CN117335989A - Safety application method in internet system based on national cryptographic algorithm - Google Patents
Safety application method in internet system based on national cryptographic algorithm Download PDFInfo
- Publication number
- CN117335989A CN117335989A CN202311205505.7A CN202311205505A CN117335989A CN 117335989 A CN117335989 A CN 117335989A CN 202311205505 A CN202311205505 A CN 202311205505A CN 117335989 A CN117335989 A CN 117335989A
- Authority
- CN
- China
- Prior art keywords
- certificate
- data
- algorithm
- encryption algorithm
- internet system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000012795 verification Methods 0.000 claims abstract description 18
- 230000005540 biological transmission Effects 0.000 claims abstract description 12
- 238000013496 data integrity verification Methods 0.000 claims abstract description 6
- VBMOHECZZWVLFJ-GXTUVTBFSA-N (2s)-2-[[(2s)-6-amino-2-[[(2s)-6-amino-2-[[(2s,3r)-2-[[(2s,3r)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-2-[[(2s)-2,6-diaminohexanoyl]amino]-5-(diaminomethylideneamino)pentanoyl]amino]propanoyl]amino]hexanoyl]amino]propanoyl]amino]hexan Chemical compound NC(N)=NCCC[C@@H](C(O)=O)NC(=O)[C@H](CCCCN)NC(=O)[C@H](CCCCN)NC(=O)[C@H]([C@@H](C)O)NC(=O)[C@H]([C@H](O)C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCN=C(N)N)NC(=O)[C@@H](N)CCCCN VBMOHECZZWVLFJ-GXTUVTBFSA-N 0.000 claims description 4
- 108010068904 lysyl-arginyl-alanyl-lysyl-alanyl-lysyl-threonyl-threonyl-lysyl-lysyl-arginine Proteins 0.000 claims description 4
- 238000004364 calculation method Methods 0.000 claims description 3
- 238000007726 management method Methods 0.000 description 6
- 238000013459 approach Methods 0.000 description 1
- 239000000969 carrier Substances 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a safe application method in an internet system based on a national encryption algorithm, which utilizes an asymmetric encryption algorithm (SM 2) to generate a public-private key pair for identity verification when a user logs in; encrypting the user data using a symmetric encryption algorithm (SM 4) during data transmission and storage; generating a digital certificate by using an asymmetric encryption algorithm (SM 2) and performing certificate verification; digitally signing said verified certificate by means of an asymmetric encryption algorithm (SM 2); and finally, carrying out hash operation on the data by using a secure hash algorithm (SM 3), generating a data abstract, and carrying out data integrity verification. The invention provides higher security, faster encryption speed and longer key length by adopting the SM4 symmetric encryption algorithm, the SM2 asymmetric encryption algorithm and the SM3 secure hash algorithm, and provides a reliable solution for data protection and identity authentication of the Guangdong code Internet system.
Description
Technical Field
The invention relates to the technical field of Internet, in particular to a safe application method in an Internet system based on a national encryption algorithm.
Background
In the case of the severe form of security of the current internet system, the following problems are commonly existed in the encryption technology applied to each internet system in terms of security:
1) In the internet system, a symmetric encryption algorithm is widely applied to data protection, and a traditional symmetric encryption algorithm (such as AES, DES and the like) has high-efficiency encryption and decryption speeds, but has some challenges in key management and security; 2) Asymmetric encryption algorithms (e.g., RSA, DSA, etc.) provide a more secure way of encryption, where public keys are used for encryption and private keys are used for decryption, however, conventional asymmetric encryption algorithms have some limitations in terms of key length and performance, which are not suitable for the encryption requirements of processing large amounts of data; 3) The hash algorithm (such as MD5, SHA-1 and the like) is used for generating the abstract of the data, verifying the integrity of the data and preventing tampering, however, the early hash algorithm has the problems of collision, weak resistance and the like, and is not enough for an internet system with higher security requirement; 4) Digital signatures are used to verify the origin and integrity of data and to prevent tampering of the data, and conventional digital signature algorithms (e.g., RSA, DSA, etc.) have some security but have some problems in key management and performance.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a safe application method in an Internet system based on a national encryption algorithm, which solves the limitations of the traditional encryption algorithm in terms of performance and safety, and has higher safety and attack resistance.
In order to solve the technical problems, the invention adopts the following technical scheme.
The safe application method in the Internet system based on the national cryptographic algorithm comprises the following steps:
when a user logs in, an asymmetric encryption algorithm (SM 2) is utilized to generate a public-private key pair for identity verification;
encrypting the user data using a symmetric encryption algorithm (SM 4) during data transmission and storage;
generating a digital certificate by using an asymmetric encryption algorithm (SM 2) and performing certificate verification;
digitally signing said verified certificate by means of an asymmetric encryption algorithm (SM 2);
and finally, carrying out hash operation on the data by using a secure hash algorithm (SM 3), generating a data abstract, and carrying out data integrity verification.
When the asymmetric encryption algorithm is used for identity verification, the asymmetric encryption algorithm is used for generating a public-private key pair, the public key is used as the identity of the Guangdong code user, the private key signs identity information provided by the user, and when the Guangdong code user registers or logs in, the server side verifies identity authenticity of the user by verifying consistency of the signature and the public key.
According to the technical scheme, the encryption method for the user data by using the symmetric encryption algorithm is that an encryption mode suitable for internet requirements is selected according to different application scenes, a random number generator is used for generating a secret key, when the user data length is not the packet length of the SM4 algorithm, data filling is carried out, and the filled user data is encrypted by using the SM4 algorithm and the generated secret key to form a ciphertext; the ciphertext obtained and the generated key are stored.
Further optimizing the technical scheme, the encryption modes comprise ECB (electronic codebook mode), CBC (cipher block chaining mode) and CTR (counter mode).
Further optimizing the technical scheme, the data filling modes comprise PKCS#5/PKCS#7 filling and Zero Padding.
When the asymmetric encryption algorithm is used for generating the digital certificate, a pair of SM2 keys is generated, and a certificate request is created by using the generated key pair; the certificate request is submitted to a Certificate Authority (CA) for authentication and signing, and after the CA completes the authentication and signing, the generated digital certificate is returned to the requester.
Further optimizing the technical scheme, the certificate verification method comprises the following steps:
a. obtaining a certificate: first, a certificate is obtained from a trusted source;
b. extracting a public key: extracting the public key from the certificate, and ensuring the integrity and authenticity of the public key;
c. verifying the signature: verifying the signature of the certificate using the public key of the CA, ensuring that the certificate is not tampered with and is issued by the CA;
d. verification expiration date: checking the validity period of the certificate, and ensuring that the certificate is valid in the current time;
e. verifying the main body information: the subject information in the certificate is verified, ensuring that the certificate is of the intended entity.
Further optimizing the technical scheme, when the asymmetric encryption algorithm is used for digitally signing the certificate, firstly, a pair of SM2 keys are generated, the hash value of the data is calculated through the SM3 algorithm, and the private key is used for signing the data to be signed; calculating a hash value of the received data by using an SM3 algorithm, decrypting the received signature value by using a public key to obtain an original hash value, comparing the calculated hash value with the decrypted hash value, if the calculated hash value is consistent with the decrypted hash value, the digital signature is valid, otherwise, the signature is invalid.
Further optimizing the technical scheme, the method for carrying out data integrity verification by using the hash algorithm is to carry out hash calculation by using the hash algorithm, generate a hash value with a fixed length, and verify whether the data is tampered in the transmission process by comparing the hash values of the sent data and the received data.
By adopting the technical scheme, the invention has the following technical progress.
The security application method based on the national encryption algorithm in the Internet system provided by the invention provides higher security, faster encryption speed and longer key length by adopting the SM4 symmetric encryption algorithm, the SM2 asymmetric encryption algorithm and the SM3 secure hash algorithm, and provides a reliable solution for data protection and identity authentication of the Guangdong code Internet system.
Drawings
FIG. 1 is a block diagram of the structure of the present invention;
FIG. 2 is a flow chart of encrypting user data using a symmetric encryption algorithm in accordance with the present invention;
fig. 3 is a flow chart of digital signature of a certificate using an asymmetric encryption algorithm in the present invention.
Detailed Description
The invention will be described in further detail with reference to the drawings and the specific embodiments.
The security application method in the Internet system based on the national cryptographic algorithm is along with technological progress, the popularization of the mobile Internet, the life of people enters the application age of codes, and the two-dimensional codes become important carriers for government management and service. The Guangdong code is innovatively designed, is used as an application carrier for real population identity information and living information, automatically generates initial information of the code according to the application rule of the Guangdong code, realizes the use and update of the code in the application process of the bright code service, takes the national identity number and the standard address code as a combined trust root, and is connected with real population of public security authorities, real house public security management and social service management.
The Guangdong code is used as a government affair civil Internet system project, and the Guangdong code not only needs the safety guarantee on the premise of a safe, reliable and compliant deep defense system, but also needs the basic guarantee of efficient, stable and reliable system operation.
The safe application method in the Internet system based on the cryptographic algorithm, combined with FIG. 1, comprises the following steps:
when a user logs in, an asymmetric encryption algorithm (SM 2) is utilized to generate a public and private key pair for identity verification.
Firstly, a public-private key pair is generated by using SM2, the public key is used as an identity mark of a Guangdong code user and used for identity authentication and data encryption, the private key signs identity information provided by the user, and when the Guangdong code user registers or logs in, the server side verifies the identity authenticity of the user by verifying the consistency of the signature and the public key.
When a user performs identity authentication in the system, the data are signed by using a private key so as to ensure the authenticity of the identity and the integrity of the data.
During data transmission and storage, user data is encrypted using a symmetric encryption algorithm (SM 4).
The flowchart of encrypting user data using SM4 is shown in fig. 2, and the steps are as follows:
selecting an encryption mode: first, the SM4 encryption mode used is determined, and common encryption modes include ECB (electronic codebook mode), CBC (cipher block chaining mode), CTR (counter mode), and the like. Each mode has different characteristics and applicable scenes, and an encryption mode suitable for the Internet requirements is selected.
Generating a key: to encrypt and decrypt using SM4, a secure key is first generated, a random number generator is used to randomly generate a secure SM4 key, the key length being 128 bits (16 bytes).
And (3) filling data: if the user data length is not the packet length (128 bits) of the SM4 algorithm, a data padding is required. Common Padding approaches are pkcs#5/pkcs#7 Padding and Zero Padding, which can ensure that the data length is a multiple of the SM4 algorithm. Wherein the user data includes name, certificate number, phone number, etc.
Encryption: the filled user data is encrypted using the SM4 algorithm and the generated key. And dividing the data into blocks according to the selected encryption mode, and encrypting the blocks one by one to obtain encrypted ciphertext.
Storing ciphertext and a key: the ciphertext obtained and the generated key are stored in a database or other storage facility, respectively. Ciphertext is encrypted user data, and the key is used for subsequent decryption operations.
Decryption: when the original data of the user is required to be obtained, the ciphertext is decrypted by using the same key, and the obtained decryption result is the original data of the user.
Key management: the security of the key is strictly protected, the key is ensured to be only accessed by authorized users, and the key leakage and improper use are prevented.
Data transmission and storage: during data transmission and storage, a secure transmission protocol (such as HTTPS) is used to secure the transmission of ciphertext. Meanwhile, the secret key is kept properly, and data unsafe caused by secret key leakage is avoided.
The Guangdong code uses an SM3 asymmetric encryption algorithm to be mainly applied to symmetric encryption and decryption of first data, and the Guangdong code system uses an SM4 algorithm to encrypt sensitive data with high encryption and decryption efficiency requirements, so that the security of the data in the transmission and storage processes is protected. The sender encrypts the data using the key and the receiver decrypts the data using the same key, ensuring that only authorized personnel can access and decrypt the data.
A digital certificate is generated using an asymmetric encryption algorithm (SM 2) and certificate verification is performed.
The steps for generating a digital certificate using an asymmetric encryption algorithm are as follows:
generating a key pair: the Guangdong code state encryption algorithm service generates a key pair comprising a public key and a private key required by an SM2 asymmetric encryption algorithm. The public key is used for the public key portion of the digital certificate and the private key is used for subsequent signing and certificate verification.
Creating a certificate request: using the generated key pair, a certificate request is generated that contains information that needs to be contained in the digital certificate, such as a principal name, public key, etc. The certificate request is typically a file containing the public key and associated information.
Certificate issuance: the certificate request is submitted to a Certificate Authority (CA) for authentication and signing. The CA verifies the information in the request and issues a digital certificate to the requester based on the verification.
Acquiring a digital certificate: once the CA completes the verification and signing, the generated digital certificate is returned to the requestor. The digital certificate contains a public key, body information, validity period, etc., and is protected by a digital signature of the CA for proving the authenticity of the certificate.
When using a digital certificate, the validity of the certificate may be verified by:
a. obtaining a certificate: first, a certificate is obtained from a trusted source.
b. Extracting a public key: the public key is extracted from the certificate, ensuring the integrity and authenticity of the public key.
c. Verifying the signature: the signature of the certificate is verified using the public key of the CA, ensuring that the certificate is not tampered with and is issued by the CA.
d. Verification expiration date: the validity period of the certificate is checked, ensuring that the certificate is valid for the current time.
e. Verifying the main body information: the subject information in the certificate is verified, ensuring that the certificate is of the intended entity. The above-mentioned verified certificate is digitally signed by means of an asymmetric encryption algorithm (SM 2).
A flowchart of the digital signature of a certificate using an asymmetric encryption algorithm is shown in fig. 3, and the steps are as follows:
generating a key pair: a pair of SM2 keys is generated, including a public key and a private key. The public key is used to verify the digital signature and the private key is used to generate the digital signature.
Creating a digital signature: the data to be signed is signed using a private key, typically by first calculating a hash value of the data using the SM3 algorithm, and then encrypting the hash value using the private key to generate a signed value.
Verifying the digital signature: the received data and signature are verified using the public key. First, a hash value of received data is calculated using an SM3 algorithm. Then, the received signature value is decrypted by using the public key, and an original hash value is obtained. And finally, comparing the calculated hash value with the decrypted hash value, if the calculated hash value is consistent with the decrypted hash value, indicating that the digital signature is valid, otherwise, indicating that the signature is invalid.
And finally, carrying out hash operation on the data by using a secure hash algorithm (SM 3), generating a data abstract, and carrying out data integrity verification.
The Guangdong code is mainly applied to first data integrity verification by using an SM3 asymmetric encryption algorithm, in a Guangdong code system, data is subjected to hash calculation by using the SM3 algorithm, a hash value with a fixed length is generated, and whether the data is tampered in the transmission process is verified by comparing the hash values of the sent data and the received data, so that the data integrity is ensured.
Claims (9)
1. The safe application method in the Internet system based on the cryptographic algorithm is characterized in that: the method comprises the following steps:
when a user logs in, an asymmetric encryption algorithm (SM 2) is utilized to generate a public-private key pair for identity verification;
encrypting the user data using a symmetric encryption algorithm (SM 4) during data transmission and storage;
generating a digital certificate by using an asymmetric encryption algorithm (SM 2) and performing certificate verification;
digitally signing said verified certificate by means of an asymmetric encryption algorithm (SM 2);
and finally, carrying out hash operation on the data by using a secure hash algorithm (SM 3), generating a data abstract, and carrying out data integrity verification.
2. The method for safely applying the cryptographic algorithm in the internet system according to claim 1, wherein: when the asymmetric encryption algorithm is used for identity verification, a public key pair is generated by the asymmetric encryption algorithm, the public key is used as the identity of the Guangdong code user, the private key signs identity information provided by the user, and when the Guangdong code user registers or logs in, the server side verifies identity authenticity of the user by verifying consistency of the signature and the public key.
3. The method for safely applying the cryptographic algorithm in the internet system according to claim 1, wherein: the encryption method for the user data by using the symmetric encryption algorithm comprises the steps of selecting an encryption mode suitable for the Internet requirements according to different application scenes, generating a secret key by using a random number generator, filling data when the user data length is not the packet length of an SM4 algorithm, and encrypting the filled user data by using the SM4 algorithm and the generated secret key to form a ciphertext; the ciphertext obtained and the generated key are stored.
4. The method for safely applying the cryptographic algorithm in the internet system according to claim 3, wherein: the encryption modes include ECB (electronic codebook mode), CBC (cipher block chaining mode), CTR (counter mode).
5. The method for safely applying the cryptographic algorithm in the internet system according to claim 3, wherein: the data stuffing modes comprise PKCS#5/PKCS#7 stuffing and Zero Padding.
6. The method for safely applying the cryptographic algorithm in the internet system according to claim 1, wherein: when a digital certificate is generated by using an asymmetric encryption algorithm, a pair of SM2 keys is generated, and a certificate request is created by using the generated key pair; the certificate request is submitted to a Certificate Authority (CA) for authentication and signing, and after the CA completes the authentication and signing, the generated digital certificate is returned to the requester.
7. The method for safely applying the cryptographic algorithm in the internet system according to claim 1, wherein: the certificate verification method comprises the following steps:
a. obtaining a certificate: first, a certificate is obtained from a trusted source;
b. extracting a public key: extracting the public key from the certificate, and ensuring the integrity and authenticity of the public key;
c. verifying the signature: verifying the signature of the certificate using the public key of the CA, ensuring that the certificate is not tampered with and is issued by the CA;
d. verification expiration date: checking the validity period of the certificate, and ensuring that the certificate is valid in the current time;
e. verifying the main body information: the subject information in the certificate is verified, ensuring that the certificate is of the intended entity.
8. The method for safely applying the cryptographic algorithm in the internet system according to claim 1, wherein: when a digital signature is carried out on a certificate by using an asymmetric encryption algorithm, a pair of SM2 keys is generated, the hash value of data is calculated by using an SM3 algorithm, and the data to be signed is signed by using a private key; calculating a hash value of the received data by using an SM3 algorithm, decrypting the received signature value by using a public key to obtain an original hash value, comparing the calculated hash value with the decrypted hash value, if the calculated hash value is consistent with the decrypted hash value, the digital signature is valid, otherwise, the signature is invalid.
9. The method for safely applying the cryptographic algorithm in the internet system according to claim 1, wherein: the method for checking the data integrity by using the hash algorithm is to perform hash calculation by using the hash algorithm, generate a hash value with a fixed length, and verify whether the data is tampered in the transmission process by comparing the hash values of the sent and received data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311205505.7A CN117335989A (en) | 2023-09-19 | 2023-09-19 | Safety application method in internet system based on national cryptographic algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311205505.7A CN117335989A (en) | 2023-09-19 | 2023-09-19 | Safety application method in internet system based on national cryptographic algorithm |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117335989A true CN117335989A (en) | 2024-01-02 |
Family
ID=89274670
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311205505.7A Pending CN117335989A (en) | 2023-09-19 | 2023-09-19 | Safety application method in internet system based on national cryptographic algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117335989A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117714203A (en) * | 2024-01-22 | 2024-03-15 | 中国人民解放军陆军工程大学 | Method for realizing wireless security gateway |
| CN118054912A (en) * | 2024-03-30 | 2024-05-17 | 广东好易点科技有限公司 | Safety processing method for charging and changing behavior data of electric bicycle |
-
2023
- 2023-09-19 CN CN202311205505.7A patent/CN117335989A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117714203A (en) * | 2024-01-22 | 2024-03-15 | 中国人民解放军陆军工程大学 | Method for realizing wireless security gateway |
| CN117714203B (en) * | 2024-01-22 | 2024-05-31 | 中国人民解放军陆军工程大学 | Method for realizing wireless security gateway |
| CN118054912A (en) * | 2024-03-30 | 2024-05-17 | 广东好易点科技有限公司 | Safety processing method for charging and changing behavior data of electric bicycle |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109067524B (en) | Public and private key pair generation method and system | |
| RU2718689C2 (en) | Confidential communication control | |
| CA2976795C (en) | Implicitly certified digital signatures | |
| EP2291787B1 (en) | Techniques for ensuring authentication and integrity of communications | |
| CA2838322C (en) | Secure implicit certificate chaining | |
| CN110958219B (en) | SM2 proxy re-encryption method and device for medical cloud shared data | |
| CN109614802B (en) | Anti-quantum-computation signature method and signature system | |
| CN107070948A (en) | Signature and verification method based on hybrid encryption algorithm in cloud storage | |
| US20100005318A1 (en) | Process for securing data in a storage unit | |
| CN102024123B (en) | Method and device for importing mirror image of virtual machine in cloud calculation | |
| CN110955918A (en) | Contract text protection method based on RSA encrypted sha-256 digital signature | |
| CN117335989A (en) | Safety application method in internet system based on national cryptographic algorithm | |
| CN108551435B (en) | Verifiable encryption group signature method with anonymity | |
| CN114697040B (en) | Electronic signature method and system based on symmetric key | |
| CN109951276B (en) | Embedded equipment remote identity authentication method based on TPM | |
| CN102025744A (en) | Import and export system of virtual machine image in cloud computing | |
| JP2007522739A (en) | One-way authentication | |
| CN110855667B (en) | Block chain encryption method, device and system | |
| CN114692218A (en) | Electronic signature method, equipment and system for individual user | |
| CN114553416A (en) | Data encryption processing method for signature verification of application program interface | |
| CN104135368A (en) | A method for protecting data of an electronic chart | |
| CN114448641A (en) | Privacy encryption method, electronic equipment, storage medium and chip | |
| CN110572257B (en) | Identity-based data source identification method and system | |
| CN102025743A (en) | Method and device for exporting mirror image of virtual machine in cloud computing | |
| CN112671729A (en) | Internet of vehicles oriented anonymous key leakage resistant authentication method, system and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |