CN117353899A - Hybrid encryption method, device and storage medium - Google Patents
Hybrid encryption method, device and storage medium Download PDFInfo
- Publication number
- CN117353899A CN117353899A CN202311178577.7A CN202311178577A CN117353899A CN 117353899 A CN117353899 A CN 117353899A CN 202311178577 A CN202311178577 A CN 202311178577A CN 117353899 A CN117353899 A CN 117353899A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- key
- encryption
- algorithm
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000012795 verification Methods 0.000 abstract description 8
- 230000005540 biological transmission Effects 0.000 abstract description 5
- 238000004590 computer program Methods 0.000 description 11
- 238000013478 data encryption standard Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- OYPRJOBELJOOCE-UHFFFAOYSA-N Calcium Chemical compound [Ca] OYPRJOBELJOOCE-UHFFFAOYSA-N 0.000 description 1
- 230000004913 activation Effects 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 229910052791 calcium Inorganic materials 0.000 description 1
- 239000011575 calcium Substances 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 238000013496 data integrity verification Methods 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a hybrid encryption method, device and storage medium, and relates to the technical field of cryptography. The method comprises the following steps: in the first symmetric encryption, a random key prefix is adopted to construct a first key to carry out symmetric encryption on unencrypted data to obtain a first ciphertext, so that the security, encryption performance and speed of symmetric encryption are well balanced; signing the first ciphertext by adopting an asymmetric encryption algorithm and a private key in a preset key pair to obtain a data signature, utilizing the key distribution characteristic and the security of asymmetric encryption, and ensuring the data integrity and the source verification; and (3) performing second symmetric encryption on a second ciphertext obtained by splicing the random key prefix, the first ciphertext and the data signature by adopting a preset second key to obtain a target ciphertext, wherein the multiple encryption realizes efficient and safe data protection. Based on the method, the advantages of symmetric encryption and asymmetric encryption are mixed, and the safety and the transmission efficiency of data encryption are comprehensively improved.
Description
Technical Field
The present disclosure relates to the field of cryptography, and in particular, to a hybrid encryption method, device, and storage medium.
Background
The symmetric encryption (Symmetric Cryptography) algorithm has the advantages of relatively high encryption speed, wide application and good compatibility. However, key management is difficult, special management measures are required to ensure the security of the key, and in some cases, an attacker can implement an attack by replaying encrypted data. The asymmetric encryption algorithm uses different keys for encryption and decryption, provides better security, is applicable to key distribution problems, and can be used for digital signature, data integrity verification and source authentication. But the computational complexity is higher and more time consuming, especially when handling large messages, and the key length is typically longer (e.g. 2048 bits or more) in order to provide sufficient security, adding to the burden of storing and transmitting the keys.
Therefore, how to combine the advantages of two algorithms to perform hybrid encryption and comprehensively improve the security and transmission efficiency of data encryption is a problem to be solved.
Disclosure of Invention
The application provides a hybrid encryption method, device and storage medium, which can combine the advantages of a symmetric encryption algorithm and an asymmetric encryption algorithm to perform hybrid encryption, thereby comprehensively improving the security and transmission efficiency of data encryption.
To achieve the above object, in a first aspect, the present application provides a hybrid encryption method, including:
s1, symmetrically encrypting unencrypted data by adopting a given first symmetrical encryption algorithm and a first key to obtain a first ciphertext, wherein the first key comprises a random key prefix with a preset length;
s2, signing the first ciphertext by adopting a given asymmetric encryption algorithm and a private key in a preset key pair to obtain a data signature;
s3, splicing the random key prefix, the first ciphertext and the data signature to obtain a second ciphertext;
s4, symmetrically encrypting the second ciphertext by adopting a given second symmetrical encryption algorithm and a preset second key to obtain a target ciphertext.
In one possible embodiment, before the step S1, the method further includes:
generating a random key prefix with a preset length according to a preset key generation rule;
and combining the random key prefix and the fixed suffix character string to generate the first key.
In one possible implementation, the given asymmetric encryption algorithm is the SHA256withRSA algorithm, and the step S2 includes:
generating a summary of the first ciphertext by adopting an SHA256withRSA algorithm;
and carrying out asymmetric encryption on the abstract according to a private key in the preset key pair, and encoding an encryption result by using a Base64 encoding algorithm to obtain the data signature in a character string format.
In one possible implementation, the given first symmetric encryption algorithm is the advanced encryption standard AES algorithm.
In one possible implementation, the first symmetric encryption algorithm and the second symmetric encryption algorithm are different symmetric encryption algorithms.
In one possible implementation, the process of decrypting the target ciphertext includes:
decrypting the target ciphertext by adopting the second symmetric encryption algorithm and the second key to obtain a second ciphertext;
splitting the second ciphertext into a random key prefix, a first ciphertext and a data signature according to a preset ciphertext format;
verifying the first ciphertext by adopting the asymmetric encryption algorithm, the public key in the preset key pair and the data signature;
constructing a first key according to the random key prefix when the first ciphertext is verified;
and decrypting the first ciphertext by adopting the first symmetric encryption algorithm and the first key to obtain the unencrypted data.
In a second aspect, there is provided a computing device comprising a memory and a processor, the memory storing at least one program, the at least one program being executable by the processor to implement a hybrid encryption method as provided in the first aspect.
In a third aspect, there is provided a computer-readable storage medium having stored therein at least one program that is executed by a processor to implement the hybrid encryption method as provided in the first aspect.
The technical scheme provided by the application at least comprises the following technical effects:
in the first symmetric encryption, a random key prefix is adopted to construct a first key to carry out symmetric encryption on unencrypted data to obtain a first ciphertext, so that the security, encryption performance and speed of symmetric encryption are well balanced; signing the first ciphertext by adopting an asymmetric encryption algorithm and a private key in a preset key pair to obtain a data signature, utilizing the key distribution characteristic and the security of asymmetric encryption, and ensuring the data integrity and the source verification; and (3) performing second symmetric encryption on a second ciphertext obtained by splicing the random key prefix, the first ciphertext and the data signature by adopting a preset second key to obtain a target ciphertext, wherein the multiple encryption realizes efficient and safe data protection. Based on the method, the advantages of symmetric encryption and asymmetric encryption are mixed, and the safety and the transmission efficiency of data encryption are comprehensively improved.
Drawings
FIG. 1 is a flow chart of a hybrid encryption method provided herein according to an exemplary embodiment;
FIG. 2 is a flow chart of another hybrid encryption method provided herein in accordance with an exemplary embodiment;
fig. 3 is a schematic hardware structure of a computing device according to an exemplary embodiment provided in the present application.
Detailed Description
To further illustrate the embodiments, the present application provides the accompanying drawings. The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate embodiments and together with the description, serve to explain the principles of the embodiments. With reference to these matters, one of ordinary skill in the art would understand other possible embodiments and the advantages of the present application. The components in the figures are not drawn to scale and like reference numerals are generally used to designate like components. The term "at least one" means one or more, and the term "plurality" means two or more.
The present application will now be further described with reference to the drawings and detailed description.
The hybrid encryption method provided by the application can be performed by any computing device. The computing device may be a server, a server cluster formed by a plurality of physical servers, a distributed file system, or a cloud server cluster for providing cloud storage, cloud services, cloud databases, cloud computing, cloud functions, network services, cloud communication, middleware services, domain name services, security services, a content delivery network (content delivery network, CDN), basic cloud computing services such as big data and an artificial intelligence platform, which is not limited in this application.
In the embodiment of the application, the computing device executing the hybrid encryption method is used as the server, and can provide data encryption service for any client. The client may be, for example, a terminal device used by a user, and the computing device is a server providing data encryption services for the client. The user transmits unencrypted data to the server through the terminal equipment, and the server executes the hybrid encryption method provided by the application to obtain the encrypted target ciphertext and returns the encrypted target ciphertext to the terminal equipment.
In one possible implementation, the computing device may further implement a richer functional service based on providing data encryption services, for example, providing a user with services that require data security, such as authentication, activation, or registration.
The hybrid encryption method provided by the embodiment of the application is used for encrypting the data transmitted by the client, and the encryption process comprises the following steps: performing first symmetric encryption by using a random key (a first key containing a random key prefix); generating a signature by using an asymmetric encryption algorithm; the benefit-fixed key is encrypted symmetrically for the second time.
The hybrid encryption method provided in the present application is described in detail below.
Fig. 1 is a schematic flow chart of a hybrid encryption method provided in the present application. Referring to fig. 1, the hybrid encryption method provided in the embodiment of the present application includes the following steps S1 to S4, which are executed by the above-mentioned computing device.
S1, symmetrically encrypting unencrypted data by adopting a given first symmetrical encryption algorithm and a first secret key to obtain a first ciphertext.
The unencrypted data may be any data sent by the user, such as a user account, a password, or identity information.
In the present embodiment, the given first symmetric encryption algorithm is an advanced encryption standard (Advanced Encryption Standard, AES) algorithm. Of course, other predetermined symmetric encryption algorithms are also possible, such as, for example, the data encryption standard (Data Encryption Standard, DES) algorithm, the national encryption algorithm (SM 1) or 3DES, and the like, and the present application is not limited thereto.
Optionally, the computing device receives the unencrypted data, performs non-null verification on the unencrypted data, and performs subsequent encryption flow when the unencrypted data is non-null.
Wherein the first key comprises a random key prefix of a preset length. After receiving the unencrypted data of the client, the computing device generates a first key through the following steps 1 and 2 before executing the present step S1.
Step 1, generating a random key prefix with a preset length according to a preset key generation rule.
Taking the AES algorithm as an example of the first symmetric encryption algorithm, in one possible implementation, the computing device randomly generates an AE S random key prefix with a preset length, denoted as aesKeyPrefix, using a predefined character rule. The predetermined length is, for example, 16 bits. The character rules may include: character types, e.g., letters, numbers, special symbols (e.g., + = | # $% # & x), etc.; the character rules also include combinations of each character type, e.g., 16-bit AES random key prefix, 0-7 bits are letters, 8-11 bits are digits, and 12-15 bits are special symbols.
In one possible implementation, the preset key generation rule includes a random number generator, and the computing device generates the random key prefix using the secure random number generator.
In other possible implementations, the pre-set key generation rules include a PKCS5Padding algorithm. The key may be padded to a preset length by a PKCS5Padding algorithm to prevent Padding related attacks, such as a bit-filling attack (Padding oracle attack).
And 2, combining the random key prefix and the fixed suffix character string to generate a first key.
In the embodiment of the application, after generating the random key prefix, a preconfigured AES suffix character string is obtained, and the random key prefix aesKeyPrefix and the suffix character string are spliced to form a complete AES first key, which is denoted aesKey.
In one possible implementation, the random key prefix and the fixed suffix string are stored in a secure keystore. Optionally, the computing device periodically updates the stored fixed suffix string and the randomly generated key prefix to increase security.
Illustratively, the unencrypted data is denoted as payload, the first symmetric encryption algorithm is denoted as aesEnc, and the first ciphertext is denoted as encryptedPayload. Specifically, in the process of executing the step S1, the computing device first creates an AES object according to the first key, denoted aesEnc; and encrypting the unencrypted data (payload) by using the AES object, and acquiring the encrypted content in a Base64 coding mode to obtain an AES first ciphertext which is marked as an encrypted payload. The encryption process is recorded as follows: aesEnc (payload).
According to the technical scheme, a part of the generated first key is generated randomly, the other part of the generated first key is fixedly arranged in the encryption system, encryption safety can be guaranteed by the randomly generated key prefix, and encryption performance and speed can be improved by the fixedly arranged key suffix character string, so that symmetric encryption safety, encryption performance and speed can be well balanced.
S2, signing the first ciphertext by adopting a given asymmetric encryption algorithm and a private key in a preset key pair to obtain a data signature.
In the embodiment of the present application, the given asymmetric encryption algorithm is the SHA256withRSA algorithm. Of course, other signature algorithms using asymmetric encryption implementation are also possible, and the application is not limited thereto.
In one possible implementation, step S2 includes:
s21, generating a summary of the first ciphertext by adopting an SHA256withRSA algorithm.
S22, carrying out asymmetric encryption on the abstract according to a private key in a preset key pair, and encoding an encryption result by using a Base64 encoding algorithm to obtain a data signature in a character string format.
Specifically, in executing the process of steps S21-S22, the computing device creates a signature object sign based on the given SHA256withRSA algorithm and a threshold key pair (including a private key and a public key) corresponding to the calcium algorithm, performs a signature operation on the byte array of the first ciphertext encryption payload by using the signature object, and represents the signed byte array signature by using a Base64 encoding algorithm to obtain the data signature in the character string format. Illustratively, the process of generating a signature by a signature object includes: generating a summary by using an SHA256 algorithm; and carrying out asymmetric encryption on the abstract by utilizing an RSA algorithm and a private key.
By the technical scheme, the signature of the ciphertext is generated by utilizing the key distribution characteristic and the security of asymmetric encryption, so that the security of data is ensured, the integrity of the data is ensured, and the source verification is realized.
And S3, splicing the random key prefix, the first ciphertext and the data signature to obtain a second ciphertext.
In the embodiment of the application, the second ciphertext can be obtained by performing string concatenation on the AES random key prefix in the string format, the first ciphertext (encrypted payload) and the data signature.
Illustratively, the ciphertext format of the second ciphertext is represented as:
$16bytesAesKeyPrefix_$aesEnc(payload)_$rasSign($aesEnc(payload))
wherein $16byte esaeskeyprefix represents an AES random key prefix of 16 bits length; aesEnc (payload) the first ciphertext encrypted by the first symmetric encryption algorithm; rasSign ($ aesEnc (payload)) represents the data signature obtained with an asymmetric encryption algorithm. Special symbols $ are used to divide the various ciphertext portions.
S4, symmetrically encrypting the second ciphertext by adopting a given second symmetrical encryption algorithm and a preset second key to obtain a target ciphertext.
In the embodiment of the present application, the first symmetric encryption algorithm and the second symmetric encryption algorithm may be the same symmetric encryption algorithm, for example, AES algorithm, and may be different in specific parameter configuration.
In one possible implementation, the first symmetric encryption algorithm and the second symmetric encryption algorithm are different symmetric encryption algorithms. Based on this, more complex multiple encryption combinations can be implemented to promote the security of hybrid encryption.
Illustratively, the ciphertext format of the final target ciphertext corresponds to the ciphertext format of the second ciphertext, expressed as:
$16bytesAesKeyPrefix_$aesEnc(payload)_$rasSign($aesEnc(payload))。
in one possible implementation manner, in the process of executing the step S4, the computing device first creates an AES object according to a preset second key; and then encrypting the second ciphertext by using the AES object, and acquiring the encrypted content in a Base64 coding mode to obtain the AES target ciphertext. Optionally, the computing device returns the target ciphertext to the client.
For a better understanding of the foregoing embodiments and various possible implementations thereof, the present application provides a flow diagram of a hybrid encryption method according to an exemplary embodiment, see fig. 2. And after receiving the unencrypted data transmitted by the client, the computing equipment performs non-null verification, and performs a subsequent encryption process under the condition that the unencrypted data is non-null. The encryption flow comprises: generating an AES random key prefix, and generating an AES first key according to the random key prefix; encrypting the unencrypted data by using the AES first key, and obtaining a first ciphertext; generating a data signature of the first ciphertext through asymmetric encryption; and encrypting the second ciphertext by using the AES second key to obtain a target ciphertext, and ending the encryption process.
Further, in the embodiment of the present application, the process of decrypting the target ciphertext is the inverse process of the step S1-step S4. Illustratively, the decryption process includes steps a through E described below, which are performed by any computing device, which may be the computing device responsible for encryption, or may be another computing device that holds related data, including preset keys, ciphertext formats, and the like.
And step A, decrypting the target ciphertext by adopting a second symmetric encryption algorithm and a preset second key to obtain a second ciphertext.
And B, splitting the second ciphertext into a random key prefix, a first ciphertext and a data signature according to a preset ciphertext format. The ciphertext format was described with reference to the foregoing.
And C, verifying the first ciphertext by adopting an asymmetric encryption algorithm and a public key and a data signature in a preset key pair.
Wherein the public key of the preset key pair may be held by a client or computing device having decryption rights.
And D, under the condition that the first ciphertext verification is passed, constructing a first key according to the random key prefix.
Illustratively, the same procedure as steps S21-S22 is adopted, the digest of the first ciphertext is signed with the public key to obtain a signature result, and if the signature result is consistent with the data signature in the second ciphertext, the verification is passed.
And E, decrypting the first ciphertext by adopting a first symmetric encryption algorithm and a first secret key to obtain unencrypted data.
In the technical scheme, a first key is constructed by adopting a random key prefix to carry out symmetric encryption on unencrypted data, so that the security, encryption performance and speed of symmetric encryption are well balanced; the data is signed by adopting an asymmetric encryption algorithm, the key distribution characteristic and the security of asymmetric encryption are utilized, and the data integrity and the source verification are ensured; and (3) performing second symmetric encryption on a second ciphertext obtained by splicing the random key prefix, the first ciphertext and the data signature by adopting a preset second key to obtain a target ciphertext, wherein the multiple encryption realizes efficient and safe data protection. Based on the method, the advantages of symmetric encryption and asymmetric encryption are mixed, and the safety and the transmission efficiency of data encryption are comprehensively improved.
Further, the first symmetric encryption algorithm and the second symmetric encryption algorithm are different symmetric encryption algorithms. Based on this, more complex multiple encryption combinations can be implemented to promote the security of hybrid encryption.
The hybrid encryption method provided by the application can be executed by a computing device. Fig. 3 is a schematic hardware structure of a computing device provided in an embodiment of the present application, where, as shown in fig. 3, the computing device includes a processor 301, a memory 302, a bus 303, and a computer program stored in the memory 302 and capable of running on the processor 301, where the processor 301 includes one or more processing cores, the memory 302 is connected to the processor 301 through the bus 303, and the memory 302 is used to store program instructions, and when the processor executes the computer program, the processor implements all or part of the steps in the above hybrid encryption method embodiments provided in the present application.
Further, as an executable scheme, the computing device may be a computer unit, and the computer unit may be a computing device such as a desktop computer, a notebook computer, a palm computer, and a cloud server. The computer unit may include, but is not limited to, a processor, a memory. It will be appreciated by those skilled in the art that the constituent structures of the computer unit described above are merely examples of the computer unit and are not limiting, and may include more or fewer components than those described above, or may combine certain components, or different components. For example, the computer unit may further include an input/output device, a network access device, a bus, etc., which is not limited in this embodiment of the present application.
Further, as an implementation, the processor may be a central processing unit (Central Processing Unit, CPU), other general purpose processor, digital signal processor (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like that is a control center of the computer unit, connecting various parts of the entire computer unit using various interfaces and lines.
The memory may be used to store the computer program and/or modules, and the processor may implement the various functions of the computer unit by running or executing the computer program and/or modules stored in the memory, and invoking data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, at least one application program required for a function; the storage data area may store data created according to the use of the cellular phone, etc. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart Media Card (SMC), secure Digital (SD) Card, flash Card (Flash Card), at least one disk storage device, flash memory device, or other volatile solid-state storage device.
The present application also provides a computer readable storage medium storing a computer program which, when executed by a processor, implements the steps of the hybrid encryption method provided by the embodiments of the present application.
The modules/units integrated with the computer unit may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as separate products. Based on such understanding, the present application implements all or part of the flow in the hybrid encryption method provided in the above embodiment, or may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and the computer program may implement the steps of each method embodiment described above when executed by a processor. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a software distribution medium, and so forth. It should be noted that the content of the computer readable medium can be appropriately increased or decreased according to the requirements of the legislation and the patent practice in the jurisdiction.
While this application has been particularly shown and described with references to preferred embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the application as defined by the appended claims.
Claims (8)
1. A hybrid encryption method, the method comprising:
s1, symmetrically encrypting unencrypted data by adopting a given first symmetrical encryption algorithm and a first key to obtain a first ciphertext, wherein the first key comprises a random key prefix with a preset length;
s2, signing the first ciphertext by adopting a given asymmetric encryption algorithm and a private key in a preset key pair to obtain a data signature;
s3, splicing the random key prefix, the first ciphertext and the data signature to obtain a second ciphertext;
s4, symmetrically encrypting the second ciphertext by adopting a given second symmetrical encryption algorithm and a preset second key to obtain a target ciphertext.
2. The hybrid encryption method as recited in claim 1, wherein before the step S1, the method further comprises:
generating a random key prefix with a preset length according to a preset key generation rule;
and combining the random key prefix and the fixed suffix character string to generate the first key.
3. The hybrid encryption method according to claim 1, wherein the given asymmetric encryption algorithm is the SHA256withRSA algorithm, and the step S2 comprises:
generating a summary of the first ciphertext by adopting an SHA256withRSA algorithm;
and carrying out asymmetric encryption on the abstract according to a private key in the preset key pair, and encoding an encryption result by using a Base64 encoding algorithm to obtain the data signature in a character string format.
4. The hybrid encryption method of claim 1, wherein the given first symmetric encryption algorithm is an advanced encryption standard AES algorithm.
5. The hybrid encryption method of claim 1, wherein the first symmetric encryption algorithm and the second symmetric encryption algorithm are different symmetric encryption algorithms.
6. The hybrid encryption method of claim 1, wherein decrypting the target ciphertext comprises:
decrypting the target ciphertext by adopting the second symmetric encryption algorithm and the second key to obtain a second ciphertext;
splitting the second ciphertext into a random key prefix, a first ciphertext and a data signature according to a preset ciphertext format;
verifying the first ciphertext by adopting the asymmetric encryption algorithm, the public key in the preset key pair and the data signature;
constructing a first key according to the random key prefix when the first ciphertext is verified;
and decrypting the first ciphertext by adopting the first symmetric encryption algorithm and the first key to obtain the unencrypted data.
7. A computing device comprising a memory and a processor, the memory storing at least one program, the at least one program being executable by the processor to implement the hybrid encryption method of any one of claims 1 to 6.
8. A computer-readable storage medium, characterized in that at least one section of a program is stored in the storage medium, the at least one section of the program being executed by a processor to implement the hybrid encryption method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311178577.7A CN117353899A (en) | 2023-09-13 | 2023-09-13 | Hybrid encryption method, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311178577.7A CN117353899A (en) | 2023-09-13 | 2023-09-13 | Hybrid encryption method, device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117353899A true CN117353899A (en) | 2024-01-05 |
Family
ID=89356497
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311178577.7A Pending CN117353899A (en) | 2023-09-13 | 2023-09-13 | Hybrid encryption method, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117353899A (en) |
-
2023
- 2023-09-13 CN CN202311178577.7A patent/CN117353899A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111095256B (en) | Securely executing smart contract operations in a trusted execution environment | |
| US10785019B2 (en) | Data transmission method and apparatus | |
| US11930103B2 (en) | Method, user device, management device, storage medium and computer program product for key management | |
| CN102377564B (en) | Method and device for encrypting private key | |
| US10880100B2 (en) | Apparatus and method for certificate enrollment | |
| US20140195804A1 (en) | Techniques for secure data exchange | |
| CN112202754B (en) | Data encryption method and device, electronic equipment and storage medium | |
| US10826694B2 (en) | Method for leakage-resilient distributed function evaluation with CPU-enclaves | |
| CN105306194B (en) | For encrypted file and/or the multiple encryption method and system of communications protocol | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| CN112740615A (en) | Multi-party computed key management | |
| US20140237252A1 (en) | Techniques for validating data exchange | |
| CN111859435B (en) | Data security processing method and device | |
| CN111181944B (en) | Communication system, information distribution method, device, medium, and apparatus | |
| CN114553590A (en) | Data transmission method and related equipment | |
| CN115913672A (en) | Electronic file encryption transmission method, system, terminal equipment and computer medium | |
| US20140237239A1 (en) | Techniques for validating cryptographic applications | |
| CN115603907A (en) | Method, device, equipment and storage medium for encrypting storage data | |
| Ramesh et al. | Secure data storage in cloud: an e-stream cipher-based secure and dynamic updation policy | |
| CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
| CN114143098B (en) | Data storage method and data storage device | |
| CN116318784A (en) | Identity authentication method, identity authentication device, computer equipment and storage medium | |
| CN117353899A (en) | Hybrid encryption method, device and storage medium | |
| Du et al. | The applications of blockchain in the covert communication | |
| CN114430549A (en) | White box encryption and decryption method and device suitable for wireless communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |