CN117675207A - Encryption mode determining method, device, electronic equipment and readable storage medium - Google Patents
Encryption mode determining method, device, electronic equipment and readable storage medium Download PDFInfo
- Publication number
- CN117675207A CN117675207A CN202311625945.8A CN202311625945A CN117675207A CN 117675207 A CN117675207 A CN 117675207A CN 202311625945 A CN202311625945 A CN 202311625945A CN 117675207 A CN117675207 A CN 117675207A
- Authority
- CN
- China
- Prior art keywords
- encryption
- updated
- configuration information
- node
- mode
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000013507 mapping Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 8
- 230000008859 change Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides an encryption mode determining method, an encryption mode determining device, electronic equipment and a readable storage medium, wherein the method comprises the following steps: in a plurality of nodes in a micro-service system, each node acquires and analyzes corresponding configuration information from a configuration center; each node determines the corresponding encryption mode based on the analyzed encryption identification and the encryption type name so as to switch. The application can realize flexible switching among different kinds of encryption modes in the micro-service project, and enhances the flexibility of switching among different kinds of encryption modes and the expandability of the encryption modes.
Description
Technical Field
The embodiment of the application relates to the technical field of internet, in particular to an encryption mode determining method, an encryption mode determining device, electronic equipment and a readable storage medium.
Background
When running micro-service items in different environments, encryption regulations in different countries or regions need to be met, but the encryption of micro-services is usually hard-coded into the core code of the application. Therefore, when switching encryption modes, the code needs to be modified, which may cause instability or errors of the application program, and also reduce the flexibility of switching and the expandability of the encryption modes.
Disclosure of Invention
In order to solve the technical problems, embodiments of the present application provide an encryption method determining method, an encryption/decryption device, an electronic device, and a storage medium.
In a first aspect of the present application, there is provided an encryption mode switching method, including:
in a plurality of nodes in a micro-service system, each node acquires and analyzes corresponding configuration information from a configuration center, wherein the configuration center is pre-configured with a plurality of configuration information, and the configuration information comprises an encryption identifier and an encryption type name;
each node determines the corresponding encryption mode based on the analyzed encryption identification and the encryption type name so as to switch.
In one possible implementation, the method further includes:
after the configuration information corresponding to a certain node is updated, the node acquires and analyzes the updated configuration information corresponding to the node from a configuration center, wherein the updated configuration information comprises an updated encryption identifier and an updated encryption type name;
and determining an encryption mode corresponding to the node based on the updated encryption identification obtained through analysis and the updated encryption type name so as to switch.
In one possible implementation, the method further includes:
after determining the encryption mode, mapping the encryption mode to a corresponding encryption algorithm module.
In one possible implementation, the different encryption algorithm modules are independent of each other.
In a second aspect of the present application, an encryption mode switching apparatus is provided, which is applied to a node in a micro service system, and includes:
the acquisition and analysis module is used for acquiring and analyzing the corresponding configuration information from the configuration center, wherein the configuration center is pre-configured with a plurality of configuration information, and the configuration information comprises an encryption identifier and an encryption type name;
and the mode determining module is used for determining the corresponding encryption mode based on the analyzed encryption identification and the encryption type name so as to switch.
In one possible implementation manner, the acquiring and analyzing module is further configured to acquire and analyze updated configuration information corresponding to the node from the configuration center after the configuration information corresponding to the deployed node is updated, where the updated configuration information includes an updated encryption identifier and an updated encryption type name;
the mode determining module is further configured to determine an encryption mode corresponding to the node based on the updated encryption identifier and the updated encryption type name obtained by parsing, so as to switch.
In one possible implementation, the method further includes: and the algorithm mapping module is used for mapping the encryption mode to a corresponding encryption algorithm module after the encryption mode is determined.
In one possible implementation, the different encryption algorithm modules are independent of each other.
In a third aspect of the present application, there is provided an electronic device comprising a memory and a processor, the memory having stored thereon a computer program, the processor implementing the encryption mode determining method according to any one of the first aspects when executing the computer program.
In a fourth aspect of the present application, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the encryption mode determination method according to any one of the first aspects.
In the encryption mode determining method, the device, the electronic equipment and the readable storage medium provided by the embodiment of the application, in a plurality of nodes in a micro service system, each node acquires and analyzes corresponding configuration information from a configuration center, the configuration center is pre-configured with various configuration information, and the configuration information comprises an encryption identifier and an encryption type name; each node determines the corresponding encryption mode based on the obtained encryption identification and the encryption type name by analysis to switch, and by adopting the mode, flexible switching among different types of encryption modes can be realized in a micro service project. Meanwhile, when the encryption mode needs to be expanded, the configuration information can be configured to expand, so that the expandability of the encryption mode is enhanced.
It should be understood that the description in this summary is not intended to limit key or critical features of embodiments of the present application, nor is it intended to be used to limit the scope of the present application. Other features of the present application will become apparent from the description that follows.
Drawings
The above and other features, advantages and aspects of embodiments of the present application will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. In the drawings, wherein like or similar reference numerals denote like or similar elements, in which:
FIG. 1 shows a flow chart of an encryption mode switching method according to an embodiment of the present application;
fig. 2 shows a block diagram of an encryption mode switching apparatus according to an embodiment of the present application;
fig. 3 shows a schematic structural diagram of an electronic device suitable for implementing embodiments of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
In the related art, the encryption mode of the micro service is usually hard-coded into the core code of the application program, and the encryption mode of the micro service system needs to meet encryption regulations of different countries or regions, so that the micro service system needs to be flexibly switched, but when the encryption mode is switched, the core code needs to be directly modified, which may cause instability or errors of the application program, and also makes the switching flexibility poor.
Therefore, the embodiment of the application provides an encryption mode determining method, which can realize flexible switching on the premise of meeting encryption regulations of different countries or regions without modifying core codes of application programs.
The authentication mode determination method is further described below in connection with one or more embodiments of the present specification.
First, a system architecture according to an embodiment of the present application will be described. It should be noted that, the system architecture and the service scenario described in the embodiments of the present application are for more clearly describing the technical solution of the embodiments of the present application, and do not constitute a limitation to the technical solution provided in the embodiments of the present application, and those skilled in the art can know that, with the evolution of the network architecture and the appearance of the new service scenario, the technical solution provided in the embodiments of the present application is equally applicable to similar technical problems.
In some embodiments, a system according to an embodiment of the present application includes a plurality of nodes, where a node may be a cloud server that provides basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, and local servers. The nodes may be connected independently, directly or indirectly through wired or wireless communication.
For example, each of the plurality of nodes has at least one application program deployed thereon, and since one node is typically deployed in the same region or country, the encryption manner adopted by the applications deployed on the same node is the same, and thus, an application program deployed on one node will be described below as an example.
For the embodiment of the present application, an encryption/decryption device with complete configuration may be deployed on each node, and the encryption mode is switched by using the encryption/decryption device, or each node itself has a function of switching the encryption mode, which is not limited to the embodiment of the present application.
For example, the encryptor may be implemented by the following code:
the encryption scheme switching method is further described below in connection with one or more embodiments of the present specification.
Fig. 1 shows a flowchart of an encryption scheme switching method according to an embodiment of the present application. Referring to fig. 1, the encryption mode determining method includes the steps of:
step 101, in a plurality of nodes in the micro service system, each node obtains and analyzes the corresponding configuration information from the configuration center.
Step 102, each node determines the corresponding encryption mode based on the analyzed encryption identification and encryption type name to switch.
The configuration center may be configured with a plurality of configuration information, and each configuration information may include an encryption identification and an encryption type name.
Taking two modes of encryption including an international encryption mode and a national encryption SM encryption mode as examples, the configuration information can be identified as follows:
encryption identification:
bwpaas.encryptor.pwd-type=bcrypt;
encryption type name:
bwpas. Encrypter-type=isa; or,
bwpaas.encryptor.encryptor-type=SM;
wherein, ISA represents international encryption mode, SM represents national encryption SM encryption mode.
For the embodiment of the application, when the application program is started, the node in the micro-service system can acquire and analyze the configuration information from the configuration center by adopting the encryption and decryption device, and determine the corresponding encryption mode based on the encryption identification and the encryption type name obtained by analysis so as to switch; after receiving the user instruction, the node in the micro-service system can acquire and analyze the configuration information from the configuration center by adopting the encryption and decryption device, and determine the corresponding encryption mode based on the analyzed encryption identification and encryption type name so as to switch.
It should be noted that the configuration items are preconfigured in the configuration center. In one implementation, the encryption scheme may be identified in a manner that defines an enumeration value. Taking two encryption modes including an international encryption mode and a national encryption SM encryption mode as examples, the method for identifying the encryption mode by adopting an enumeration value mode is as follows:
it should be noted that the foregoing examples are merely for illustrating the embodiments of the present application, and are not intended to limit the number and types of encryption modes in the embodiments of the present application.
In the embodiment of the application, in a plurality of nodes in a micro-service system, each node acquires and analyzes corresponding configuration information from a configuration center, the configuration center is pre-configured with a plurality of configuration information, and the configuration information comprises an encryption identifier and an encryption type name; each node determines the corresponding encryption mode based on the obtained encryption identification and the encryption type name by analysis to switch, and by adopting the mode, flexible switching among different types of encryption modes can be realized in a micro service project. Meanwhile, when the encryption mode needs to be expanded, the configuration information can be configured to expand, so that the expandability of the encryption mode is enhanced.
Further, since encryption regulations in different regions or countries may change, in order to ensure that after the encryption regulations in different regions or countries change, the encryption manner adopted by the node deployed in the local area can change according to the changes of the regulations, the following steps a (not shown in the figure) and b (not shown in the figure) may be adopted.
And a, after the configuration information corresponding to a certain node is updated, the node acquires and analyzes the updated configuration information corresponding to the node from a configuration center, wherein the updated configuration information comprises an updated encryption identifier and an updated encryption type name.
And b, determining an encryption mode corresponding to the node based on the updated encryption identification and the updated encryption type name obtained through analysis so as to switch.
It should be noted that, after the configuration information is updated, the manner of determining the encryption manner based on the updated configuration information is the same as that in the above embodiment, and will not be described herein again.
Further, after determining the encryption mode, the encryption mode needs to be mapped to a corresponding encryption algorithm module to call a corresponding encryption algorithm to encrypt the sensitive data, the connection database information or the API interface information. The different encryption algorithm modules are mutually independent, and the design mode is beneficial to reducing the maintenance cost and the maintenance complexity, and further improves the maintainability and the expansibility of the system.
For example, mapping the encryption manner to the corresponding encryption algorithm module to invoke the corresponding encryption algorithm may be implemented by:
/>
it should be noted that, for simplicity of description, the foregoing method embodiments are all expressed as a series of action combinations, but it should be understood by those skilled in the art that the present application is not limited by the order of actions described, as some steps may be performed in other order or simultaneously in accordance with the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all alternative embodiments, and that the acts and modules referred to are not necessarily required in the present application.
The foregoing is a description of embodiments of the method, and the following further describes embodiments of the device.
Fig. 2 shows a block diagram of an encryption mode switching apparatus according to an embodiment of the present application. In some embodiments, the encryption switching device may be applied to a node in the micro service system. Referring to fig. 2, the encryption mode switching apparatus includes:
the obtaining and analyzing module 201 is configured to obtain and analyze corresponding configuration information from a configuration center, where the configuration center is preconfigured with multiple configuration information, and the configuration information includes an encryption identifier and an encryption type name.
The manner determining module 202 is configured to determine, based on the parsed encrypted identifier and the encrypted type name, a corresponding encryption manner for switching.
In some embodiments, the obtaining parsing module 201 is further configured to obtain and parse updated configuration information corresponding to the node from the configuration center after the configuration information corresponding to the node deployed by the node is updated, where the updated configuration information includes an updated encryption identifier and an updated encryption type name; the mode determining module 202 is further configured to determine, based on the updated encryption identifier and the updated encryption type name obtained by parsing, an encryption mode corresponding to the node for switching.
In some embodiments, the encryption mode switching apparatus further includes: and the algorithm mapping module is used for mapping the encryption mode to a corresponding encryption algorithm module after the encryption mode is determined.
In some embodiments, different encryption algorithm modules are independent of each other.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the described modules may refer to corresponding procedures in the foregoing method embodiments, which are not described herein again.
In an embodiment of the present application, as shown in fig. 3, an electronic device 300 shown in fig. 3 includes: a processor 301 and a memory 303. Wherein the processor 301 is coupled to the memory 303, such as via a bus 302. Optionally, the electronic device 300 may also include a transceiver 304. It should be noted that, in practical applications, the transceiver 304 is not limited to one, and the structure of the electronic device 300 is not limited to the embodiment of the present application.
The processor 301 may be a CPU (Central Processing Unit ), general purpose processor, DSP (Digital Signal Processor, data signal processor), ASIC (Application Specific Integrated Circuit ), FPGA (Field Programmable Gate Array, field programmable gate array) or other programmable logic device, transistor logic device, hardware components, or any combination thereof. Which may implement or perform the various exemplary logic blocks, modules, and circuits described in connection with this disclosure. Processor 301 may also be a combination that implements computing functionality, e.g., comprising one or more microprocessor combinations, a combination of a DSP and a microprocessor, etc.
Bus 302 may include a path to transfer information between the components. Bus 302 may be a PCI (Peripheral Component Interconnect, peripheral component interconnect Standard) bus or an EISA (Extended Industry Standard Architecture ) bus, or the like. Bus 302 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in fig. 3, but not only one bus or one type of bus.
The Memory 303 may be, but is not limited to, a ROM (Read Only Memory) or other type of static storage device that can store static information and instructions, a RAM (Random Access Memory ) or other type of dynamic storage device that can store information and instructions, an EEPROM (Electrically Erasable Programmable Read Only Memory ), a CD-ROM (Compact Disc Read Only Memory, compact disc Read Only Memory) or other optical disk storage, optical disk storage (including compact discs, laser discs, optical discs, digital versatile discs, blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
The memory 303 is used for storing application program codes for executing the present application and is controlled to be executed by the processor 301. The processor 301 is configured to execute the application code stored in the memory 303 to implement what is shown in the foregoing method embodiments.
Among them, electronic devices include, but are not limited to: mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., in-vehicle navigation terminals), and the like, and stationary terminals such as digital TVs, desktop computers, and the like. The electronic device shown in fig. 3 is only an example and should not be construed as limiting the functionality and scope of use of the embodiments herein.
The present application provides a computer readable storage medium having a computer program stored thereon, which when run on a computer, causes the computer to perform the corresponding method embodiments described above.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited in order and may be performed in other orders, unless explicitly stated herein. Moreover, at least some of the steps in the flowcharts of the figures may include a plurality of sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, the order of their execution not necessarily being sequential, but may be performed in turn or alternately with other steps or at least a portion of the other steps or stages.
The foregoing is only a partial embodiment of the present application, and it should be noted that, for a person skilled in the art, several improvements and modifications can be made without departing from the principle of the present application, and these improvements and modifications should also be considered as the protection scope of the present application.
Claims (10)
1. An encryption method switching method is characterized by comprising the following steps:
in a plurality of nodes in a micro-service system, each node acquires and analyzes corresponding configuration information from a configuration center, wherein the configuration center is pre-configured with a plurality of configuration information, and the configuration information comprises an encryption identifier and an encryption type name;
each node determines the corresponding encryption mode based on the analyzed encryption identification and the encryption type name so as to switch.
2. The method as recited in claim 1, further comprising:
after the configuration information corresponding to a certain node is updated, the node acquires and analyzes the updated configuration information corresponding to the node from a configuration center, wherein the updated configuration information comprises an updated encryption identifier and an updated encryption type name;
and determining an encryption mode corresponding to the node based on the updated encryption identification obtained through analysis and the updated encryption type name so as to switch.
3. The method according to claim 1 or 2, further comprising:
after determining the encryption mode, mapping the encryption mode to a corresponding encryption algorithm module.
4. A method according to claim 3, wherein different encryption algorithm modules are independent of each other.
5. An encryption mode switching device applied to a node in a micro-service system is characterized by comprising:
the acquisition and analysis module is used for acquiring and analyzing the corresponding configuration information from the configuration center, wherein the configuration center is pre-configured with a plurality of configuration information, and the configuration information comprises an encryption identifier and an encryption type name;
and the mode determining module is used for determining the corresponding encryption mode based on the analyzed encryption identification and the encryption type name so as to switch.
6. The apparatus of claim 5, wherein the device comprises a plurality of sensors,
the acquiring and analyzing module is further used for acquiring and analyzing updated configuration information corresponding to the node from the configuration center after the configuration information corresponding to the deployed node is updated, wherein the updated configuration information comprises an updated encryption identifier and an updated encryption type name;
the mode determining module is further configured to determine an encryption mode corresponding to the node based on the updated encryption identifier and the updated encryption type name obtained by parsing, so as to switch.
7. The apparatus according to claim 5 or 6, further comprising:
and the algorithm mapping module is used for mapping the encryption mode to a corresponding encryption algorithm module after the encryption mode is determined.
8. The apparatus of claim 7, wherein different encryption algorithm modules are independent of each other.
9. An electronic device comprising a memory and a processor, the memory having stored thereon a computer program, characterized in that the processor, when executing the computer program, implements the encryption mode determining method according to any one of claims 1 to 4.
10. A computer-readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the encryption mode determining method according to any one of claims 1 to 4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311625945.8A CN117675207A (en) | 2023-11-30 | 2023-11-30 | Encryption mode determining method, device, electronic equipment and readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311625945.8A CN117675207A (en) | 2023-11-30 | 2023-11-30 | Encryption mode determining method, device, electronic equipment and readable storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN117675207A true CN117675207A (en) | 2024-03-08 |
Family
ID=90083799
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202311625945.8A Pending CN117675207A (en) | 2023-11-30 | 2023-11-30 | Encryption mode determining method, device, electronic equipment and readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117675207A (en) |
-
2023
- 2023-11-30 CN CN202311625945.8A patent/CN117675207A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108664812B (en) | Information desensitization method, device and system | |
CN111859470B (en) | Business data chaining method and device | |
CN111767143A (en) | Transaction data processing method, device, equipment and system | |
US9280665B2 (en) | Fast and accurate identification of message-based API calls in application binaries | |
TWI736123B (en) | BLE communication method, device, equipment and storage medium | |
US10754717B2 (en) | Fast and accurate identification of message-based API calls in application binaries | |
US20200142674A1 (en) | Extracting web api endpoint data from source code | |
KR102205005B1 (en) | Method for providing service for shared office | |
CN111552945B (en) | Resource processing method, device and equipment | |
CN111625422B (en) | Thread monitoring method, thread monitoring device, electronic equipment and computer readable storage medium | |
CN110781192A (en) | Verification method, device and equipment of block chain data | |
CN115134067A (en) | Method for detecting private data leakage | |
CN110019444B (en) | Operation request processing method, device, equipment and system | |
CN113641873B (en) | Data processing method and device, electronic equipment and readable storage medium | |
CN111753270A (en) | Application program login verification method, device, equipment and storage medium | |
CN109033456B (en) | Condition query method and device, electronic equipment and storage medium | |
CN112835632A (en) | Method and device for calling end capability and computer storage medium | |
CN107566499B (en) | Data synchronization method, device and system | |
CN116107520B (en) | S3 object storage protocol encrypted data storage method and system | |
CN109710609B (en) | Method and device for generating data table identification | |
CN117675207A (en) | Encryption mode determining method, device, electronic equipment and readable storage medium | |
CN111460020B (en) | Method, device, electronic equipment and medium for resolving message | |
CN114629951A (en) | Address service switching method and device, computer equipment and storage medium | |
CN109495464B (en) | Method, device, equipment and system for tracking application access | |
CN110417904B (en) | Push information processing method, device and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |