CN117725598A - An Zhuoduan data encryption and decryption method, device, equipment and medium - Google Patents
An Zhuoduan data encryption and decryption method, device, equipment and medium Download PDFInfo
- Publication number
- CN117725598A CN117725598A CN202311655667.0A CN202311655667A CN117725598A CN 117725598 A CN117725598 A CN 117725598A CN 202311655667 A CN202311655667 A CN 202311655667A CN 117725598 A CN117725598 A CN 117725598A
- Authority
- CN
- China
- Prior art keywords
- key
- data
- zhuoduan
- random
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 230000007246 mechanism Effects 0.000 claims abstract description 16
- 150000003839 salts Chemical class 0.000 claims description 51
- 238000004590 computer program Methods 0.000 claims description 17
- 238000012545 processing Methods 0.000 claims description 15
- 238000004422 calculation algorithm Methods 0.000 abstract description 14
- 230000002085 persistent effect Effects 0.000 abstract description 2
- 238000004891 communication Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 238000007726 management method Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 238000013500 data storage Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002688 persistence Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000002243 precursor Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a An Zhuoduan data encryption and decryption method, a An Zhuoduan data encryption and decryption device, an Zhuoduan data encryption and decryption equipment and a An Zhuoduan data encryption and decryption medium. Generating a corresponding SM4 key based on the first random string; generating an RSA public key and a private key through a An Zhuoduan key store mechanism, and encrypting the SM4 key through the public key to obtain a corresponding encrypted SM4 key; when the data is required to be encrypted and decrypted, the encrypted SM4 key is decrypted through the private key to obtain a corresponding SM4 key, and the data is encrypted and decrypted through the SM4 key. According to the scheme, the SM4 algorithm is adopted to encrypt and store the persistent key value pairs, and the RSA signature key generated by the android key library is used for managing the key of the SM4 algorithm, so that the security storage of the data pairs in the client is realized, and the application security can be effectively improved.
Description
Technical Field
The invention relates to the technical field of data processing, in particular to a An Zhuoduan data encryption and decryption method, a An Zhuoduan data encryption and decryption device, an Zhuoduan data encryption and decryption equipment and a An Zhuoduan data encryption and decryption medium.
Background
With the popularization of intelligent terminals and the development of mobile interconnection technology, more and more services are transferred to mobile terminals, and mobile portals become important acquisition sources with the convenience. In client development, a scenario is often encountered in which some critical data is stored on a storage device, and it is necessary to ensure that the data can be read at any time and cannot be lost easily.
The file storage is the most basic data storage mode in the android system, does not carry out any formatting treatment on the stored content, directly saves the data in the file as is, and is suitable for storing some simple text data or binary data. Since the files are stored in the clear, they are vulnerable to attacks and even result in leakage of user sensitive information.
In summary, an encryption and decryption method is needed to protect An Zhuoduan data, so as to improve the security of application.
Disclosure of Invention
The invention provides a An Zhuoduan data encryption and decryption method, a device, equipment and a medium, which are used for protecting An Zhuoduan data and improving the safety of application.
According to one aspect of the present invention, there is provided an encryption and decryption method for secure Zhuo Duan data, comprising:
generating a corresponding SM4 key based on the first random string;
generating an RSA public key and a private key through a An Zhuoduan key store mechanism, and encrypting the SM4 key through the public key to obtain a corresponding encrypted SM4 key;
when the data is required to be encrypted and decrypted, the encrypted SM4 key is decrypted through the private key to obtain a corresponding SM4 key, and the data is encrypted and decrypted through the SM4 key.
Optionally, the generating the corresponding SM4 key based on the first random string includes:
generating a second random character string, and taking the second random character string as a salt value;
and for each first random character string, randomly selecting a target salt value from the salt values, and carrying out salt adding processing on the current first random character string to obtain a corresponding SM4 key.
Optionally, the randomly selecting a target salt value from the salt values to perform salt adding processing on the current first random string to obtain a corresponding SM4 key includes:
according to the current first random character string and the target salt value, character groups are formed;
and carrying out MD5 hash operation on the character set to obtain a corresponding SM4 key.
Optionally, the method further comprises:
and after the character group is obtained, replacing the characters in the character group according to a preset replacement rule, wherein the replacement rule comprises a replacement relation among at least one group of characters.
Optionally, the character set according to the current first random character string and the target salt value includes:
and merging the target salt value and the current first random character string through a separator to obtain the character set.
Optionally, the character set according to the current first random character string and the target salt value includes:
and splicing the target salt value and the current first random character string to obtain the character set.
Optionally, encrypting and decrypting the data by the SM4 key includes:
determining a Key value of a Key value pair corresponding to the data, and performing MD5 hash operation on the Key value;
and encrypting and decrypting the Value part of the key Value pair through the SM4 key pair.
According to another aspect of the present invention, there is provided an apparatus for encrypting and decrypting data of a security Zhuo Duan, comprising:
a key generation unit for generating a corresponding SM4 key based on the first random string;
the encryption key generation unit is used for generating an RSA public key and a private key through a An Zhuoduan key store mechanism, and encrypting the SM4 key through the public key to obtain a corresponding encryption SM4 key;
and the key application unit is used for decrypting the encrypted SM4 key through the private key to obtain a corresponding SM4 key when the data is required to be encrypted and decrypted, and encrypting and decrypting the data through the SM4 key.
According to another aspect of the present invention, there is provided an electronic apparatus including:
at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores a computer program executable by the at least one processor, and the computer program is executed by the at least one processor, so that the at least one processor can execute the An Zhuoduan data encryption and decryption method according to any embodiment of the present invention.
According to another aspect of the present invention, there is provided a computer readable storage medium storing computer instructions for implementing the An Zhuoduan data encryption and decryption method according to any one of the embodiments of the present invention when executed by a processor.
According to the technical scheme, a corresponding SM4 key is generated based on the first random character string; generating an RSA public key and a private key through a An Zhuoduan key store mechanism, and encrypting the SM4 key through the public key to obtain a corresponding encrypted SM4 key; when the data is required to be encrypted and decrypted, the encrypted SM4 key is decrypted through the private key to obtain a corresponding SM4 key, and the data is encrypted and decrypted through the SM4 key. According to the scheme, the SM4 algorithm is adopted to encrypt and store the persistent key value pairs, and the RSA signature key generated by the android key library is used for managing the key of the SM4 algorithm, so that the security storage of the data pairs in the client is realized, and the application security can be effectively improved.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the invention or to delineate the scope of the invention. Other features of the present invention will become apparent from the description that follows.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of an encryption and decryption method for data of an embodiment Zhuo Duan of the present invention;
FIG. 2 is a schematic diagram of a An Zhuoduan data encryption and decryption method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an apparatus for encrypting and decrypting Zhuo Duan data according to a second embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device for implementing the An Zhuoduan data encryption and decryption method according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
Fig. 1 is a flowchart of an embodiment of a method for encrypting and decrypting data Zhuo Duan, which is applicable to the case of improving the security of An Zhuoduan application, the method can be executed by a An Zhuoduan data encrypting and decrypting device, the An Zhuoduan data encrypting and decrypting device can be implemented in the form of hardware and/or software, and the An Zhuoduan data encrypting and decrypting device can be configured in an electronic device. As shown in fig. 1, the method includes:
s110, generating a corresponding SM4 key based on the first random string.
The first random string may be a string with random character types and number, and illustratively, defines a string containing all possible characters, such as a string containing case letters and numbers. A random index is generated using a random number generator ranging from 0 to the string length minus 1. And according to the generated random index, extracting the character at the corresponding position from the character string, adding the character into the result character string, and repeating the steps until the length of the generated random character string meets the expectations. The first random string may also be a random string entered by the user.
The first random string is used as a seed for generating the SM4 key. SM4 is a commercial cryptographic standard in our country, and its precursor is SMs4 algorithm. SM4 is a packet encryption algorithm, and the packet length and the key length are 128 bits.
In the embodiment of the present invention, step S110 specifically includes:
generating a second random character string, and taking the second random character string as a salt value;
and for each first random character string, randomly selecting a target salt value from the salt values, and carrying out salt adding processing on the current first random character string to obtain a corresponding SM4 key.
To further increase security, a salt mechanism is used to further protect the key. In cryptography, by inserting a specific string at an arbitrary fixed position of a password, the result after hashing does not coincide with the result of hashing using the original password, a process called "salifying". The use of a salted encrypted hash value can increase the difficulty of the password being compromised.
In the embodiment of the present invention, the step of randomly selecting a target salt value from the salt values to perform salt adding processing on the current first random string to obtain a corresponding SM4 key includes:
according to the current first random character string and the target salt value, character groups are formed;
and carrying out MD5 hash operation on the character set to obtain a corresponding SM4 key.
After the SM4 key seed generated based on the first random character string is obtained, the SM4 key seed and the randomly generated target salt value are combined to obtain a character set, namely a salt password. Hash operation (MD 5) is performed on the character set to obtain a hash value, and the hash value is used as the SM4 key.
In an embodiment of the present invention, the method may further include:
and after the character group is obtained, replacing the characters in the character group according to a preset replacement rule, wherein the replacement rule comprises a replacement relation among at least one group of characters.
And part of characters in the character set are converted, so that the difficulty of an attacker in cracking the password can be increased, and the encryption security is further improved. For example, "a" in the character set may be replaced with "1". In addition, after the characters are converted and the hash operation is performed on the character set to obtain a hash value, in order to further improve encryption security, the hash value can be used as a new character set and hash calculation is performed again to obtain a next character set, then the characters in the character set are replaced, the cycle can be repeated for a plurality of times, the more the number of times of repetition is, the higher the complexity degree of the obtained SM4 key is, and the specific number of times of cycle can be specifically set according to service requirements or according to calculation resources.
In an embodiment of the present invention, the character set according to the current first random string and the target salt value includes:
and merging the target salt value and the current first random character string through a separator to obtain the character set.
For example, the target salt value is 1234567, the current first random string is abcdefg, and the combined string is 1234567|abcdefg.
In an embodiment of the present invention, the character set according to the current first random string and the target salt value includes: and splicing the target salt value and the current first random character string to obtain the character set.
The splicing can be direct combination or cross splicing, and the target salt value is 1234567, the current first random character string is abcdefg, and the character group can be formed by different splicing modes such as 1a2b3c4d5e6f7g or 1234567 abcdefg.
The above embodiments only enumerate two methods for obtaining character sets, and more character combinations and methods can be set according to requirements in specific applications.
S120, generating an RSA public key and a private key through a An Zhuoduan key bank mechanism, and encrypting the SM4 key through the public key to obtain a corresponding encrypted SM4 key.
The RSA public key cryptosystem is a cryptosystem in which different encryption keys and decryption keys are used, and it is computationally infeasible to derive a decryption key from a known encryption key. The RSA public and private keys may be generated by a keystore mechanism provided by the android for protecting keys used by the SM4 algorithm.
S130, when data are required to be encrypted and decrypted, the encrypted SM4 key is decrypted through the private key to obtain a corresponding SM4 key, and the data are encrypted and decrypted through the SM4 key.
In client development, a scenario of saving some critical data in a storage device, such as whether a user has read a protocol, a current logged-in geographic location, a user name, a user login mechanism, and other information related to a person, needs to be ensured that the data can be read at any time and cannot be lost easily, which relates to a data persistence technology of a mobile terminal. For android systems, data persistence techniques are generally divided into file storage, database storage, and sharedreferences key-value pair storage.
Unlike file stores and database stores, sharedreferences store data using key-value pairs. When a certain piece of data needs to be stored, a key value corresponding to the piece of data is provided, and a corresponding value is also taken out according to the key value during reading. Meanwhile, sharedreferences support the storage of different types of data, namely if the type of the stored data is integer, the read data is integer; if the stored data is a character string, the read data is also a character string. Sharedreferences are relatively simple to store and are suitable for caching generic data requested by the network in mobile applications.
And in the encryption and decryption part of the data, carrying out MD5 hash on the Key Value in the Key Value pair storage, and encrypting and decrypting the Value part by the SM4 Key to realize the encryption storage of the Key Value pair.
Fig. 2 is a schematic diagram of a An Zhuoduan data encryption and decryption method according to an embodiment of the invention. The key generation and management is the core of the symmetric encryption algorithm, the An Zhuoduan data storage protection scheme based on the dual encryption algorithm uses a key store mechanism provided by the android system in key management, can store and retrieve the encryption key for a long time, and provides a trusted access control system, wherein the access control system is specified during the key generation period and can be forcedly executed in the whole life cycle of the key for protecting the symmetric encryption key in the scheme.
The generation and management of the secret key comprises three steps:
a) The user inputs or generates a random character string as a seed for generating the SM4 key, and a salifying mechanism is used for further protecting the key to improve the security;
b) Generating a signature public and private key of an RSA algorithm through a Key store mechanism of an android system, and encrypting a key of SM4 through the public key for storage;
c) When the key of the SM4 needs to be acquired, the key of the SM4 is acquired for subsequent use through decryption of a private key generated by a KeyStore of the android system.
And in the encryption and decryption part of the data, carrying out MD5 hash on the Key Value in the Key Value pair storage, and encrypting and decrypting the Value part by the SM4 Key to realize the encryption storage of the Key Value pair.
The scheme of the embodiment of the invention fully utilizes a Key store key management mechanism of the android system, can store and retrieve the encryption key for a long time, provides a trusted access control system, is appointed during key generation and can be forcedly executed in the whole life cycle of the key, and is used for protecting the symmetric encryption key in the scheme; secondly, the double encryption algorithm is based on a key protection mechanism of the double encryption algorithm, and the symmetric key used for encryption is protected by using an asymmetric encryption key, so that the safety of data can be effectively improved; finally, the An Zhuoduan data storage protection scheme based on the double encryption algorithm ensures the safety and effectiveness of the SharePreferkeys on the premise of ensuring the simplicity and easiness in use of the SharePreferkeys.
Example two
Fig. 3 is a schematic structural diagram of an apparatus for encrypting and decrypting Zhuo Duan data according to a second embodiment of the present invention. As shown in fig. 3, the apparatus includes:
a key generation unit 310 for generating a corresponding SM4 key based on the first random string;
an encryption key generation unit 320, configured to generate an RSA public key and a private key through a An Zhuoduan keystore mechanism, and encrypt an SM4 key through the public key to obtain a corresponding encrypted SM4 key;
and the key application unit 330 is configured to decrypt the encrypted SM4 key by using the private key to obtain a corresponding SM4 key when the data needs to be encrypted and decrypted, and encrypt and decrypt the data by using the SM4 key.
Optionally, the key generating unit 310 is specifically configured to perform:
generating a second random character string, and taking the second random character string as a salt value;
and for each first random character string, randomly selecting a target salt value from the salt values, and carrying out salt adding processing on the current first random character string to obtain a corresponding SM4 key.
Optionally, when executing the salifying processing of the current first random string by randomly selecting a target salt value from the salt values to obtain the corresponding SM4 key, the key generating unit 310 specifically performs:
according to the current first random character string and the target salt value, character groups are formed;
and carrying out MD5 hash operation on the character set to obtain a corresponding SM4 key.
Optionally, the key generating unit 310 is further configured to perform:
and after the character group is obtained, replacing the characters in the character group according to a preset replacement rule, wherein the replacement rule comprises a replacement relation among at least one group of characters.
Optionally, the key generating unit 310 specifically performs, when performing the character set according to the current first random character string and the target salt value:
and merging the target salt value and the current first random character string through a separator to obtain the character set.
Optionally, the key generating unit 310 specifically performs, when performing the character according to the current first random string and the target salt value:
and splicing the target salt value and the current first random character string to obtain the character set.
Optionally, the key application unit 330 is configured to specifically perform, when performing the encryption and decryption on the data by using the SM4 key:
determining a Key value of a Key value pair corresponding to the data, and performing MD5 hash operation on the Key value;
and encrypting and decrypting the Value part of the key Value pair through the SM4 key pair.
The An Zhuoduan data encryption and decryption device provided by the embodiment of the invention can execute the An Zhuoduan data encryption and decryption method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Example III
Fig. 4 shows a schematic diagram of the structure of an electronic device 10 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic equipment may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 4, the electronic device 10 includes at least one processor 11, and a memory, such as a Read Only Memory (ROM) 12, a Random Access Memory (RAM) 13, etc., communicatively connected to the at least one processor 11, in which the memory stores a computer program executable by the at least one processor, and the processor 11 may perform various appropriate actions and processes according to the computer program stored in the Read Only Memory (ROM) 12 or the computer program loaded from the storage unit 18 into the Random Access Memory (RAM) 13. In the RAM 13, various programs and data required for the operation of the electronic device 10 may also be stored. The processor 11, the ROM 12 and the RAM 13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to bus 14.
Various components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16 such as a keyboard, a mouse, etc.; an output unit 17 such as various types of displays, speakers, and the like; a storage unit 18 such as a magnetic disk, an optical disk, or the like; and a communication unit 19 such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, digital Signal Processors (DSPs), and any suitable processor, controller, microcontroller, etc. The processor 11 performs the various methods and processes described above, such as An Zhuoduan data encryption and decryption methods.
In some embodiments, the An Zhuoduan data encryption and decryption method may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as the storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19. When the computer program is loaded into RAM 13 and executed by processor 11, one or more steps of the An Zhuoduan data encryption and decryption method described above may be performed. Alternatively, in other embodiments, the processor 11 may be configured to perform An Zhuoduan data encryption and decryption methods in any other suitable manner (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for carrying out methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be implemented. The computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) through which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service are overcome.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution of the present invention are achieved, and the present invention is not limited herein.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.
Claims (10)
1. An Zhuoduan data encryption and decryption method is characterized by comprising the following steps:
generating a corresponding SM4 key based on the first random string;
generating an RSA public key and a private key through a An Zhuoduan key store mechanism, and encrypting the SM4 key through the public key to obtain a corresponding encrypted SM4 key;
when the data is required to be encrypted and decrypted, the encrypted SM4 key is decrypted through the private key to obtain a corresponding SM4 key, and the data is encrypted and decrypted through the SM4 key.
2. The method of claim 1, wherein the generating a corresponding SM4 key based on the first random string comprises:
generating a second random character string, and taking the second random character string as a salt value;
and for each first random character string, randomly selecting a target salt value from the salt values, and carrying out salt adding processing on the current first random character string to obtain a corresponding SM4 key.
3. The method of claim 2, wherein the randomly selecting a target salt value from the salt values to perform salifying processing on the current first random string to obtain a corresponding SM4 key includes:
according to the current first random character string and the target salt value, character groups are formed;
and carrying out MD5 hash operation on the character set to obtain a corresponding SM4 key.
4. A method as claimed in claim 3, further comprising:
and after the character group is obtained, replacing the characters in the character group according to a preset replacement rule, wherein the replacement rule comprises a replacement relation among at least one group of characters.
5. A method according to claim 3, wherein said generating a character set from said current first random string and said target salt value comprises:
and merging the target salt value and the current first random character string through a separator to obtain the character set.
6. A method according to claim 3, wherein said generating a character set from said current first random string and said target salt value comprises:
and splicing the target salt value and the current first random character string to obtain the character set.
7. The method of claim 1, wherein encrypting and decrypting the data with the SM4 key comprises:
determining a Key value of a Key value pair corresponding to the data, and performing MD5 hash operation on the Key value;
and encrypting and decrypting the Value part of the key Value pair through the SM4 key pair.
8. An Zhuoduan data encrypting and decrypting apparatus, characterized by comprising:
a key generation unit for generating a corresponding SM4 key based on the first random string;
the encryption key generation unit is used for generating an RSA public key and a private key through a An Zhuoduan key store mechanism, and encrypting the SM4 key through the public key to obtain a corresponding encryption SM4 key;
and the key application unit is used for decrypting the encrypted SM4 key through the private key to obtain a corresponding SM4 key when the data is required to be encrypted and decrypted, and encrypting and decrypting the data through the SM4 key.
9. An electronic device, the electronic device comprising:
at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the An Zhuoduan data encryption and decryption method of any one of claims 1-7.
10. A computer readable storage medium storing computer instructions for causing a processor to perform the An Zhuoduan data encryption and decryption method of any one of claims 1-7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311655667.0A CN117725598A (en) | 2023-12-05 | 2023-12-05 | An Zhuoduan data encryption and decryption method, device, equipment and medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311655667.0A CN117725598A (en) | 2023-12-05 | 2023-12-05 | An Zhuoduan data encryption and decryption method, device, equipment and medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN117725598A true CN117725598A (en) | 2024-03-19 |
Family
ID=90199017
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202311655667.0A Pending CN117725598A (en) | 2023-12-05 | 2023-12-05 | An Zhuoduan data encryption and decryption method, device, equipment and medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117725598A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117955737A (en) * | 2024-03-26 | 2024-04-30 | 长春汽车工业高等专科学校 | Internet of vehicles data privacy protection and encryption transmission method and system |
-
2023
- 2023-12-05 CN CN202311655667.0A patent/CN117725598A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117955737A (en) * | 2024-03-26 | 2024-04-30 | 长春汽车工业高等专科学校 | Internet of vehicles data privacy protection and encryption transmission method and system |
CN117955737B (en) * | 2024-03-26 | 2024-06-07 | 长春汽车工业高等专科学校 | Internet of vehicles data privacy protection and encryption transmission method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
CN112287379B (en) | Service data using method, device, equipment, storage medium and program product | |
US20160117262A1 (en) | Hybrid Cryptographic Key Derivation | |
CN111245597A (en) | Key management method, system and equipment | |
Luo et al. | A novel covert communication method based on bitcoin transaction | |
CN107204997A (en) | The method and apparatus for managing cloud storage data | |
CN117725598A (en) | An Zhuoduan data encryption and decryption method, device, equipment and medium | |
CN108549824A (en) | A kind of data desensitization method and device | |
Khan et al. | SSM: Secure-Split-Merge data distribution in cloud infrastructure | |
CN112989391A (en) | Hybrid encryption method, hybrid decryption method, system, device and storage medium | |
CN113794706B (en) | Data processing method and device, electronic equipment and readable storage medium | |
CN114710274A (en) | Data calling method and device, electronic equipment and storage medium | |
CN116781425B (en) | Service data acquisition method, device, equipment and storage medium | |
CN112565156B (en) | Information registration method, device and system | |
CN116405199A (en) | Encryption method, device, equipment and medium based on NTRU algorithm and SM2 algorithm | |
CN115883199A (en) | File transmission method and device, electronic equipment and storage medium | |
CN108512657B (en) | Password generation method and device | |
CN115600215A (en) | System startup method, system information processing method, device, equipment and medium thereof | |
CN116248258A (en) | Password detection method, device, equipment and storage medium | |
Zhong et al. | Research on enterprise financial accounting information security model based on big data | |
Gowri et al. | Securing Files on Cloud Storage with Group Key Management Protocol | |
CN118368072B (en) | Micro-service extension method, device and medium supporting SM2 cryptographic algorithm | |
CN117254908B (en) | Cloud data storage method, device, equipment and medium | |
CN117640081A (en) | Data encryption method and device, electronic equipment and storage medium | |
CN117640083A (en) | Data transmission method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |