary embodiment;
FIG. 3 is a flow chart illustrating a method of sending transmission information according to an exemplary embodiment;
fig. 4 is a block diagram of a key generation apparatus according to an exemplary embodiment;
FIG. 5 is a block diagram of an electronic device shown in accordance with an exemplary embodiment;
fig. 6 is a block diagram of a vehicle according to an exemplary embodiment.
Detailed Description
Specific embodiments of the present disclosure are described in detail below with reference to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating and illustrating the disclosure, are not intended to limit the disclosure.
It should be noted that, all actions for acquiring signals, information or data in the present disclosure are performed under the condition of conforming to the corresponding data protection rule policy of the country of the location and obtaining the authorization given by the owner of the corresponding device.
Application scenarios related to various embodiments of the present disclosure will be first described. The method and the device can be applied to an information encryption scene, in the scene, a key server generates a user private key for each terminal and sends the generated user private key to a corresponding terminal, and the terminal can acquire and verify the public key of an information receiving end through a public key certificate issued by a third party, or acquire user identification information of the information receiving end as the public key through the key server; and under the condition that the transmission information is sent to the information receiving end, encrypting the transmission information through the public key to obtain ciphertext information, and sending the ciphertext information to the information receiving end, so that the information receiving end decrypts the ciphertext information according to the user private key of the information receiving end to obtain the transmission information, or under the condition that the terminal receives the ciphertext information containing the transmission information sent by the information sending end, decrypting the received ciphertext information through the user private key of the terminal to obtain the decrypted transmission information.
The terminal may be an electronic device such as a mobile phone, a computer, or a tablet computer, or may be a vehicle-mounted terminal disposed on a vehicle, so that transmission information between vehicles is encrypted by the vehicle-mounted terminal, thereby ensuring safety of communication between vehicles.
However, the inventor finds that the private key of the user is generated by a third-party key server at present, the key server stores the private keys of all users, namely, the private keys of all users are hosted by the key server, and if the key server is attacked to cause the disclosure of the private keys of the users, the security of information transmission is greatly affected, so that the security of the information transmission is lower.
In order to solve the above problems, the present disclosure provides a key generation method, apparatus, storage medium, and vehicle, in which a terminal obtains an initial private key and a public parameter from a key server, and generates a new target private key according to the initial private key, the public parameter, user identification information of the terminal, and a first encryption parameter generated in advance, so that even if the initial private key in the key server is leaked, transmission information cannot be obtained by decrypting ciphertext information through the initial private key, thereby improving security of information transmission.
The present disclosure is described below in connection with specific embodiments.
Fig. 1 is a flowchart illustrating a key generation method according to an exemplary embodiment, which may be applied to a terminal as shown in fig. 1, and which may include the steps of:
step 101, obtaining key information corresponding to a terminal from a key server, wherein the key information is pre-generated by the key server according to preset security parameters sent by the terminal, and the key information comprises public parameters and an initial private key.
In this step, the terminal may send a private key request message to a key server, where the private key request message includes a preset security parameter and user identification information corresponding to the terminal, the key server generates a public parameter and a master key according to the preset security parameter, where the preset security parameter is a length value preset by ciphertext information to be transmitted by an information sending end, and generates an initial private key according to the public parameter, the master key, and user identification information corresponding to the terminal, and sends the public parameter and the initial private key to the terminal through a secure channel between the key server and the terminal;
the key server can also automatically update the initial private key at a preset time node to obtain a new initial private key, wherein the preset time node can be a node set in a fixed time period or a node set in a non-fixed time period; for example, the key server may update the initial private key every three months after generating the initial private key to obtain a new initial private key; the new initial private key can be obtained by updating the initial private key for the first time at intervals of one month after the initial private key is generated, and the new initial private key can be obtained by updating the initial private key for the second time at intervals of two months; and transmitting the new initial private key to the terminal through a secure channel between the key server and the terminal.
Step 102, generating a target private key according to the public parameter, the initial private key, the user identification information of the terminal and a first encryption parameter generated in advance.
Wherein the pre-generated first encryption parameter is randomly generated by the terminal through a random number generator; the target private key is used for decrypting target ciphertext information sent by the information sending end to obtain transmission information sent by the information sending end.
In one possible implementation, the target private key is generated by a preset private key generation algorithm according to the public parameter, the initial private key, the user identification information of the terminal, and the first encryption parameter generated in advance. For example, the preset private key generation algorithm may refer to a generation algorithm in the related art, which is not described herein.
By adopting the scheme, the terminal can acquire the initial private key and the public parameter from the key server, and generate the new target private key according to the initial private key, the public parameter, the user identification information of the terminal and the first encryption parameter generated in advance, so that the transmission information can not be obtained by decrypting the ciphertext information through the initial private key even if the initial private key in the key server is leaked because the new target private key is generated at the terminal side, thereby improving the safety of information transmission.
The terminal may have a function of receiving information or a function of transmitting information, and may be an information receiving terminal when the terminal has a function of receiving information, or an information transmitting terminal when the terminal has a function of transmitting information, or may be a function of receiving information, that is, may be an information receiving terminal when the terminal receives information, or may be an information transmitting terminal when the terminal transmits information.
In some embodiments, the terminal is taken as an information receiving end, and a scenario of receiving the transmission information sent by the information sending end is described as an example, in this embodiment, the transmission information sent by the information sending end may be obtained by receiving the target ciphertext information sent by the information sending end, and decrypting the target ciphertext information sent by the information sending end according to the target private key.
Illustratively, fig. 2 is a method of receiving transmission information, according to an exemplary embodiment, as shown in fig. 2, the method comprising:
Step 201, receiving target ciphertext information sent by the information sending terminal.
The target ciphertext information sent by the information sending end may include first ciphertext information and second ciphertext information, the first ciphertext information is ciphertext information obtained by encrypting transmission information sent by the information sending end according to the generated symmetric encryption key, the second ciphertext information is ciphertext information obtained by packaging the symmetric encryption key generated by the information sending end according to user identification information of the terminal, the public parameter and a user public key corresponding to the terminal, and the target ciphertext information sent by the information sending end may be information obtained by splicing the first ciphertext information and the second ciphertext information.
Step 202, determining the first ciphertext information and the second ciphertext information from the target ciphertext information sent by the information sending terminal.
The symmetric encryption key generated by the information sending terminal can be a 128-bit SM4 key generated by the information sending terminal through a random number generator.
In one possible implementation manner, preset ciphertext character information may be obtained, where the ciphertext character information includes a character length and a start character information of the first ciphertext information, and/or a character length and a start character information of the second ciphertext information, and the first ciphertext information and the second ciphertext information are determined from target ciphertext information sent by the information sending end according to the ciphertext character information.
For example, after the target ciphertext information sent by the information sending terminal is obtained, the first ciphertext information in the target ciphertext information sent by the information sending terminal may be determined according to the character length of the first ciphertext information and the initial character information of the first ciphertext information, and other ciphertext information except for the first ciphertext information in the target ciphertext information sent by the information sending terminal may be used as the second ciphertext information, or the second ciphertext information in the target ciphertext information sent by the information sending terminal may be determined according to the character length of the second ciphertext information and the initial character information of the second ciphertext information, and other ciphertext information except for the second ciphertext information in the target ciphertext information sent by the information sending terminal may be used as the first ciphertext information.
For example, the target ciphertext information sent by the information sending terminal may be ciphertext information with a character length of 128 bits, where the character length of the first ciphertext information is 74 bits, and the length of the second ciphertext information is 54 bits, after the target ciphertext information sent by the information sending terminal is obtained, the starting character position of the first ciphertext information in the target ciphertext information sent by the information sending terminal may be determined according to the starting character information of the first ciphertext information, the character with the character length of 74 bits is used as the first ciphertext information according to the starting character position, the character with the character length of 54 bits in the target ciphertext information sent by the information sending terminal except the first ciphertext information is used as the second ciphertext information, or the starting character position of the second ciphertext information in the target ciphertext information sent by the information sending terminal may be determined according to the starting character information of the first second ciphertext information, the character with the character length of 54 bits in the target ciphertext information sent by the information sending terminal is used as the second ciphertext information, and the character with the character length of 74 bits in the target ciphertext information except the first ciphertext information is used as the first ciphertext information.
Step 203, decapsulating the second ciphertext information according to the target private key to obtain a symmetric encryption key generated by the information transmitting end.
For example, the second ciphertext information may be decapsulated by an SM2 algorithm according to the target private key to obtain a symmetric encryption key generated by the information sending terminal, where an implementation manner of the SM2 algorithm may refer to an implementation manner of a related file, which is not described herein.
And step 204, decrypting the first ciphertext information according to the symmetric encryption key generated by the information transmitting end to obtain the transmission information transmitted by the information transmitting end.
For example, the SM4 algorithm may divide the symmetric encryption key generated by the information sending end into 4 groups of 32-bit subkeys, perform 32-round computation by using a preset key expansion algorithm to generate 32 groups of 32-bit round keys, perform 32-round iterative operation and one-round reverse order transformation with the first ciphertext information, and use the round keys in reverse order when performing 32-round iterative operation, and decrypt to obtain transmission information sent by the information sending end; of course, the specific operation process may refer to an operation process in the related art, which is not described herein.
By adopting the scheme, the second ciphertext information in the target ciphertext information sent by the information sending end can be decrypted through the target private key generated by the terminal, and because the target private key is generated by the terminal, even if the initial private key in the key server is leaked, the ciphertext information can not be decrypted through the initial private key to obtain the transmission information, so that the safety of information transmission is improved.
In some embodiments, the terminal may further generate a public key of the terminal and send the public key of the terminal to the key server, so that the key server stores the public key of the terminal, and for example, may generate the public key of the terminal according to the public parameter, the user identification information of the terminal, and the first encryption parameter generated in advance, and send the public key of the terminal to the key server, so that the key server stores the public key of the terminal. In this way, when the information sending end needs to send encrypted transmission information to the terminal, the information sending end can acquire the user public key of the terminal from the key server and encrypt the transmission information according to the user public key of the terminal, so that the security of the transmission information is ensured.
For example, the public key of the user corresponding to the terminal may be generated by a preset public key generating algorithm using the public parameter, the user identification information of the terminal, and the first encryption parameter generated in advance.
The preset public key generation algorithm may refer to an algorithm in the related art, and will not be described herein.
In view of the fact that the user public key needs to be sent to the key server for storage, in order to improve the security of the user public key, in another embodiment of the present disclosure, the digital signature may be further performed on the user public key corresponding to the terminal through a preset signature algorithm to obtain the user signature public key, and accordingly, the sending the user public key to the key server so that the key server stores the user public key corresponding to the terminal may include: the user signature public key is sent to a key server so that the key server stores the user signature public key. Thus, the security of the public key of the user can be increased, and the security of information transmission is further improved.
In other embodiments, taking the terminal as an information sending end and a scenario of sending transmission information to an information receiving end as an example, for example, fig. 3 is a method for sending transmission information according to an exemplary embodiment, as shown in fig. 3, where the method includes:
Step 301, according to the user identification information of the information receiving end, obtaining the user public key corresponding to the information receiving end from the key server.
For example, in the case that the terminal needs to send the transmission information to the information receiving end, a public key request message containing the user identification information of the information receiving end may be sent to the key server, where the public key request message is used to request to obtain the user public key of the information receiving end, and when the key server receives the public key request message, the key server obtains the user public key of the information receiving end from the stored user public key according to the user identification information of the information receiving end in the public key request message, and sends the user public key of the information receiving end to the terminal.
And step 302, encrypting the transmission information sent by the terminal according to the symmetric encryption key generated by the terminal to obtain third ciphertext information.
For example, the symmetric encryption key generated by the terminal may be a 128-bit SM4 key generated by the terminal through a random number generator, and the transmission information sent by the terminal may be encrypted by calling an SM4 algorithm through the symmetric encryption key generated by the terminal, so as to obtain third ciphertext information.
And step 303, packaging the symmetric encryption key generated by the terminal according to the user identification information of the information receiving end, the public parameter and the user public key corresponding to the information receiving end to obtain fourth ciphertext information.
By way of example, through the user identification information and the public parameter of the information receiving end and the user public key corresponding to the information receiving end, the SM2 algorithm is invoked to package the symmetric encryption key generated by the terminal to obtain fourth ciphertext information.
In some embodiments, the user public key includes a user signature public key corresponding to the information receiving end, where the user signature public key corresponding to the information receiving end is obtained by the information receiving end performing digital signature on the user public key corresponding to the information receiving end; here, the user signature public key corresponding to the information receiving end may be authenticated, and after the user signature public key corresponding to the information receiving end passes the authentication, the terminal may generate a symmetric encryption key according to the user identification information of the information receiving end, the public parameter, and the user signature public key corresponding to the information receiving end, and package the symmetric encryption key to obtain fourth ciphertext information. Thus, the security of the encryption process can be increased by authenticating the digitally signed user public key, thereby improving the security of information transmission.
It should be noted that, the above authentication process may refer to the authentication process of digital signature in the related art, which is not described herein.
And step 304, obtaining target ciphertext information sent by the terminal according to the third ciphertext information and the fourth ciphertext information.
For example, the third ciphertext information and the fourth ciphertext information may be spliced to obtain the target ciphertext information that is sent by the terminal.
And step 305, the target ciphertext information sent by the terminal is sent to the information receiving end.
By adopting the scheme, the user public key of the information receiving end for encryption is generated by the information receiving end, and a public key certificate issued by a third party is not needed, so that the communication overhead of certificate verification is reduced, the encryption and decryption speed is improved, and the information transmission efficiency is further improved.
Fig. 4 is a schematic structural diagram of a key generation apparatus according to an exemplary embodiment, and as shown in fig. 4, the apparatus 400 may be applied to a terminal, and the apparatus 400 includes:
a key information obtaining module 401, configured to obtain key information corresponding to a terminal from a key server, where the key information is pre-generated by the key server according to a preset security parameter sent by the terminal, and the key information includes a public parameter and an initial private key;
the private key generating module 402 is configured to generate a target private key according to the public parameter, the initial private key, the user identification information of the terminal, and a first encryption parameter that is generated in advance, where the target private key is used to decrypt target ciphertext information sent by the information sending end to obtain transmission information sent by the information sending end.
Optionally, the target ciphertext information sent by the information sending end includes first ciphertext information and second ciphertext information, the first ciphertext information is ciphertext information obtained by encrypting the transmission information sent by the information sending end according to the generated symmetric encryption key, the second ciphertext information is ciphertext information obtained by encapsulating the symmetric encryption key generated by the information sending end according to the user identification information of the terminal, the public parameter and the user public key corresponding to the terminal; the apparatus further comprises:
the decryption module is used for determining the first ciphertext information and the second ciphertext information from the target ciphertext information sent by the information sending end, decapsulating the second ciphertext information according to the target private key to obtain a symmetric encryption key generated by the information sending end, and decrypting the first ciphertext information according to the symmetric encryption key generated by the information sending end to obtain transmission information sent by the information sending end.
Optionally, the apparatus further comprises:
the ciphertext character acquisition module is used for acquiring preset ciphertext character information, wherein the ciphertext character information comprises the character length and the initial character information of the first ciphertext information, and/or the character length and the initial character information of the second ciphertext information;
And the ciphertext character recognition module is used for determining the first ciphertext information and the second ciphertext information from the target ciphertext information sent by the information sending end according to the ciphertext character information.
Optionally, the apparatus further comprises:
and the public key generation module is used for generating a user public key corresponding to the terminal according to the public parameter, the user identification information of the terminal and the pre-generated first encryption parameter, and sending the user public key to the key server so that the key server stores the user public key corresponding to the terminal.
Optionally, the apparatus further comprises:
the signature module is used for carrying out digital signature on the user public key corresponding to the terminal through a preset signature algorithm to obtain a user signature public key;
the public key generation module is used for sending the user signature public key to the key server so that the key server stores the user signature public key.
Optionally, the apparatus further comprises:
the public key acquisition module is used for acquiring a user public key corresponding to the information receiving end from the key server according to the user identification information of the information receiving end;
the encryption module is used for encrypting the transmission information sent by the terminal according to the symmetric encryption key generated by the terminal to obtain third ciphertext information;
The packaging module is used for packaging the symmetric encryption key generated by the terminal according to the user identification information of the information receiving end, the public parameter and the user public key corresponding to the information receiving end to obtain fourth ciphertext information;
the ciphertext information acquisition module is used for acquiring target ciphertext information sent by the terminal according to the third ciphertext information and the fourth ciphertext information;
and the ciphertext information sending module is used for sending the target ciphertext information sent by the terminal to the information receiving end.
Optionally, the user public key includes a user signature public key corresponding to the information receiving end, where the user signature public key corresponding to the information receiving end is obtained by the information receiving end performing digital signature on the corresponding user public key; the apparatus further comprises:
the authentication module is used for authenticating the user signature public key corresponding to the information receiving end;
and the packaging module is used for packaging the symmetric encryption key generated by the terminal according to the user identification information of the information receiving end, the public parameters and the user signature public key corresponding to the information receiving end after the user signature public key corresponding to the information receiving end passes the authentication, so as to obtain the fourth ciphertext information.
By adopting the device, the terminal can acquire the initial private key and the public parameter from the key server, and generate the new target private key according to the initial private key, the public parameter, the user identification information of the terminal and the first encryption parameter generated in advance, so that the transmission information can not be obtained by decrypting the ciphertext information through the initial private key even if the initial private key in the key server is leaked because the new target private key is generated at the terminal side, thereby improving the safety of information transmission.
It should be noted that, regarding the apparatus in the above embodiments, the specific manner in which the respective modules perform the operations has been described in detail in the embodiments regarding the method, and will not be described in detail herein.
Fig. 5 is a block diagram of an electronic device 500, according to an example embodiment. As shown in fig. 5, the electronic device 500 may include: a processor 501, a memory 502. The electronic device 500 may also include one or more of a multimedia component 503, an input/output (I/O) interface 504, and a communication component 505.
Wherein the processor 501 is configured to control the overall operation of the electronic device 500 to perform all or part of the steps of the key generation method described above. The memory 502 is used to store various types of data to support operation at the electronic device 500, which may include, for example, instructions for any application or method operating on the electronic device 500, as well as application-related data, such as contact data, transceived messages, pictures, audio, video, and the like. The Memory 502 may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as static random access Memory (Static Random Access Memory, SRAM for short), electrically erasable programmable Read-Only Memory (Electrically Erasable Programmable Read-Only Memory, EEPROM for short), erasable programmable Read-Only Memory (Erasable Programmable Read-Only Memory, EPROM for short), programmable Read-Only Memory (Programmable Read-Only Memory, PROM for short), read-Only Memory (ROM for short), magnetic Memory, flash Memory, magnetic disk, or optical disk. The multimedia component 503 may include a screen and an audio component. Wherein the screen may be, for example, a touch screen, the audio component being for outputting and/or inputting audio signals. For example, the audio component may include a microphone for receiving external audio signals. The received audio signals may be further stored in the memory 502 or transmitted through the communication component 505. The audio assembly further comprises at least one speaker for outputting audio signals. The I/O interface 504 provides an interface between the processor 501 and other interface modules, which may be a keyboard, mouse, buttons, etc. These buttons may be virtual buttons or physical buttons. The communication component 505 is used for wired or wireless communication between the electronic device 500 and other devices. Wireless communication, such as Wi-Fi, bluetooth, near field communication (Near Field Communication, NFC for short), 2G, 3G, 4G, 5G, NB-IOT, eMTC, etc., or a combination of one or more thereof, is not limited herein. Accordingly, the communication component 505 may include: wi-Fi module, bluetooth module, NFC module etc.
In an exemplary embodiment, the electronic device 500 may be implemented by one or more application specific integrated circuits (Application Specific Integrated Circuit, abbreviated as ASIC), digital signal processors (Digital Signal Processor, abbreviated as DSP), digital signal processing devices (Digital Signal Processing Device, abbreviated as DSPD), programmable logic devices (Programmable Logic Device, abbreviated as PLD), field programmable gate arrays (Field Programmable Gate Array, abbreviated as FPGA), controllers, microcontrollers, microprocessors, or other electronic components for performing the key generation methods described above.
In another exemplary embodiment, a computer readable storage medium is also provided, comprising program instructions which, when executed by a processor, implement the steps of the key generation method described above. For example, the computer readable storage medium may be the memory 502 described above including program instructions executable by the processor 501 of the electronic device 500 to perform the key generation method described above.
Fig. 6 is a block diagram of a vehicle according to an exemplary embodiment of the disclosure, and as shown in fig. 6, the vehicle 600 may include the electronic device 500 of the embodiment shown in fig. 5 described above.
The preferred embodiments of the present disclosure have been described in detail above with reference to the accompanying drawings, but the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solutions of the present disclosure within the scope of the technical concept of the present disclosure, and all the simple modifications belong to the protection scope of the present disclosure.
In addition, the specific features described in the foregoing embodiments may be combined in any suitable manner, and in order to avoid unnecessary repetition, the present disclosure does not further describe various possible combinations.
Moreover, any combination between the various embodiments of the present disclosure is possible as long as it does not depart from the spirit of the present disclosure, which should also be construed as the disclosure of the present disclosure.
Claims (10)
1. A key generation method, applied to a terminal, comprising:
obtaining key information corresponding to a terminal from a key server, wherein the key information is pre-generated by the key server according to preset security parameters sent by the terminal, and the key information comprises public parameters and an initial private key;
and generating a target private key according to the public parameter, the initial private key, the user identification information of the terminal and the first encryption parameter which is generated in advance, wherein the target private key is used for decrypting target ciphertext information sent by an information sending end to obtain transmission information sent by the information sending end.
2. The method according to claim 1, wherein the target ciphertext information sent by the information sending terminal includes first ciphertext information and second ciphertext information, the first ciphertext information is ciphertext information obtained by the information sending terminal encrypting the transmission information sent by the information sending terminal according to the generated symmetric encryption key, the second ciphertext information is ciphertext information obtained by the information sending terminal encapsulating the symmetric encryption key generated by the information sending terminal according to the user identification information of the terminal, the public parameter and the user public key corresponding to the terminal;
the method further comprises the steps of:
determining the first ciphertext information and the second ciphertext information from the target ciphertext information sent by the information sending end;
decapsulating the second ciphertext information according to the target private key to obtain a symmetric encryption key generated by the information transmitting end;
and decrypting the first ciphertext information according to the symmetric encryption key generated by the information transmitting end to obtain the transmission information transmitted by the information transmitting end.
3. The method according to claim 2, wherein determining the first ciphertext information and the second ciphertext information from the target ciphertext information transmitted by the information transmitting end includes:
Acquiring preset ciphertext character information, wherein the ciphertext character information comprises character length and initial character information of the first ciphertext information and/or character length and initial character information of the second ciphertext information;
and determining the first ciphertext information and the second ciphertext information from the target ciphertext information sent by the information sending end according to the ciphertext character information.
4. A method according to any one of claims 1 to 3, further comprising:
generating a user public key corresponding to the terminal according to the public parameter, the user identification information of the terminal and the first encryption parameter generated in advance;
and sending the user public key to a key server so that the key server stores the user public key corresponding to the terminal.
5. The method according to claim 4, wherein the method further comprises:
carrying out digital signature on a user public key corresponding to the terminal through a preset signature algorithm to obtain a user signature public key;
the step of sending the user public key to a key server so that the key server stores the user public key corresponding to the terminal comprises the following steps:
And sending the user signature public key to a key server so that the key server stores the user signature public key.
6. The method according to claim 4, wherein the method further comprises:
acquiring a user public key corresponding to an information receiving end from the key server according to user identification information of the information receiving end;
encrypting the transmission information sent by the terminal according to the symmetric encryption key generated by the terminal to obtain third ciphertext information;
according to the user identification information of the information receiving end, the public parameters and the user public key corresponding to the information receiving end, the symmetric encryption key generated by the terminal is packaged to obtain fourth ciphertext information;
obtaining target ciphertext information sent by the terminal according to the third ciphertext information and the fourth ciphertext information;
and sending the target ciphertext information sent by the terminal to the information receiving end.
7. The method according to claim 6, wherein the user public key includes a user signature public key corresponding to the information receiving end, and the user signature public key corresponding to the information receiving end is obtained by digitally signing the user public key corresponding to the information receiving end; the method further comprises the steps of:
Authenticating a user signature public key corresponding to the information receiving end;
the step of packaging the symmetric encryption key generated by the terminal to obtain fourth ciphertext information according to the user identification information of the information receiving end, the public parameters and the user public key corresponding to the information receiving end comprises the following steps:
and after the user signature public key corresponding to the information receiving end passes the authentication, the symmetric encryption key generated by the terminal is packaged according to the user identification information of the information receiving end, the public parameters and the user signature public key corresponding to the information receiving end to obtain the fourth ciphertext information.
8. A non-transitory computer readable storage medium having stored thereon a computer program, characterized in that the program when executed by a processor realizes the steps of the method according to any of claims 1-7.
9. An electronic device, comprising: a memory having a computer program stored thereon;
a processor for executing the computer program in the memory to implement the steps of the method of any one of claims 1-7.
10. A vehicle comprising an electronic device according to claim 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210629350.9A CN117200982A (en) | 2022-05-31 | 2022-05-31 | Key generation method, storage medium, electronic device, and vehicle |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210629350.9A CN117200982A (en) | 2022-05-31 | 2022-05-31 | Key generation method, storage medium, electronic device, and vehicle |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117200982A true CN117200982A (en) | 2023-12-08 |
Family
ID=88992973
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210629350.9A Pending CN117200982A (en) | 2022-05-31 | 2022-05-31 | Key generation method, storage medium, electronic device, and vehicle |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117200982A (en) |
-
2022
- 2022-05-31 CN CN202210629350.9A patent/CN117200982A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10708062B2 (en) | In-vehicle information communication system and authentication method | |
| CN105978917B (en) | A kind of system and method for trusted application safety certification | |
| CN110401615B (en) | Identity authentication method, device, equipment, system and readable storage medium | |
| CN108600222B (en) | Communication method, system and terminal of client application and trusted application | |
| CN107317677B (en) | Secret key storage and equipment identity authentication method and device | |
| CN109150897B (en) | End-to-end communication encryption method and device | |
| CN107733652B (en) | Unlocking method and system for shared vehicle and vehicle lock | |
| KR20140023799A (en) | Method for guarantying the confidentiality and integrity of a data in controller area networks | |
| CN113615220B (en) | Secure communication method and device | |
| CN113378119B (en) | Software authorization method, device, equipment and storage medium | |
| CN112241527B (en) | Secret key generation method and system of terminal equipment of Internet of things and electronic equipment | |
| CN113438205B (en) | Block chain data access control method, node and system | |
| CN112003697B (en) | Encryption and decryption method and device for cryptographic module, electronic equipment and computer storage medium | |
| KR20170097771A (en) | A method for verifying the integrity of a secure electronic entity, an electronic device, and data stored in the secure electronic entity | |
| CN111181944B (en) | Communication system, information distribution method, device, medium, and apparatus | |
| CN113868684A (en) | Signature method, device, server, medium and signature system | |
| CN109218251B (en) | Anti-replay authentication method and system | |
| CN111654503A (en) | Remote control method, device, equipment and storage medium | |
| CN113079511A (en) | Method, device, vehicle and storage medium for information sharing between vehicles | |
| CN112364335B (en) | Identification identity authentication method and device, electronic equipment and storage medium | |
| CN117436043A (en) | Method and device for verifying source of file to be executed and readable storage medium | |
| CN115868189A (en) | Method, vehicle, terminal and system for establishing vehicle safety communication | |
| CN116599719A (en) | User login authentication method, device, equipment and storage medium | |
| CN114554485B (en) | Asynchronous session key negotiation and application method, system, electronic equipment and medium | |
| JP2016152438A (en) | Software updating device, portable terminal and software updating system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |