CN117278234A - Network communication system, short-length symmetric encryption and decryption method and device - Google Patents

Network communication system, short-length symmetric encryption and decryption method and device Download PDF

Info

Publication number
CN117278234A
CN117278234A CN202210673795.7A CN202210673795A CN117278234A CN 117278234 A CN117278234 A CN 117278234A CN 202210673795 A CN202210673795 A CN 202210673795A CN 117278234 A CN117278234 A CN 117278234A
Authority
CN
China
Prior art keywords
data
character
decrypted
transport network
optical transport
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210673795.7A
Other languages
Chinese (zh)
Inventor
赵国永
霍晓莉
武晓锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202210673795.7A priority Critical patent/CN117278234A/en
Publication of CN117278234A publication Critical patent/CN117278234A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators

Abstract

The embodiment of the disclosure provides a network communication system, a short-length symmetric encryption and decryption method and a device, wherein the system comprises: access optical transport network equipment, management and control equipment and service equipment; the control device encrypts target data by using a short-length symmetric encryption method by acquiring the target data to be encrypted of the access optical transport network device to obtain encrypted data, and sends connection information comprising the encrypted data to the service device; the service equipment decrypts by using a short-length decryption method to obtain decrypted data, and sends handshake information containing the decrypted data to the access type optical transport network equipment; and the access type optical transport network equipment verifies the handshake information, and establishes connection with the service equipment if the verification is passed. The data encrypted by the short-length symmetric encryption method has a short length, so that the storage space is saved, and the computing resource is saved.

Description

Network communication system, short-length symmetric encryption and decryption method and device
Technical Field
The disclosure relates to the technical field of network security, and in particular relates to a network communication system, a short-length symmetric encryption method, a short-length symmetric decryption device and a short-length symmetric encryption device.
Background
In the technical field of network security, aiming at an access type OTN (Optical Transport Network ) device needing to be managed, a netcon protocol (an XML-based network configuration protocol) is generally adopted to conduct straight pipe, so that a password exposed in an interface is easy to intercept, DES (Data Encryption Standard, a data encryption standard, a block algorithm using key encryption), 3DES (triple data encryption algorithm block cipher), blowfish (block encryption algorithm), RC5 (variable parameter block cipher algorithm), IDEA (International Data Encryption Algorithm ) and other symmetric encryption algorithms are generally adopted to encrypt the password in order to increase the security of the password, but by adopting the algorithm, the encryption and decryption algorithm is complex, more calculation resources are wasted, the calculated result is much longer than the original text, and the storage space is wasted.
Disclosure of Invention
The embodiment of the disclosure aims to provide a network communication system, a short-length symmetric encryption and decryption method and device, so that the encrypted data length is short, the storage space is saved, and the computing resources are saved. The specific technical scheme is as follows:
In a first aspect, embodiments of the present disclosure provide a network communication system, including:
access optical transport network equipment, management and control equipment and service equipment;
the control device is used for acquiring target data to be encrypted of the access type optical transport network device; encrypting the target data by using a base64 encryption method to obtain primary encrypted data; splitting the primary encrypted data into a plurality of single characters, and respectively converting each single character into corresponding numbers according to ASCII codes; for each number, if the number is 61, the counter is incremented by a preset first value; if the number is not 61, adding a preset second number to the number to obtain the updated number; converting the number updated by the number into a corresponding single character according to the ASCII code to obtain a coded single character of the number; sequencing the numerical value of the counter and each coded single character according to a first preset sequence to obtain encrypted data of the target data; transmitting connection information including the encrypted data to the service device;
the service equipment is used for receiving the connection information; extracting a field in which the encrypted data is located in the connection information to obtain data to be decrypted; decrypting the data to be decrypted to obtain decrypted data; transmitting handshake information comprising the decrypted data to the access optical transport network device;
The access optical transport network device is configured to receive the handshake information, verify the decrypted data in the handshake information based on the target data in the access optical transport network device, and establish connection with the service device if the verification is passed.
In a possible implementation manner, the service device is specifically configured to: sequencing all characters in the data to be decrypted according to a second preset sequence to obtain all coded single characters and counter numbers; aiming at each encoded single character, converting the encoded single character into a corresponding number according to ASCII codes to obtain a first number of the encoded single character; subtracting a preset second numerical value from the first numerical value of the encoded single character to obtain a second numerical value of the encoded single character; converting the second number of the encoded single character into a corresponding character according to the ASCII code to obtain a primary decryption character of the encoded single character; determining the number of equal sign characters according to the counter number, and adding a corresponding number of equal signs after each character string formed by the primary decryption characters to obtain primary decryption data; and decrypting the primary decrypted data by using a base64 decryption method to obtain decrypted data.
In a possible implementation manner, the connection information further includes an address, a user name and a port number of the access optical transport network device;
the service device is specifically configured to send handshake information including the decrypted data and the user name to the access optical transport network device by adopting a secure shell protocol according to an address and a port number of the access optical transport network device in the connection information;
the access optical transport network device is specifically configured to receive the handshake information, verify the decrypted data and the user name in the handshake information based on the target data and the user name in the access optical transport network device, and establish connection with the service device if the verification is passed.
In a possible implementation manner, the service device is further configured to: and if the decryption of the data to be decrypted fails, sending handshake information comprising the data to be decrypted to the access type optical transport network equipment.
In a second aspect, embodiments of the present disclosure provide a short-length symmetric encryption method, the method including:
acquiring target data to be encrypted of access type optical transport network equipment;
encrypting the target data by using a base64 encryption method to obtain primary encrypted data;
Splitting the primary encrypted data into a plurality of single characters, and respectively converting each single character into corresponding numbers according to ASCII codes;
for each number, if the number is 61, the counter is incremented by a preset first value; if the number is not 61, adding a preset second number to the number to obtain the updated number; converting the number updated by the number into a corresponding single character according to the ASCII code to obtain a coded single character of the number;
and sequencing the encoded single characters and the numerical values of the counter according to a first preset sequence to obtain encrypted data of the target data.
In one possible implementation manner, the sorting the encoded single characters and the numerical values of the counter according to a first preset order to obtain encrypted data of the target data includes:
and sequencing each coded single character according to the sequence of the character string sequence, and placing the numerical value of the counter at the forefront of the sequence to obtain the encrypted data of the target data.
In one possible implementation manner, the target data to be encrypted is password data of an access optical transport network device;
The method further comprises the steps of:
and sending connection information comprising the encrypted data, the address, the user name and the port number of the access type optical transport network device to the service device, so that the service device establishes connection with the access type optical transport network device based on the connection information.
In a third aspect, embodiments of the present disclosure provide a short-length symmetric decryption method, the method including:
obtaining data to be decrypted;
sequencing all characters in the data to be decrypted according to a second preset sequence to obtain counter numbers and all coded single characters;
aiming at each encoded single character, converting the encoded single character into a corresponding number according to ASCII codes to obtain a first number of the encoded single character;
subtracting a preset second numerical value from the first numerical value of the encoded single character to obtain a second numerical value of the encoded single character;
converting the second number of the encoded single character into a corresponding character according to the ASCII code to obtain a primary decryption character of the encoded single character;
determining the number of equal sign characters according to the counter number, and adding a corresponding number of equal signs after each character string formed by the primary decryption characters to obtain primary decryption data;
And decrypting the primary decrypted data by using a base64 decryption method to obtain target data.
In one possible implementation manner, the sorting of the characters in the data to be decrypted according to the second preset sequence is performed to obtain counter numbers and encoded single characters;
and sequencing all the characters in the data to be decrypted according to the sequence of the character strings to obtain a sequenced character sequence, wherein the last character of the sequenced character sequence is a counter number, and the other characters are single characters after coding in sequence.
In a possible implementation manner, the acquiring data to be decrypted includes:
receiving connection information sent by a management and control device, wherein the connection information comprises encrypted data, an address, a user name and a port number of an access optical transport network device;
extracting a field in which the encrypted data is located in the connection information to obtain data to be decrypted;
the method further comprises the steps of:
and transmitting handshake information comprising the decrypted data and the user name to the access optical transport network equipment by adopting a secure shell protocol according to the address and the port number of the access optical transport network equipment.
In a fourth aspect, embodiments of the present disclosure provide a short-length symmetric encryption apparatus, the apparatus including:
the acquisition module is used for acquiring target data to be encrypted of the access type optical transport network equipment;
the primary encryption module is used for encrypting the target data by utilizing a base64 encryption device to obtain primary encrypted data;
the digital conversion module is used for splitting the primary encrypted data into a plurality of single characters and respectively converting each single character into a corresponding number according to ASCII codes;
the character conversion module is used for aiming at each number, if the number is 61, the counter is increased by a preset first value; if the number is not 61, adding a preset second number to the number to obtain the updated number; converting the number updated by the number into a corresponding single character according to the ASCII code to obtain a coded single character of the number;
and the generation module is used for sequencing the encoded single characters and the numerical values of the counter according to a first preset sequence to obtain encrypted data of the target data.
In a possible implementation manner, the generating module is specifically configured to:
and sequencing each coded single character according to the sequence of the character string sequence, and placing the numerical value of the counter at the forefront of the sequence to obtain the encrypted data of the target data.
In one possible implementation manner, the target data to be encrypted is password data of an access optical transport network device;
the apparatus further comprises:
and the connection information sending module is used for sending the connection information comprising the encrypted data, the address, the user name and the port number of the access type optical transport network device to the service device so that the service device establishes connection with the access type optical transport network device based on the connection information.
In a fifth aspect, embodiments of the present disclosure provide a short-length symmetric decryption apparatus, the apparatus comprising:
the acquisition module is used for acquiring data to be decrypted;
the ordering module is used for ordering all the characters in the data to be decrypted according to a second preset sequence to obtain counter numbers and all the encoded single characters;
the first digital generation module is used for converting each encoded single character into a corresponding number according to ASCII codes to obtain a first number of the encoded single character;
the second digital generation module is used for subtracting a preset second numerical value from the first digital value of the encoded single character to obtain a second digital value of the encoded single character;
The character generation module is used for converting the second number of the encoded single character into a corresponding character according to the ASCII code to obtain a primary decryption character of the encoded single character;
the primary decryption data generation module is used for determining the number of equal sign characters according to the counter numbers, and adding corresponding number of equal signs after the character string formed by each primary decryption character to obtain primary decryption data;
and the generation module is used for decrypting the primary decrypted data by utilizing the base64 decryption device to obtain target data.
In a possible implementation manner, the sorting module is specifically configured to: and sequencing all the characters in the data to be decrypted according to the sequence of the character strings to obtain a sequenced character sequence, wherein the last character of the sequenced character sequence is a counter number, and the other characters are single characters after coding in sequence.
In a possible implementation manner, the acquiring data to be decrypted is specifically used for: receiving connection information sent by a management and control device, wherein the connection information comprises encrypted data, an address, a user name and a port number of an access optical transport network device; extracting a field in which the encrypted data is located in the connection information to obtain data to be decrypted;
The apparatus further comprises:
and the handshake information sending module is used for sending handshake information comprising the decrypted data and the user name to the access type optical transport network equipment by adopting a secure shell protocol according to the address and the port number of the access type optical transport network equipment.
In a sixth aspect, an embodiment of the present disclosure provides an electronic device, including a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete communication with each other through the communication bus;
a memory for storing a computer program;
and the processor is used for realizing any one of the short-length symmetric encryption method and the short-length symmetric decryption method when executing the program stored in the memory.
In a seventh aspect, embodiments of the present disclosure provide a computer readable storage medium having a computer program stored therein, which when executed by a processor, implements any of the method steps of the short-length symmetric encryption method or short-length symmetric decryption.
The beneficial effects of the embodiment of the disclosure are that:
the embodiment of the disclosure provides a network communication system, a short-length symmetric encryption and decryption method and a device, which are implemented by acquiring target data to be encrypted of access type optical transport network equipment; encrypting the target data by using a base64 encryption method to obtain primary encrypted data; splitting the primary encrypted data into a plurality of single characters, and respectively converting each single character into corresponding numbers according to ASCII codes; for each number, if the number is 61, the counter is incremented by a preset first value; if the number is not 61, adding a preset second number to the number to obtain the updated number; converting the number updated by the number into a corresponding single character according to the ASCII code to obtain a coded single character of the number; and sequencing the numerical value of the counter and each coded single character according to a first preset sequence to obtain encrypted data of the target data. The data length obtained by the base64 encryption method is far smaller than the data length obtained by the encryption methods such as DES,3DES,Blowfish,RC5,IDEA, and the data length of the encrypted data cannot exceed the data length of the primary encrypted data, so that the encrypted data length is shorter, the storage space is saved, the encryption method is simple, and compared with the encryption methods such as DES,3DES, blowfish, RC, IDEA and the like, the computing resource is greatly saved.
Of course, not all of the above-described advantages need be achieved simultaneously in practicing any one of the products or methods of the present disclosure.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the following description will briefly introduce the drawings that are required to be used in the embodiments or the description of the prior art, and it is apparent that the drawings in the following description are only some embodiments of the present disclosure, and other embodiments may be obtained according to these drawings to those of ordinary skill in the art.
FIG. 1a is an interactive schematic diagram of a network communication system provided by an embodiment of the present disclosure;
FIG. 1b is a detailed interactive schematic diagram of a network communication system provided by an embodiment of the present disclosure;
FIG. 2 is a flow chart of a short length symmetric encryption method provided by an embodiment of the present disclosure;
FIG. 3 is a flow chart of a short length symmetric decryption method provided by an embodiment of the present disclosure;
FIG. 4 is a schematic diagram of a short-length symmetric encryption device provided by an embodiment of the present disclosure;
FIG. 5 is a schematic diagram of a short-length symmetric decryption device provided in an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of an electronic device provided in an embodiment of the present disclosure;
Detailed Description
The following description of the technical solutions in the embodiments of the present disclosure will be made clearly and completely with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are only some embodiments of the present disclosure, not all embodiments. Based on the embodiments in the present disclosure, all other embodiments obtained by one of ordinary skill in the art based on the present disclosure are within the scope of the present disclosure.
In the technical field of network security, aiming at an access type OTN (Optical Transport Network ) device needing to be managed, a netcon protocol (an XML-based network configuration protocol) is generally adopted to perform a straight pipe, so that a password exposed in an interface is easy to intercept, and in order to increase the security of the password, the password needs to be encrypted, thereby protecting the connection information of the device from being leaked.
Symmetric encryption algorithms are currently commonly used in the industry because the result of asymmetric encryption is irreversible or difficult to recover. At present, DES (Data Encryption Standard, data encryption standard, a block algorithm using key encryption), 3DES (triple data encryption algorithm block cipher), blowfish (block encryption algorithm), RC5 (variable parameter block cipher algorithm), IDEA (International Data Encryption Algorithm ) and other symmetric encryption algorithms are commonly adopted to encrypt the cipher, but the encryption and decryption algorithms are complex by adopting the above algorithms, so that more calculation resources are wasted, the calculated result is much longer than the original text, and more resources are occupied by the transmission and storage than the plain text, thus wasting storage space.
Thus, for some scenarios that require simple encryption, but do not want to consume more resources because encryption is introduced, it is not suitable.
In view of this, the embodiments of the present disclosure provide a network communication system, a short-length symmetric encryption method, a short-length symmetric decryption method, and a short-length symmetric encryption device, which are respectively described in detail below:
the disclosed embodiment provides a network communication system, referring to fig. 1a, as shown in fig. 1a, the system includes:
access optical transport network equipment, management and control equipment and service equipment;
the control device is used for acquiring target data to be encrypted of the access type optical transport network device; encrypting the target data by using a base64 encryption method to obtain primary encrypted data; splitting the primary encrypted data into a plurality of single characters, and respectively converting each single character into a corresponding number according to ASCII codes (American Standard Code for Information Interchange, american information interchange standard codes); for each number, if the number is 61, the counter is incremented by a preset first value; if the number is not 61, adding a preset second number to the number to obtain the updated number; converting the number updated by the number into a corresponding single character according to the ASCII code to obtain a coded single character of the number; sequencing the numerical value of the counter and each coded single character according to a first preset sequence to obtain encrypted data of the target data; and sending the connection information comprising the encrypted data to the service equipment.
The preset first value may be set in a customized manner according to the actual situation, for example, set to 1, 2 or 3, etc., and the preset second value may be set in a customized manner according to the actual situation, for example, set to-1, 2 or 3, etc. Taking decimal as an example, the value range of the ASCII code table value is 0-127, so that for a given number i and a preset second number n, when i+n is not more than 127, the number updated by the number i is i+n; when i+n is greater than 127, the updated number of the number i is i+n-128.
In the ASCII code, the number 61 corresponds to =, and the primary encrypted data obtained by encrypting with the Base64 encryption algorithm = only appears at the tail of the character string, so the number of the numbers 61 can be counted to obtain the number of the tail = of the primary encrypted data, and when the number = is greater than 1, the length of the encrypted data can be further reduced; besides the tail, other digits of the primary encrypted data cannot comprise=, so that the condition of middle bit dislocation cannot occur, and normal encoding and decoding of other digits cannot be affected.
In the process of encrypting the target data, if only Base64 is used for encrypting the target data, although the encryption method is simpler, the Base64 algorithm can be directly used for decrypting the target data to obtain the original text, and the original text is easy to identify and crack, so that the embodiment of the disclosure can encrypt the target data by using the Base64 encryption method to obtain primary encrypted data, and the subsequent encryption step is continuously carried out on the encrypted data on the basis of the primary encrypted data, so that the encrypted data is not easy to identify and crack by an attacker.
In a possible implementation manner, the connection information may further include an address, a user name, and a port number of the access optical transport network device. In one example, the management and control device sends the address, the user name, the port number and the encrypted password data connected to the access optical transport network device to the service device.
The service equipment is used for receiving the connection information; extracting a field in which the encrypted data is located in the connection information to obtain data to be decrypted; decrypting the data to be decrypted to obtain decrypted data; and sending handshake information comprising the decrypted data to the access optical transport network device.
The encrypted password data are stored in a preset field of the connection information, and the service equipment extracts the data in the preset field to obtain the data to be decrypted and decrypts the data to be decrypted. Because symmetric encryption algorithms are employed in this disclosure, the decryption process may be considered as the inverse of the encryption process. In a possible implementation manner, the service device is specifically configured to: sequencing all characters in the data to be decrypted according to a second preset sequence to obtain all coded single characters and counter numbers; aiming at each encoded single character, converting the encoded single character into a corresponding number according to ASCII codes to obtain a first number of the encoded single character; subtracting a preset second numerical value from the first numerical value of the encoded single character to obtain a second numerical value of the encoded single character; converting the second number of the encoded single character into a corresponding character according to the ASCII code to obtain a primary decryption character of the encoded single character; determining the number of equal sign characters according to the counter number, and adding a corresponding number of equal signs after each character string formed by the primary decryption characters to obtain primary decryption data; and decrypting the primary decrypted data by using a base64 decryption method to obtain decrypted data.
The second preset sequence corresponds to the first preset sequence and is used for restoring the sequence before the first preset sequence is sequenced. For example, the first predetermined sequence is to arrange the character strings in a description manner, and the second predetermined sequence is to arrange the character strings in a description manner, so that the character sequence is restored to the sequence before being ordered in the first predetermined sequence. Taking decimal as an example, the value range of the ASCII code table value is 0-127, so that for a given number j and a preset second number n, when i-n is not less than 0, the number updated by the number i is i-n; when i-n is less than 0, the updated number of the number i is i-n+128.
The service device decrypts the data to be decrypted in the received connection information by utilizing the step logically inverted to the encryption step of the management and control device in the embodiment of the present disclosure, so as to ensure the normal decryption of the data to be decrypted, and obtain the decrypted data, that is, obtain the target data to be encrypted of the access optical transport network device, that is, the original password.
In some scenarios, some of the management and control devices may not have cryptographic functionality, given that the management and control devices of different vendors are different. In one possible implementation manner, if the decryption of the data to be decrypted fails, the service device sends handshake information including the data to be decrypted to the access optical transport network device.
The failure of decrypting the data to be decrypted may be that the service device fails to decrypt the data, for example, the service device fails to decrypt the data by using the base64 algorithm, because the connection information received by the service device is not from the management and control device in the embodiment of the disclosure, but from other devices, and the connection information of other devices does not include the encrypted data in the embodiment of the disclosure. When decryption fails, the handshake attempt is directly attempted by utilizing the original text of the data to be decrypted, so that the method can be suitable for the unencrypted situation.
The data to be decrypted may be encrypted data, or may be an unencrypted original password contained in connection information sent by other devices. Therefore, when the decryption of the data to be decrypted fails, the service equipment possibly receives unencrypted connection information from other equipment, and therefore, the data to be decrypted, which is an unencrypted original password contained in the connection information sent by the equipment, can be sent to the access type optical transport network equipment by sending the handshake information comprising the data to be decrypted to the access type optical transport network equipment, so that the handshake information containing the original password can be normally sent to the access type optical transport network equipment when the connection information from other equipment is received.
In a possible implementation manner, the service device may further send handshake information including the decrypted data and the user name to the access optical transport network device by using a secure shell protocol according to an address and a port number of the access optical transport network device in the connection information.
By adopting the secure shell protocol, the handshake information is sent to the access type optical transport network equipment, so that the whole encryption of the handshake process is ensured, and the communication process is safe and reliable.
The access optical transport network device is configured to receive the handshake information, verify the decrypted data in the handshake information based on the target data in the access optical transport network device, and establish connection with the service device if the verification is passed.
In one possible implementation manner, the access optical transport network device may be specifically configured to receive the handshake information, verify the decrypted data and the user name in the handshake information based on the target data and the user name in the access optical transport network device, and establish a connection with the service device if the verification is passed.
In one example, after receiving handshake information from service equipment, the access optical transport network device searches for a corresponding user name stored in the access optical transport network device and a password corresponding to the user name according to the user name in the handshake information of the service equipment, verifies whether the password corresponding to the user name is consistent with decrypted data in the received handshake information, and if so, establishes connection with the service equipment.
The following takes raisecom as an example of target data to be encrypted, and compares encrypted data obtained by various encryption algorithms:
encryption result of AES algorithm: u2 FsdGVkX1+3n6xVyja6S7arv8Tshln4+KAhpHEVIiI=
Encryption result of DES algorithm: u2FsdGVkX18OXMTnY28jtouam spisopalraaad 6tGh I =
RC4 algorithm encryption result: u2FsdGVkX18yPay+qE7F8jKVEOTfoTtg
3DES algorithm encryption result: u2FsdGVkX1+GqDQ5a9J0ii8aFC/1mGqHarIL53 altbg=
Base64 algorithm encryption result: cmFpc2Vjb20 =
Encryption results of the present disclosure: 113ckW dqGnd
It can be seen that the length of the encryption result of the present disclosure is far smaller than that of the encryption result of the algorithms AES, DES, RC, 3DES, etc.; and the length of the encryption result of the method is not larger than that of the encryption result of the Base64 algorithm, and the method has higher security compared with the Base64 algorithm.
Therefore, the character string encrypted by the short-length symmetric encryption method of the embodiment of the disclosure has short length, is 1/4 to 1/2 of the common encryption algorithm, optimizes the storage space, has simple method, occupies less calculation resources, and has much lower calculation intensity than the industry algorithms such as DES and 3 DES. Therefore, the method is suitable for a scene of paying attention to the length of an encryption result, and has low requirements on encryption strength, but does not want to consume more resources because encryption is introduced.
In practical applications, the information of the access optical transport network device needs to be registered in the service device, the service device or the management and control device calls an API (Application Programming Interface, application program interface), and the information of the access optical transport network device is transferred to the interface layer, and if the process is sensitive to plaintext, the connection password of the access optical transport network device needs to be encrypted in the process of transmitting the information of the access optical transport network device by the API call interface. The following will describe a process of establishing a connection between an access optical transport network device of a manufacturer and a service device by using a secure shell protocol, see fig. 1b:
1. the maintainer is connected with the access type optical transmission network equipment and provides an address, a port, a user name and a password for the connection of the access type optical transmission network equipment;
2. the service module of the management and control equipment encrypts the password to obtain encrypted data, calls a connect interface, and sends the encrypted data, the address, the port and the user name to the service equipment; the connection interface is a connection interface defined by an interface API;
3. the protocol module of the service equipment decrypts the received encrypted data to obtain decrypted data; the decryption step of the service equipment is logically inverted with the encryption step of the management and control equipment;
4. If the decryption is successful, the protocol module of the service equipment adopts SSH (secure shell protocol), and sends handshake information comprising decrypted data to the access type optical transport network equipment, and handshake is carried out with the access type optical transport network equipment, so as to establish netconf connection with the access type optical transport network equipment;
under the protection of the SSH safety tunnel, the password connected with the access type optical transport network equipment is also protected, so that the whole-course sectional encryption protection is established;
5. if decryption fails, sending handshake information containing un-decrypted data, and establishing connection with the access type optical transport network equipment;
6. the access type optical transport network equipment verifies the data to be decrypted, and returns a connection state or error information to the service equipment.
In the embodiment of the disclosure, the management and control equipment encrypts the password of the user, the service equipment decrypts the encrypted password, and adopts the secure shell protocol to send decrypted data, so that connection is established with the access type optical transport network equipment, and the protection of the connection information of the access type optical transport network equipment from leakage is realized. The encryption process of the management and control equipment and the decryption process of the service equipment are simpler, the calculation resources are saved, and because the encrypted data is shorter in length, the resources occupied by transmission and storage are fewer, and the storage space is saved, so that the method is suitable for the scenes that the encryption is required to be simple, the encryption strength requirement is not high, and more resources are not consumed because the encryption is introduced.
The embodiment of the disclosure also provides a short-length symmetric encryption method, referring to fig. 2, the method includes:
s201, obtaining target data to be encrypted of the access type optical transport network equipment.
In one possible implementation manner, the target data to be encrypted is password data of an access optical transport network device.
S202, encrypting the target data by using a base64 encryption method to obtain primary encrypted data.
If the target data is encrypted only by Base64, the encryption method is relatively simple, so that the target data can be easily identified and cracked. The disclosed embodiments utilize a base64 encryption method to encrypt the target data once as an intermediate step of the encryption process.
S203, splitting the primary encrypted data into a plurality of single characters, and respectively converting each single character into a corresponding number according to ASCII codes.
S204, for each number, if the number is 61, the counter is increased by a preset first value; if the number is not 61, adding a preset second number to the number to obtain the updated number; and converting the number updated by the number into a corresponding single character according to the ASCII code to obtain the encoded single character of the number.
In one possible implementation, each encoded single character may be appended to a pre-established buffer.
S205, sorting the encoded single characters and the numerical values of the counter according to a first preset sequence to obtain the encrypted data of the target data.
In the embodiment of the disclosure, the base64 encryption method is utilized to encrypt the target data to obtain primary encrypted data, the data length of the primary encrypted data is far smaller than the data length obtained by the encryption methods such as DES,3DES,Blowfish,RC5,IDEA, and the data length of the encrypted data does not exceed the data length of the primary encrypted data, so that the data length after encryption is shorter, the storage space is saved, the encryption method in the disclosure is simple, and compared with the encryption methods such as DES,3DES, blowfish, RC, IDEA, and the like, the calculation resources are greatly saved.
In one possible embodiment, the steps may include: and sequencing each coded single character according to the sequence of the character string sequence, and placing the numerical value of the counter at the forefront of the sequence to obtain the encrypted data of the target data. In one example, the sequence described above in the order of the character strings may be formed by reversing the buffer to form a character array in the reverse order, then forming a new character string from the reversed buffer, and adding a counter value to the front of the character string as encrypted data.
In a possible implementation manner, after the encryption of the data to be encrypted is completed, connection information including the encrypted data, an address, a user name and a port number of the access optical transport network device may be sent to the service device, so that the service device establishes a connection with the access optical transport network device based on the connection information.
Taking target data to be encrypted as raisecom as an example, the result of the encrypted data obtained by each encryption algorithm is shown as follows:
AES:U2FsdGVkX1+3n6xVyja6S7arv8Twhln4+KAhpHEVIiI=
DES:U2FsdGVkX18OXMTnY28jTouAmSPiSoPalrAaD6tGh9I=
RC4:U2FsdGVkX18yPay+qE7F8jKVEOTfoTtg
3DES:U2FsdGVkX1+GqDQ5a9J0ii8aFC/1mGqHarIL53altbg=
Base64:cmFpc2Vjb20=
embodiments of the present disclosure: 113ckW dqGnd
The specific encryption process of the short-length symmetric encryption method provided by the embodiment of the disclosure is as follows:
step one, obtaining target data to be encrypted: raiseacom.
Step two, encrypting the target data by using a base64 encryption method to obtain primary encrypted data: cmFpc2Vjb20 =.
Step three, splitting the primary encrypted data into a plurality of single characters, and respectively converting each single character into corresponding numbers according to ASCII codes: 99 109 70 112 99 50 86 106 98 50 48 61.
Step four, for each number, if the number is 61, the counter is increased by 1; if the number is not 61, the number is increased by 1, and the updated number is obtained; the updated numbers are in turn: 100 110 71 113 100 51 87 107 99 51 49 the counter has a value of 1 (number 61 is used for counting the counter and is not used for generating updated numbers).
Step five, converting each updated number into a corresponding single character according to ASCII codes, and obtaining each coded single character sequentially as follows: dn gqd3wkc3 1.
Step six, sequencing the coded single characters and the numerical values of the counter according to the description to obtain encrypted data of the target data: 113ckW dqGnd.
Compared with the prior art, the short-length symmetric encryption method has the advantages that the length of the character string encrypted by the short-length symmetric encryption method is short and small, the storage space is optimized for 1/4 to 1/2 of the common encryption algorithm, the method is simple, the occupied computing resources are less, and the computing intensity is much lower than that of the industry algorithms such as DES and 3 DES. Therefore, the method is suitable for a scene of paying attention to the length of an encryption result, and has low requirements on encryption strength, but does not want to consume more resources because encryption is introduced.
The embodiment of the disclosure also provides a short-length symmetric decryption method, referring to fig. 3, the method includes:
s301, obtaining data to be decrypted.
In a possible implementation manner, the acquiring data to be decrypted may include: receiving connection information sent by a management and control device, wherein the connection information comprises encrypted data, an address, a user name and a port number of an access optical transport network device; and extracting a field in which the encrypted data is positioned in the connection information to obtain the data to be decrypted.
S302, sequencing all characters in the data to be decrypted according to a second preset sequence to obtain counter numbers and all coded single characters.
In a possible implementation manner, the steps may specifically include: and sequencing all the characters in the data to be decrypted according to the sequence of the character strings to obtain a sequenced character sequence, wherein the last character of the sequenced character sequence is a counter number, and the other characters are single characters after coding in sequence.
S303, for each encoded single character, converting the encoded single character into a corresponding number according to ASCII codes to obtain a first number of the encoded single character.
S304, subtracting a preset second numerical value from the first numerical value of the encoded single character to obtain a second numerical value of the encoded single character.
S305, converting the second number of the encoded single character into a corresponding character according to the ASCII code, and obtaining the one-time decryption character of the encoded single character.
S306, determining the number of the equal sign characters according to the counter numbers, and adding the corresponding number of equal signs after the character string formed by each decryption character to obtain the decryption data.
S307, decrypting the primary decrypted data by using a base64 decryption method to obtain target data.
In one example, the data to be decrypted is an illegal character string, and when decryption is performed by using the Base64 decryption method, an exception is caused, and the exception can be captured and exception information is returned.
In one possible implementation manner, the decrypting of the data to be decrypted is completed to obtain the target data, and then, according to the address and the port number of the access optical transport network device, a secure shell protocol is adopted to send handshake information including the decrypted data and the user name to the access optical transport network device. Therefore, the access type optical transport network equipment verifies the information according to the handshake information and returns the connection state or error information.
In the embodiment of the disclosure, the service device decrypts the data to be decrypted by using the decryption step logically inverted to the encryption step of the short-length symmetric encryption method provided by the embodiment of the disclosure, so that normal decryption of the data to be decrypted is ensured, decrypted data, namely an original password, is obtained, and the decryption process is simpler, so that too much calculation resources are not occupied.
Based on the same inventive concept as the short-length symmetric encryption method, the embodiments of the present disclosure further provide a short-length symmetric encryption apparatus, referring to fig. 4, including:
An obtaining module 41, configured to obtain target data to be encrypted of an access optical transport network device;
the primary encryption module 42 is configured to encrypt the target data by using a base64 encryption device to obtain primary encrypted data;
a digital conversion module 43, configured to split the primary encrypted data into a plurality of single characters, and convert each single character into a corresponding number according to an ASCII code;
the character conversion module 44 is configured to increment the counter by a preset first value for each number if the number is 61; if the number is not 61, adding a preset second number to the number to obtain the updated number; converting the number updated by the number into a corresponding single character according to the ASCII code to obtain a coded single character of the number;
and the generating module 45 is configured to sort the encoded single characters and the numerical values of the counter according to a first preset sequence, so as to obtain encrypted data of the target data.
In one possible implementation manner, the generating module may be specifically configured to sort the encoded single characters according to the sequence of the character string sequence, and place the value of the counter at the forefront of the sequence, so as to obtain the encrypted data of the target data.
In one possible implementation manner, the target data to be encrypted is password data of an access optical transport network device;
the apparatus may further include:
and the connection information sending module is used for sending the connection information comprising the encrypted data, the address, the user name and the port number of the access type optical transport network device to the service device so that the service device establishes connection with the access type optical transport network device based on the connection information.
The specific manner in which the various modules perform the operations in the apparatus of the above embodiments have been described in detail in connection with the embodiments of the method, and will not be described in detail herein.
Based on the same inventive concept as the short-length symmetric decryption method, the embodiments of the present disclosure further provide a short-length symmetric decryption apparatus, referring to fig. 5, including:
an obtaining module 51, configured to obtain data to be decrypted;
the sorting module 52 is configured to sort each character in the data to be decrypted according to a second preset sequence, so as to obtain a counter number and each encoded single character;
a first number generation module 53, configured to convert, for each encoded single character, the encoded single character into a corresponding number according to ASCII codes, to obtain a first number of the encoded single character;
A second number generating module 54, configured to subtract a preset second value from the first number of the encoded single character to obtain a second number of the encoded single character;
the character generating module 55 is configured to convert the second number of the encoded single character into a corresponding character according to the ASCII code, so as to obtain a primary decrypted character of the encoded single character;
a primary decrypted data generating module 56, configured to determine the number of equal sign characters according to the counter number, and increase a corresponding number of equal signs after the character string formed by each primary decrypted character, so as to obtain primary decrypted data;
the generating module 57 is configured to decrypt the primary decrypted data by using a base64 decrypting device, so as to obtain target data.
In a possible implementation manner, the sorting module may be specifically configured to sort the characters in the data to be decrypted according to the sequence of the character strings, so as to obtain a sorted character sequence, where the last character of the sorted character sequence is a counter number, and the other characters are single characters after encoding in turn.
In a possible implementation manner, the obtaining the data to be decrypted may be specifically used for receiving connection information sent by the management and control device, where the connection information includes encrypted data, an address of the access optical transport network device, a user name and a port number; extracting a field in which the encrypted data is located in the connection information to obtain data to be decrypted;
The apparatus may further include:
and the handshake information sending module is used for sending handshake information comprising the decrypted data and the user name to the access type optical transport network equipment by adopting a secure shell protocol according to the address and the port number of the access type optical transport network equipment.
The specific manner in which the various modules perform the operations in the apparatus of the above embodiments have been described in detail in connection with the embodiments of the method, and will not be described in detail herein.
In a sixth aspect, an embodiment of the present disclosure provides an electronic device, including a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete communication with each other through the communication bus;
a memory for storing a computer program;
a processor configured to implement the method steps of any one of the second and third aspects when executing a program stored on a memory.
In a seventh aspect, embodiments of the present disclosure provide a computer-readable storage medium having a computer program stored therein, which when executed by a processor, implements the method steps of any one of the second and third aspects.
The disclosed embodiment also provides an electronic device, as shown in fig. 6, comprising a processor 11, a communication interface 12, a memory 13 and a communication bus 14, wherein the processor 11, the communication interface 12, the memory 13 complete communication with each other through the communication bus 14,
a memory 13 for storing a computer program;
the processor 11 may be configured to execute a program stored in the memory to implement any of the short-length symmetric encryption method or the short-length symmetric decryption method described above.
The communication bus mentioned above for the electronic devices may be a peripheral component interconnect standard (Peripheral Component Interconnect, PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, etc. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.
The communication interface is used for communication between the electronic device and other devices.
The Memory may include random access Memory (Random Access Memory, RAM) or may include Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.
The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), etc.; but also digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.
In yet another embodiment provided by the present disclosure, there is also provided a computer readable storage medium having stored therein a computer program which, when executed by a processor, implements the steps of any of the short-length symmetric encryption methods or the short-length symmetric decryption methods described above.
In yet another embodiment provided by the present disclosure, there is also provided a computer program product containing instructions that, when run on a computer, cause the computer to perform any of the short-length symmetric encryption methods or the short-length symmetric decryption methods of the above embodiments.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present disclosure, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), etc.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for embodiments of the apparatus, electronic device, storage medium, the description is relatively simple as it is substantially similar to the method embodiments, where relevant see the section description of the method embodiments.
The foregoing description is only of the preferred embodiments of the present disclosure, and is not intended to limit the scope of the present disclosure. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present disclosure are included in the protection scope of the present disclosure.

Claims (18)

1. A network communication system, comprising:
access optical transport network equipment, management and control equipment and service equipment;
the control device is used for acquiring target data to be encrypted of the access type optical transport network device; encrypting the target data by using a base64 encryption method to obtain primary encrypted data; splitting the primary encrypted data into a plurality of single characters, and respectively converting each single character into corresponding numbers according to ASCII codes; for each number, if the number is 61, the counter is incremented by a preset first value; if the number is not 61, adding a preset second number to the number to obtain the updated number; converting the number updated by the number into a corresponding single character according to the ASCII code to obtain a coded single character of the number; sequencing the numerical value of the counter and each coded single character according to a first preset sequence to obtain encrypted data of the target data; transmitting connection information including the encrypted data to the service device;
The service equipment is used for receiving the connection information; extracting a field in which the encrypted data is located in the connection information to obtain data to be decrypted; decrypting the data to be decrypted to obtain decrypted data; transmitting handshake information comprising the decrypted data to the access optical transport network device;
the access optical transport network device is configured to receive the handshake information, verify the decrypted data in the handshake information based on the target data in the access optical transport network device, and establish connection with the service device if the verification is passed.
2. The system according to claim 1, characterized in that said service device is specifically configured to: sequencing all characters in the data to be decrypted according to a second preset sequence to obtain all coded single characters and counter numbers; aiming at each encoded single character, converting the encoded single character into a corresponding number according to ASCII codes to obtain a first number of the encoded single character; subtracting a preset second numerical value from the first numerical value of the encoded single character to obtain a second numerical value of the encoded single character; converting the second number of the encoded single character into a corresponding character according to the ASCII code to obtain a primary decryption character of the encoded single character; determining the number of equal sign characters according to the counter number, and adding a corresponding number of equal signs after each character string formed by the primary decryption characters to obtain primary decryption data; and decrypting the primary decrypted data by using a base64 decryption method to obtain decrypted data.
3. The system of claim 1, wherein the connection information further includes an address, a user name, and a port number of the access optical transport network device;
the service device is specifically configured to send handshake information including the decrypted data and the user name to the access optical transport network device by adopting a secure shell protocol according to an address and a port number of the access optical transport network device in the connection information;
the access optical transport network device is specifically configured to receive the handshake information, verify the decrypted data and the user name in the handshake information based on the target data and the user name in the access optical transport network device, and establish connection with the service device if the verification is passed.
4. The system according to claim 1 or 2, wherein the service device is further configured to: and if the decryption of the data to be decrypted fails, sending handshake information comprising the data to be decrypted to the access type optical transport network equipment.
5. A method of short length symmetric encryption, the method comprising:
acquiring target data to be encrypted of access type optical transport network equipment;
encrypting the target data by using a base64 encryption method to obtain primary encrypted data;
Splitting the primary encrypted data into a plurality of single characters, and respectively converting each single character into corresponding numbers according to ASCII codes;
for each number, if the number is 61, the counter is incremented by a preset first value; if the number is not 61, adding a preset second number to the number to obtain the updated number; converting the number updated by the number into a corresponding single character according to the ASCII code to obtain a coded single character of the number;
and sequencing the encoded single characters and the numerical values of the counter according to a first preset sequence to obtain encrypted data of the target data.
6. The method of claim 5, wherein the sorting the encoded single characters and the counter values in the first predetermined order to obtain the encrypted data of the target data comprises:
and sequencing each coded single character according to the sequence of the character string sequence, and placing the numerical value of the counter at the forefront of the sequence to obtain the encrypted data of the target data.
7. The method according to claim 5, wherein the target data to be encrypted is password data of an access optical transport network device;
The method further comprises the steps of:
and sending connection information comprising the encrypted data, the address, the user name and the port number of the access type optical transport network device to the service device, so that the service device establishes connection with the access type optical transport network device based on the connection information.
8. A short length symmetric decryption method, the method comprising:
obtaining data to be decrypted;
sequencing all characters in the data to be decrypted according to a second preset sequence to obtain counter numbers and all coded single characters;
aiming at each encoded single character, converting the encoded single character into a corresponding number according to ASCII codes to obtain a first number of the encoded single character;
subtracting a preset second numerical value from the first numerical value of the encoded single character to obtain a second numerical value of the encoded single character;
converting the second number of the encoded single character into a corresponding character according to the ASCII code to obtain a primary decryption character of the encoded single character;
determining the number of equal sign characters according to the counter number, and adding a corresponding number of equal signs after each character string formed by the primary decryption characters to obtain primary decryption data;
And decrypting the primary decrypted data by using a base64 decryption method to obtain target data.
9. The method of claim 8, wherein the sorting the characters in the data to be decrypted according to the second predetermined order to obtain the counter number and each encoded single character comprises:
and sequencing all the characters in the data to be decrypted according to the sequence of the character strings to obtain a sequenced character sequence, wherein the last character of the sequenced character sequence is a counter number, and the other characters are single characters after coding in sequence.
10. The method of claim 8, wherein the obtaining the data to be decrypted comprises:
receiving connection information sent by a management and control device, wherein the connection information comprises encrypted data, an address, a user name and a port number of an access optical transport network device;
extracting a field in which the encrypted data is located in the connection information to obtain data to be decrypted;
the method further comprises the steps of:
and transmitting handshake information comprising the decrypted data and the user name to the access optical transport network equipment by adopting a secure shell protocol according to the address and the port number of the access optical transport network equipment.
11. A short length symmetric encryption apparatus, the apparatus comprising:
the acquisition module is used for acquiring target data to be encrypted of the access type optical transport network equipment;
the primary encryption module is used for encrypting the target data by utilizing a base64 encryption device to obtain primary encrypted data;
the digital conversion module is used for splitting the primary encrypted data into a plurality of single characters and respectively converting each single character into a corresponding number according to ASCII codes;
the character conversion module is used for aiming at each number, if the number is 61, the counter is increased by a preset first value; if the number is not 61, adding a preset second number to the number to obtain the updated number; converting the number updated by the number into a corresponding single character according to the ASCII code to obtain a coded single character of the number;
and the generation module is used for sequencing the encoded single characters and the numerical values of the counter according to a first preset sequence to obtain encrypted data of the target data.
12. The apparatus of claim 11, wherein the generating module is specifically configured to:
and sequencing each coded single character according to the sequence of the character string sequence, and placing the numerical value of the counter at the forefront of the sequence to obtain the encrypted data of the target data.
13. The apparatus of claim 11, wherein the target data to be encrypted is password data of an access optical transport network device;
the apparatus further comprises:
and the connection information sending module is used for sending the connection information comprising the encrypted data, the address, the user name and the port number of the access type optical transport network device to the service device so that the service device establishes connection with the access type optical transport network device based on the connection information.
14. A short length symmetric decryption apparatus, the apparatus comprising:
the acquisition module is used for acquiring data to be decrypted;
the ordering module is used for ordering all the characters in the data to be decrypted according to a second preset sequence to obtain counter numbers and all the encoded single characters;
the first digital generation module is used for converting each encoded single character into a corresponding number according to ASCII codes to obtain a first number of the encoded single character;
the second digital generation module is used for subtracting a preset second numerical value from the first digital value of the encoded single character to obtain a second digital value of the encoded single character;
The character generation module is used for converting the second number of the encoded single character into a corresponding character according to the ASCII code to obtain a primary decryption character of the encoded single character;
the primary decryption data generation module is used for determining the number of equal sign characters according to the counter numbers, and adding corresponding number of equal signs after the character string formed by each primary decryption character to obtain primary decryption data;
and the generation module is used for decrypting the primary decrypted data by utilizing the base64 decryption device to obtain target data.
15. The apparatus of claim 14, wherein the ranking module is specifically configured to:
and sequencing all the characters in the data to be decrypted according to the sequence of the character strings to obtain a sequenced character sequence, wherein the last character of the sequenced character sequence is a counter number, and the other characters are single characters after coding in sequence.
16. The apparatus according to claim 14, wherein the obtaining the data to be decrypted is specifically configured to:
receiving connection information sent by a management and control device, wherein the connection information comprises encrypted data, an address, a user name and a port number of an access optical transport network device;
Extracting a field in which the encrypted data is located in the connection information to obtain data to be decrypted;
the apparatus further comprises:
and the handshake information sending module is used for sending handshake information comprising the decrypted data and the user name to the access type optical transport network equipment by adopting a secure shell protocol according to the address and the port number of the access type optical transport network equipment.
17. The electronic equipment is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
a memory for storing a computer program;
a processor for carrying out the method steps of any one of claims 5-10 when executing a program stored on a memory.
18. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored therein a computer program which, when executed by a processor, implements the method steps of any of claims 5-10.
CN202210673795.7A 2022-06-14 2022-06-14 Network communication system, short-length symmetric encryption and decryption method and device Pending CN117278234A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210673795.7A CN117278234A (en) 2022-06-14 2022-06-14 Network communication system, short-length symmetric encryption and decryption method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210673795.7A CN117278234A (en) 2022-06-14 2022-06-14 Network communication system, short-length symmetric encryption and decryption method and device

Publications (1)

Publication Number Publication Date
CN117278234A true CN117278234A (en) 2023-12-22

Family

ID=89206899

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210673795.7A Pending CN117278234A (en) 2022-06-14 2022-06-14 Network communication system, short-length symmetric encryption and decryption method and device

Country Status (1)

Country Link
CN (1) CN117278234A (en)

Similar Documents

Publication Publication Date Title
US8989385B2 (en) Data encryption method, data verification method and electronic apparatus
CN111460453A (en) Machine learning training method, controller, device, server, terminal and medium
CN108880812B (en) Method and system for data encryption
US7894608B2 (en) Secure approach to send data from one system to another
US20170264596A1 (en) Systems and methods for securing electronic data with embedded security engines
CN114285551B (en) Quantum key distribution method, quantum key distribution device, readable storage medium and electronic equipment
CN112469036A (en) Message encryption and decryption method and device, mobile terminal and storage medium
CN112115461B (en) Equipment authentication method and device, computer equipment and storage medium
CN112822177A (en) Data transmission method, device, equipment and storage medium
WO2017006118A1 (en) Secure distributed encryption system and method
CN110048994A (en) A kind of communication means and device
CN112653556A (en) TOKEN-based micro-service security authentication method, device and storage medium
CN117640256B (en) Data encryption method, recommendation device and storage medium of wireless network card
CN116488919B (en) Data processing method, communication node and storage medium
CN111246407B (en) Data encryption and decryption method and device for short message transmission
CN115412365B (en) Data privacy protection method based on multilayer encryption
CN113518244B (en) Digital television signal data transmission method and device based on substitute text combination
CN117278234A (en) Network communication system, short-length symmetric encryption and decryption method and device
CN111737689B (en) Data processing method, processor, electronic device and storage medium
CN108491723A (en) A kind of encryption and decryption method and device of computer
KR101026647B1 (en) Communication security system and method of the same with key derivation cryptographic algorithm
CN113922976A (en) Equipment log transmission method and device, electronic equipment and storage medium
CN106919846B (en) Message middleware processing method and system
CN112202553B (en) Data transmission method, system, electronic device and storage medium
CN115277064B (en) Data encryption and data decryption methods and devices, electronic equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination