CN117955642A - Encryption configuration method, device, computer equipment and storage medium - Google Patents
Encryption configuration method, device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN117955642A CN117955642A CN202311868470.5A CN202311868470A CN117955642A CN 117955642 A CN117955642 A CN 117955642A CN 202311868470 A CN202311868470 A CN 202311868470A CN 117955642 A CN117955642 A CN 117955642A
- Authority
- CN
- China
- Prior art keywords
- key
- original
- encryption
- identification number
- storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 238000004590 computer program Methods 0.000 claims description 24
- 238000004364 calculation method Methods 0.000 claims description 7
- 238000013461 design Methods 0.000 abstract description 3
- 238000004422 calculation algorithm Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000006399 behavior Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000000670 limiting effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000002441 reversible effect Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 210000001503 joint Anatomy 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000000873 masking effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000002829 reductive effect Effects 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides an encryption configuration method, a device, a computer device and a storage medium, wherein the method comprises the steps of obtaining a user identification number and a project classification identification number; generating an original key according to the user identification number and the item classification identification number based on a preset original rule; encrypting the original key to obtain a key ciphertext, and sending the key ciphertext to a client. By the design, the unique identification information can be formed through the user identification number and the item classification identification number, so that the unique original secret key is generated, different original secret keys can be respectively set for different businesses and different systems, the encryption process is not required to be manually processed by a user, and the secret keys of the businesses can be conveniently managed.
Description
Technical Field
The present invention relates to the field of information encryption technologies, and in particular, to an encryption configuration method, an encryption configuration device, a computer device, and a storage medium.
Background
Since a large number of services are transmitted in the network by the intermediate system, the data-related services are stored in the database as ciphertext. To fulfill the above requirements, it is most common to perform symmetric decryption manually on each system, encrypt and transmit the data once through the program, and store the data in a database as ciphertext.
However, in this encryption manner, many systems need to manually process similar data security problems, and for each service, the user needs to encrypt, decrypt, transmit and store data respectively. When the number of services increases, the management of the key of each service is not facilitated.
Disclosure of Invention
Based on this, it is necessary to provide an encryption configuration method, apparatus, computer device, and storage medium in view of the above technical problems.
An encryption configuration method, comprising:
acquiring a user identification number and an item classification identification number;
Generating an original key according to the user identification number and the item classification identification number based on a preset original rule;
Encrypting the original key to obtain a key ciphertext, and sending the key ciphertext to a client.
In one embodiment, after the step of generating the original key according to the user identification number and the item classification identification number based on a preset original rule, the method further includes:
Encrypting the original key to obtain a storage key, and storing the storage key.
In one embodiment, the step of encrypting the original key to obtain a storage key and storing the storage key includes:
Acquiring a first encryption key, encrypting the original key based on the first encryption key, and obtaining an intermediate key;
and obtaining a second encryption key, encrypting the intermediate key based on the second encryption key to obtain the storage key, and storing the storage key.
In one embodiment, the step of encrypting the original key to obtain a key ciphertext and transmitting the key ciphertext to the client includes:
Reading the storage key, decrypting the storage key and obtaining the original key;
Encrypting the original key to obtain a key ciphertext, and sending the key ciphertext to a client.
In one embodiment, the encryption key obtaining rule used for encrypting the original key includes:
Inquiring corresponding standby information in a preset database according to the user identification number and the item classification identification number; and generating the encryption key according to the standby information based on a preset encryption rule.
In one embodiment, the method further comprises:
And setting the effective storage duration for the storage key based on a preset deadline calculation rule.
In one embodiment, the method further comprises:
Detecting whether a preset trigger event exists;
and deleting the original key when a preset trigger event exists.
An encryption configuration apparatus comprising:
And an identification acquisition module: the method comprises the steps of acquiring a user identification number and an item classification identification number;
original key module: the method comprises the steps of generating an original key according to a user identification number and an item classification identification number based on a preset original rule;
a key sending module: and the method is used for encrypting the original key to obtain a key ciphertext and sending the key ciphertext to the client.
A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the encryption configuration method described in any of the above embodiments when the computer program is executed.
A computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the encryption configuration method described in any of the above embodiments.
The encryption configuration method, the encryption configuration device, the computer equipment and the storage medium are characterized in that a user identification number and an item classification identification number are obtained; generating an original key according to the user identification number and the item classification identification number based on a preset original rule; encrypting the original key to obtain a key ciphertext, and sending the key ciphertext to a client. By the design, the unique identification information can be formed through the user identification number and the item classification identification number, so that the unique original secret key is generated, different original secret keys can be respectively set for different businesses and different systems, the encryption process is not required to be manually processed by a user, and the secret keys of the businesses can be conveniently managed.
Drawings
FIG. 1 is a flow diagram of a method of cryptographic configuration in one embodiment;
FIG. 2 is a block diagram of an encryption configuration device in one embodiment;
FIG. 3 is an internal block diagram of a computer device in one embodiment.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
Example 1
In this embodiment, as shown in fig. 1, an encryption configuration method is provided, which is applied to a server, and includes:
step 110, a user identification number and an item classification identification number are obtained.
In this embodiment, the user identification number is used to identify the user, and different user identification numbers are configured for different users, so that the corresponding user can be determined according to the user identification number. The item classification identifier is used for identifying the item, and different item classification identifiers are configured for different items, so that the corresponding item can be determined according to the item classification identifier.
Step 120, generating an original key according to the user identification number and the item classification identification number based on a preset original rule.
In this embodiment, since the user identifier may determine a unique one of the users, the item classification identifier may determine a unique one of the items, and when different users encrypt the same item, the corresponding generated original key is unique; when the same user encrypts different items, the corresponding generated original key is unique; when different users encrypt different items, the corresponding generated original key is also unique. The preset original rule may form a character string from the user identification number and the item classification identification number, and use the character string as an original key, or randomly generate another character string on the character string as the original key.
And step 130, encrypting the original key to obtain a key ciphertext, and sending the key ciphertext to the client.
In this embodiment, in order to avoid interception of the original key and influence on data security, the original key is encrypted to obtain a key ciphertext, the key ciphertext is used for masking the original key, and other people cannot obtain the original key after intercepting the key ciphertext. The client receives the key ciphertext and decrypts the key ciphertext to obtain an original key, so that the client can encrypt or decrypt the data through the original key. The client is a butt joint end of a service system, and the service system is provided with a service database for storing service data. The user can call the original key to encrypt the service data to be encrypted, the service data can be at least one of a name, a mobile phone number and an identity card number, and the encrypted service data is stored in a service database of the service system. The user can also acquire the encrypted service data in the service database, decrypt the encrypted service data through the original key, and display the decrypted service data on the client so that the user can read the service data.
In the encryption configuration method of the present embodiment, a user identification number and an item classification identification number are obtained; generating an original key according to the user identification number and the item classification identification number based on a preset original rule; encrypting the original key to obtain a key ciphertext, and sending the key ciphertext to a client. By the design, the unique identification information can be formed through the user identification number and the item classification identification number, so that the unique original secret key is generated, different original secret keys can be respectively set for different businesses and different systems, the encryption process is not required to be manually processed by a user, and the secret keys of the businesses can be conveniently managed.
It should be understood that, although the steps in the flowchart of fig. 1 are shown in sequence as indicated by the arrows, the steps are not necessarily performed in sequence as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in fig. 1 may include multiple sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor do the order in which the sub-steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with at least a portion of other steps or sub-steps of other steps.
Example two
In this embodiment, an encryption configuration method is provided, which is applied to a server, and includes:
step one, a user identification number and an item classification identification number are obtained.
In this embodiment, the user identification number and the item classification identification number are obtained by detecting the triggering behavior of the user by the client. In this embodiment, the triggering behavior may be that the user logs in the user identification number, clicks the encryption control, clicks the data to be encrypted, or that the user clicks the item option and the form option.
In one embodiment, the item classification identifier includes an item identifier for identifying different items and a form identifier for identifying different forms, one item including at least one form. In this embodiment, when the service is complicated, different project division management may need to be established, and multiple tables are required to store different contents in one project, so that in order to specifically determine the table involved in encryption, the determination is performed by the project classification number and the table identification number.
And step two, generating an original key according to the user identification number and the item classification identification number based on a preset original rule.
In one embodiment, the predetermined original rule includes a predetermined first random rule. In this embodiment, in order to obtain the original key conveniently, a character string is spliced based on the user identification number and the item classification identification number, and the original key is randomly generated from the character string by presetting a first random rule. Since the character string formed by the user identification number and the item classification identification number has uniqueness, the original key randomly generated on the basis of the character string also has uniqueness, and thus, when at least one of the user, the item and the table is different, the corresponding generated original key is different.
In one embodiment, an original validity period is set for an original key, wherein the original key is valid for the original validity period. In this embodiment, after the original key is generated, the original key is deleted after the original effective duration passes by using the generation time of the original key as the starting time, so as to avoid the leakage caused by interception of long-time storage of the original key.
In one embodiment, the preset primitive rules include: splicing the user identification number and the item classification identification number to obtain a spliced character string; randomly disturbing the spliced character strings to obtain a sequencing character string; the permuted string is converted to UTF-8 code as the original key. In the embodiment, the spliced character strings obtained by splicing the user identification numbers and the item classification identification numbers have uniqueness, the sequence-changing character strings obtained after the spliced character strings are randomly disordered have randomness, are not easy to be broken by translation, have stronger UTF-8 coding compatibility, and can flexibly adapt to different service demands.
In an embodiment, the preset original rules include at least two types, each of the preset original rules configures a rule valid period, and the rule valid periods of the preset original rules are set according to a preset scheduling sequence. In this embodiment, in order to make the original key safer, the preset original rule is changed periodically, so as to avoid the leakage of the original key caused by the cracking of the preset original rule. Configuring rule effective duration for each preset original rule, and generating an original key according to a user identification number and an item classification identification number in each preset original rule in each rule effective period; and when the rule valid period is exceeded, replacing another preset original rule to generate an original key.
And thirdly, encrypting the original key to obtain a storage key, and storing the storage key.
In this embodiment, in order to improve the security of the original key, after the original key is encrypted, the original key is stored, so that direct leakage of the original key during data leakage is avoided, and the data of the user is decrypted. When the stored key is revealed, others cannot obtain the original key from the stored key.
In one embodiment, detecting whether a preset trigger event exists; and deleting the original key when a preset trigger event exists. In this embodiment, the preset trigger event may be that a service end personnel periodically clears the original secret key, or that the original secret key is configured with an original validity period, and the expiration of the original validity period is detected. The preset trigger event is used for determining the deleting time of the original key, deleting the original key in time and avoiding key leakage caused by overlong storage time of the original key.
In one embodiment, the encryption key acquisition rules for encrypting the original key include:
Inquiring corresponding standby information in a preset database according to the user identification number and the item classification identification number; and generating the encryption key according to the standby information based on a preset encryption rule. In this embodiment, the preset database stores data of different users, different items and different tables, and according to the user identification number and the item classification identification number, corresponding storage data can be determined in the preset database, the corresponding storage data is used as standby information, and the encryption key is obtained by processing the information to be used based on a preset encryption rule, such as a random generation rule.
In one embodiment, the step of encrypting the original key to obtain a storage key and storing the storage key includes:
Acquiring a first encryption key, encrypting the original key based on the first encryption key, and obtaining an intermediate key;
And obtaining a second encryption key, encrypting the intermediate key based on the second encryption key to obtain the storage key, and storing the storage key. In this embodiment, in order to improve the security of the storage key, the original key is encrypted in two rounds, where the first round of encryption encrypts the original key to generate an intermediate key, and the second round of encryption encrypts the intermediate key to obtain the storage key. When the key for storage needs to be cracked, two rounds of decryption are needed, so that the difficulty of cracking the key for storage is improved, and the risk of revealing the original key is reduced.
In an embodiment, the first encryption key and/or the second encryption key are generated from dormant information, the dormant information being determined from a user identification number and an item classification identification number. In this embodiment, in order to improve randomness of a key used for encrypting an original key, stored data in a preset database is used as a source for generating the key, and when a user identification number and/or a project classification identification number are different in the preset database, corresponding stored data may be different, so that when the user identification number and/or the project classification identification number are different, randomness of a generated first encryption key and/or second encryption key is more, and difficulty in decoding the key for storage is improved.
In an embodiment, encrypting the original key by presetting a first encryption rule to obtain an intermediate key; encrypting the intermediate key through a preset second encryption rule to obtain the storage key; the preset first encryption rule and the preset second encryption rule are the same or different. In this embodiment, in order to flexibly implement encryption on the original key, a preset first encryption rule used for the first round of encryption and a preset second encryption rule used for the second round of encryption may be the same or different, and the preset first encryption rule and the preset second encryption rule may be both symmetric encryption rules or asymmetric encryption rules, or the preset first encryption rule may be symmetric encryption rules, the second encryption rule may be asymmetric encryption rules, or the preset first encryption rule may be asymmetric encryption rules, and the second encryption rule may be symmetric encryption rules. For example, the preset first encryption rule and the preset second encryption rule are both AES encryption rules.
In one embodiment, the storage key is set to a storage valid duration based on a preset deadline calculation rule. In this embodiment, in order to improve the security of the original key, the effective duration for storing the storage key is set, and the storage key is effective in the effective duration for storing after the storage key is generated; when the storage key is generated, deleting the storage key after the effective storage time is exceeded. When the storage key is deleted, the original key can be generated again according to the user identification number and the item classification identification number, and the original key is encrypted to obtain a new storage key. The preset period calculation rule may be set manually, or set the effective duration of storage according to the importance degree of the data to be encrypted, and the more important the data to be encrypted is, the shorter the effective duration of storage is.
And step four, reading the storage key, decrypting the storage key and obtaining the original key.
In this embodiment, when the user needs to encrypt and decrypt, the user needs to acquire the original key to encrypt or decrypt the data, and read the storage key. Decrypting the stored key according to the reverse logic to obtain the original key for transmission to the client. The user can request encryption and decryption for multiple times, and each time the user encryption or decryption request is detected, the user can read the storage key to decrypt. In this embodiment, by acquiring the encryption requirement instruction, whether the current data needs to be encrypted or not is determined according to the encryption requirement instruction; when the current data needs to be encrypted, the storage key is read, and when the user needs to encrypt the data or decrypt the data, the storage key is read.
In one embodiment, the step of storing the access key includes:
storing the memory key in a first key area and a second key area respectively, wherein the second key area stores the memory key of the past time, and the first key area is used for storing the latest memory key; the first key area and the second key area are established according to the user identification number and the item classification identification number;
the step of reading the storage key comprises the following steps:
reading the storage key of the first key area;
And when receiving a feedback signal with the unmatched keys, reading the stored key of the second key area. In this embodiment, the same user identification number and item classification identification number correspond to a first key area and a second key area, where the first key area stores the latest generated storage key, and can delete the storage key stored in the first key area earlier, and the second key area stores the storage key generated in time, and since the same user encrypts and decrypts the service of the same item multiple times, the multiple generated storage keys are stored in the second key area, and the second key area may have multiple storage keys, at this time, the latest storage key is read preferentially from the storage key of the first key area, and is read and decrypted first, and sent to the client. When the user cannot decrypt according to the storage key of the first key area, the storage key corresponding to the original key required by the user is stored in the second key area, the client sends a feedback signal with the unmatched key, the server receives the feedback signal with the unmatched key, acquires and decrypts the storage key of the second key area, and sends the acquired and decrypted storage key to the client.
And fifthly, encrypting the original key to obtain a key ciphertext, and sending the key ciphertext to the client.
In an embodiment, encrypting the original key through a preset third encryption rule to obtain a key ciphertext, wherein the preset third encryption rule is different from the preset first encryption rule; and/or the preset third encryption rule is different from the preset second encryption rule. In this embodiment, in order to flexibly encrypt an original key to be transmitted, a preset third encryption rule different from a preset first encryption rule and/or a preset second encryption rule related to the previous original key encryption may be selected, and the original key is encrypted in this step, mainly by temporarily packaging the original key, the key ciphertext is quickly transmitted to the client, and is not easy to be intercepted, and an encryption rule with a lower encryption complexity may be selected for encryption.
In one embodiment, the preset third encryption rule includes JWT (JSON Web Token) encryption rules. In this embodiment, the key ciphertext generated by the JWT encryption rule is temporary and unique, so that interception is avoided, and the security of the key ciphertext is improved. The client receives the key ciphertext, decrypts the key ciphertext through a preset third encryption rule to obtain an original secret key, and encrypts or decrypts the data by using the original secret key.
Example III
In this embodiment, an encryption configuration method is provided, including:
The web side, the business server side first interface obtains the encrypted key, remove the encryption and decryption value, the value represents the content of encrypting or decrypting.
Dynamic creation of the following table by project name sub-table
CREATE TABLE' Cryptopt_user_key_project English name
`id`int(10)unsigned NOT NULL AUTO_INCREMENT COMMENT”'id”',
The table_name 'vendor (64) COLLATE utf mb4_unicode_ ci NOT NULL DEFAULT' COMMENT '"is shown with a table English identifier'",
"User_id" COLLATE utf mb4_unicode_ ci NOT NULL DEFAULT "COMMENT",
The encryption type 1ae of unsigned NOT NULL DEFAULT '1' COMMENT ' "of tinyint (4),
The 'encryption_fields' json DEFAULT NULL COMMENT '"encryption field'",
"Key" json NOT NULL DEFAULT 'null' COMMENT '"user key'",
"New_key" json NOT NULL DEFAULT 'null' COMMENT '"user new_key'",
The random string '"is custom-defined by the' rand_key 'varchar (64) COLLATE utf mb4_unicode_ ci NOT NULL DEFAULT" COMMENT' ",
'Create_at' datetime NOT NULL DEFAULT CURRENT _ TIMESTAMP COMMENT '"creation time'",
The 'update_at' datetime NOT NULL DEFAULT CURRENT _ TIMESTAMP COMMENT '"modifies the time'",
PRIMARY KEY(`id`),
KEY`idx_id1`(`table_name`,`user_id`)
) DEFAULT CHARSET = utf8mb4 com= 'secure encryption-user key';
the function of the table is to store the decryption content of different items, and each time a new item is accessed, the code creation of the creation table is called, and after the creation, the encryption configuration information of the corresponding item is generated. The table is created first, and then the data can be read from the configuration to realize the related key management, and the subsequent step is a flow for realizing the encryption tool.
An encrypted key A is randomly generated by code based on { user_id, table, project }. The code is based on { user_id, table, project } as a logic to randomly generate key A, and the encrypted key for system subdivision is set per user on a per entry, per table basis. { user_id, table, project } is configuration information of a certain user holding a table of a current item, key A is generated based on the unique identifier of user_id, table, project, so as to ensure randomness of key A as much as possible, and { user_id, table, project } is to make the generated key as unique as possible. Firstly, encrypting the aes of a program, wherein the key is a fixed character string based on user_id_table_project spelling, the value is an originally generated key A, and the key2 with encrypted result is generated. user_id_table_project is encrypted based on the corresponding value-spelled string and key A. And encrypting by aes for the second time, wherein the key is randomly generated, the value is also key2, the generated result key3 is stored in the fields of the original key and the new key, and the key and the expire are consistent in the fields of the original key and the new key (ToKey).
The key is a value, wherein the value is a key A obtained by the previous { user_id, table, project } encryption, that is, the key generated by the user_id, table, project is used for encrypting the key A generated by the { user_id, table, project }. The key of the second aes encryption is obtained by encrypting the key2 obtained by the first encryption by the randomly generated key to obtain the key3. The original key is a value in the key field in the table, the new key is a value in the new_key field, and the result key3 is saved. The original key is a value in a key field in the table, the new key is a value in a new_key field, and the encrypted key is secondarily encrypted. The data structure of the field key and the field new_key is a json, like { "key": "x", "expire":121}. The switching of the old key and the new key is not made. The consistency of the field key and the field expire means that the content of the character strings of the field key in the original key is consistent with the content of the character strings of the field key in the new key, and the content of the character strings of the field expire in the original key is consistent with the content of the character strings of the field expire in the new key. The field key holds a key after encryption, and expire indicates the validity time of this field key. ToKey shows that the step of generating key a and the twice ae encrypted logic is written as a function.
The user requests an encryption_info interface for data [ ] { user_id, table, project } (up to 20 users at a time) to the encryption_tool_service. [] { user_id, table, project } is the client input, { user_id, table, project } is a data structure, plus [ ] represents an array. Here, the client uses encryption, and first obtains the encryption configuration, which belongs to logic for obtaining the encryption configuration. The encryption_tool_service is a service, and the encryption_info is an interface of the encryption_tool_service.
The encryption_info interface is used for obtaining the configuration information of the database, judging whether encryption is needed or not, judging whether encryption is needed for data which are needed to be encrypted by a user, directly returning the configuration information without encryption, and directly displaying or not processing logic if the configuration is obtained by the client. This encryption_info is encrypted configuration information.
If the data is encrypted, the original key and the new key are read out, decrypted through ToKey () reverse logic, and finally the token is generated through jwt algorithm and returned to the client. And obtaining encryption configuration information of the current user. The purpose of reading the original key and the new key is to decrypt the stored key, and this encrypted key configuration is stored in the database. ToKey () decrypts the original key or the new key field to obtain the original unencrypted key. The jwt algorithm is to make the original key packet a layer, so that the client cannot obtain the content in the clear when obtaining the content, and the aim is to improve the security.
The client decrypts the original key A through jwt algorithm, transmits the encrypted needed data to the service server for storage, decrypts the key through acquiring the token to obtain the key, encrypts the value, decrypts the token through jwt algorithm to obtain the key A;
And the client decrypts the original key A through jwt algorithm, obtains encrypted data, decrypts the encrypted data and displays the encrypted data to the client.
The encryption configuration method of the application has the following advantages:
1. The encrypted keys are managed in a unified mode, usability is improved, and secret security of the keys is improved. Through twice encryption protection of the database layer, the program is uniformly encrypted once for storage, so that the safety is higher, and the comparison is orderly.
2. The invention is a tool system for unified management of symmetric encryption, which can iterate the service rapidly, and has high maintainability and code readability. The universal encryption management tool is beneficial to improving development efficiency and reducing access difficulty.
3. The unified tool system for managing symmetric encryption can improve the security of system data and enable data transmitted by a database and a network to be ciphertext.
Example IV
In this embodiment, as shown in fig. 2, there is provided an encryption configuration apparatus including:
the identification acquisition module 210: the method comprises the steps of acquiring a user identification number and an item classification identification number;
Original key module 220: the method comprises the steps of generating an original key according to a user identification number and an item classification identification number based on a preset original rule;
Key transmission module 230: and the method is used for encrypting the original key to obtain a key ciphertext and sending the key ciphertext to the client.
In an embodiment, the device further includes a storage key module, where the storage key module is configured to encrypt the original key to obtain a storage key, and store the storage key.
In one embodiment, the stored key module includes a first encryption sub-module and a second encryption sub-module;
the first encryption sub-module is used for acquiring a first encryption key, encrypting the original key based on the first encryption key and obtaining an intermediate key;
And the second encryption sub-module is used for acquiring a second encryption key, encrypting the intermediate key based on the second encryption key to obtain the storage key, and storing the storage key.
In one embodiment, the key sending module comprises an original secret decryption sub-module and an original secret sending sub-module;
The original secret decryption sub-module is used for reading the storage secret key, decrypting the storage secret key and obtaining the original secret key;
and the original secret sending sub-module is used for encrypting the original secret key to obtain a secret key ciphertext and sending the secret key ciphertext to the client.
In one embodiment, the encryption key acquisition rules for encrypting the original key include:
Inquiring corresponding standby information in a preset database according to the user identification number and the item classification identification number; and generating the encryption key according to the standby information based on a preset encryption rule.
In one embodiment, the device includes a key validity module configured to set a validity duration for the key based on a preset deadline calculation rule.
In one embodiment, the device includes a primary key deletion module configured to detect whether a preset trigger event exists; and deleting the original key when a preset trigger event exists.
For specific limitations of the encryption configuration device, reference may be made to the above limitations of the encryption configuration method, and no further description is given here. The respective units in the above encryption configuration apparatus may be implemented in whole or in part by software, hardware, and combinations thereof. The units can be embedded in hardware or independent of a processor in the computer equipment, and can also be stored in a memory in the computer equipment in a software mode, so that the processor can call and execute the operations corresponding to the units.
Example five
In this embodiment, a computer device is provided. The internal structure thereof can be shown in fig. 3. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program, and is deployed with a database for storing preset raw rules. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the computer device is used to communicate with other computer devices in which application software is deployed. The computer program is executed by a processor to implement an encryption configuration method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.
It will be appreciated by those skilled in the art that the structure shown in FIG. 3 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In one embodiment, a computer device is provided comprising a memory storing a computer program and a processor that when executing the computer program performs the steps of:
Step 110, obtaining a user identification number and an item classification identification number;
Step 120, generating an original key according to the user identification number and the item classification identification number based on a preset original rule;
And step 130, encrypting the original key to obtain a key ciphertext, and sending the key ciphertext to the client.
In one embodiment, the processor when executing the computer program further performs the steps of:
Encrypting the original key to obtain a storage key, and storing the storage key.
In one embodiment, the processor when executing the computer program further performs the steps of:
Acquiring a first encryption key, encrypting the original key based on the first encryption key, and obtaining an intermediate key;
and obtaining a second encryption key, encrypting the intermediate key based on the second encryption key to obtain the storage key, and storing the storage key.
In one embodiment, the processor when executing the computer program further performs the steps of:
Reading the storage key, decrypting the storage key and obtaining the original key;
Encrypting the original key to obtain a key ciphertext, and sending the key ciphertext to a client.
In one embodiment, the encryption key acquisition rules for encrypting the original key include:
Inquiring corresponding standby information in a preset database according to the user identification number and the item classification identification number; and generating the encryption key according to the standby information based on a preset encryption rule.
In one embodiment, the processor when executing the computer program further performs the steps of:
And setting the effective storage duration for the storage key based on a preset deadline calculation rule.
In one embodiment, the processor when executing the computer program further performs the steps of:
Detecting whether a preset trigger event exists;
and deleting the original key when a preset trigger event exists.
Example six
In this embodiment, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of:
Step 110, obtaining a user identification number and an item classification identification number;
Step 120, generating an original key according to the user identification number and the item classification identification number based on a preset original rule;
And step 130, encrypting the original key to obtain a key ciphertext, and sending the key ciphertext to the client.
In one embodiment, the computer program when executed by the processor further performs the steps of:
Encrypting the original key to obtain a storage key, and storing the storage key.
In one embodiment, the computer program when executed by the processor further performs the steps of:
Acquiring a first encryption key, encrypting the original key based on the first encryption key, and obtaining an intermediate key;
and obtaining a second encryption key, encrypting the intermediate key based on the second encryption key to obtain the storage key, and storing the storage key.
In one embodiment, the computer program when executed by the processor further performs the steps of:
Reading the storage key, decrypting the storage key and obtaining the original key;
Encrypting the original key to obtain a key ciphertext, and sending the key ciphertext to a client.
In one embodiment, the encryption key acquisition rules for encrypting the original key include:
Inquiring corresponding standby information in a preset database according to the user identification number and the item classification identification number; and generating the encryption key according to the standby information based on a preset encryption rule.
In one embodiment, the computer program when executed by the processor further performs the steps of:
And setting the effective storage duration for the storage key based on a preset deadline calculation rule.
In one embodiment, the computer program when executed by the processor further performs the steps of:
Detecting whether a preset trigger event exists;
and deleting the original key when a preset trigger event exists.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous link (SYNCHLINK) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.
Claims (10)
1. An encryption configuration method, comprising:
acquiring a user identification number and an item classification identification number;
Generating an original key according to the user identification number and the item classification identification number based on a preset original rule;
Encrypting the original key to obtain a key ciphertext, and sending the key ciphertext to a client.
2. The encryption configuration method according to claim 1, wherein after the step of generating the original key based on the user identification number and the item classification identification number based on a preset original rule, further comprising:
Encrypting the original key to obtain a storage key, and storing the storage key.
3. The encryption configuration method according to claim 2, wherein the step of encrypting the original key to obtain a storage key and storing the storage key comprises:
Acquiring a first encryption key, encrypting the original key based on the first encryption key, and obtaining an intermediate key;
and obtaining a second encryption key, encrypting the intermediate key based on the second encryption key to obtain the storage key, and storing the storage key.
4. The encryption configuration method according to claim 2, wherein the step of encrypting the original key to obtain a key ciphertext and transmitting the key ciphertext to the client comprises:
Reading the storage key, decrypting the storage key and obtaining the original key;
Encrypting the original key to obtain a key ciphertext, and sending the key ciphertext to a client.
5. The encryption configuration method according to claim 2, wherein the acquisition rule of the encryption key used for encrypting the original key includes:
Inquiring corresponding standby information in a preset database according to the user identification number and the item classification identification number; and generating the encryption key according to the standby information based on a preset encryption rule.
6. The encryption configuration method according to claim 2, characterized in that the method further comprises:
And setting the effective storage duration for the storage key based on a preset deadline calculation rule.
7. The encryption configuration method according to claim 1, characterized in that the method further comprises:
Detecting whether a preset trigger event exists;
and deleting the original key when a preset trigger event exists.
8. An encryption configuration apparatus, comprising:
And an identification acquisition module: the method comprises the steps of acquiring a user identification number and an item classification identification number;
original key module: the method comprises the steps of generating an original key according to a user identification number and an item classification identification number based on a preset original rule;
a key sending module: and the method is used for encrypting the original key to obtain a key ciphertext and sending the key ciphertext to the client.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 7 when the computer program is executed.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311868470.5A CN117955642A (en) | 2023-12-29 | 2023-12-29 | Encryption configuration method, device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311868470.5A CN117955642A (en) | 2023-12-29 | 2023-12-29 | Encryption configuration method, device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117955642A true CN117955642A (en) | 2024-04-30 |
Family
ID=90801047
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311868470.5A Pending CN117955642A (en) | 2023-12-29 | 2023-12-29 | Encryption configuration method, device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117955642A (en) |
-
2023
- 2023-12-29 CN CN202311868470.5A patent/CN117955642A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109858262B (en) | Process approval method, device and system based on block chain system and storage medium | |
| CN101510888B (en) | Method, device and system for improving data security for SaaS application | |
| US11831753B2 (en) | Secure distributed key management system | |
| CN108270739B (en) | Method and device for managing encryption information | |
| US10887085B2 (en) | System and method for controlling usage of cryptographic keys | |
| WO2020206953A1 (en) | Data processing method and system | |
| CN110311787B (en) | Authorization management method, system, device and computer readable storage medium | |
| CN112507365B (en) | Data matching method, terminal and storage medium | |
| CN106992851B (en) | TrustZone-based database file password encryption and decryption method and device and terminal equipment | |
| CN107733639B (en) | Key management method, device and readable storage medium | |
| KR101648364B1 (en) | Method for improving encryption/decryption speed by complexly applying for symmetric key encryption and asymmetric key double encryption | |
| CN114024710A (en) | Data transmission method, device, system and equipment | |
| WO2019114137A1 (en) | Password calling method, server, and storage medium | |
| CN113849847B (en) | Method, apparatus and medium for encrypting and decrypting sensitive data | |
| US11321471B2 (en) | Encrypted storage of data | |
| CN112953974B (en) | Data collision method, device, equipment and computer readable storage medium | |
| CN111917711B (en) | Data access method and device, computer equipment and storage medium | |
| CN115603907A (en) | Method, device, equipment and storage medium for encrypting storage data | |
| US20220216999A1 (en) | Blockchain system for supporting change of plain text data included in transaction | |
| CN110020533B (en) | Safety protection method for VR resources and terminal | |
| KR102391952B1 (en) | System, device or method for encryption distributed processing | |
| CN117955642A (en) | Encryption configuration method, device, computer equipment and storage medium | |
| CN112929169B (en) | Key negotiation method and system | |
| CN114553557A (en) | Key calling method, key calling device, computer equipment and storage medium | |
| CN111542050A (en) | TEE-based method for guaranteeing remote initialization safety of virtual SIM card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination |