CN118057764A - Data encryption method, device, electronic equipment and computer readable medium - Google Patents
Data encryption method, device, electronic equipment and computer readable medium Download PDFInfo
- Publication number
- CN118057764A CN118057764A CN202211450827.3A CN202211450827A CN118057764A CN 118057764 A CN118057764 A CN 118057764A CN 202211450827 A CN202211450827 A CN 202211450827A CN 118057764 A CN118057764 A CN 118057764A
- Authority
- CN
- China
- Prior art keywords
- key
- encryption
- application program
- encrypting
- electronic device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 71
- 238000004590 computer program Methods 0.000 claims description 11
- 239000002609 medium Substances 0.000 description 13
- 238000010586 diagram Methods 0.000 description 11
- 238000012545 processing Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 244000035744 Hura crepitans Species 0.000 description 1
- 101100384355 Mus musculus Ctnnbip1 gene Proteins 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The application discloses a data encryption method, a device, an electronic device and a computer readable medium, which are applied to the electronic device, wherein the method comprises the following steps: acquiring a first key corresponding to at least one application program operated by the electronic equipment, and encrypting file data in the application program based on the first key; and obtaining a second key corresponding to the application program, and encrypting the first key based on the second key to obtain a first encryption key, wherein the second key cannot be read when the electronic equipment is in a specified state. By using the first key and the second key, the embodiment of the application can not write the file data when the electronic equipment is in the appointed state, and can not access the encrypted file data stored on the electronic equipment. And the different keys for encryption are acquired based on the electronic equipment, so that the method has higher portability and stronger compatibility.
Description
Technical Field
The present application relates to the field of data technologies, and in particular, to a data encryption method, apparatus, electronic device, and computer readable medium.
Background
Currently, with the development of electronic information technology, electronic devices are capable of running a variety of different applications. Although, when the electronic device is in the specified state, the electronic device may be made incapable of reading or writing data corresponding to each application program. However, the existing method for implementing that when the electronic device is in a specified state, the data corresponding to each application program cannot be read or written is low in portability and poor in compatibility.
Disclosure of Invention
The application provides a data encryption method, a data encryption device, electronic equipment and a computer readable medium.
In a first aspect, an embodiment of the present application provides a data encryption method, applied to an electronic device, where the method includes: acquiring a first key corresponding to at least one application program operated by the electronic equipment, and encrypting file data in the application program based on the first key; and obtaining a second key corresponding to the application program, and encrypting the first key based on the second key to obtain a first encryption key, wherein the second key cannot be read when the electronic equipment is in a specified state.
In a second aspect, an embodiment of the present application further provides a data encryption apparatus, which is applied to an electronic device, where the apparatus includes: the first encryption unit is used for acquiring a first key corresponding to at least one application program operated by the electronic equipment and encrypting file data in the application program based on the first key; the second encryption unit is used for obtaining a second key corresponding to the application program, encrypting the first key based on the second key and obtaining a first encryption key, wherein the second key cannot be read when the electronic equipment is in a specified state.
In a third aspect, an embodiment of the present application further provides an electronic device, including: one or more processors; a memory; one or more computer programs, wherein the one or more computer programs are stored in the memory and configured to be executed by the one or more processors to cause the electronic device to perform the method of the first aspect described above.
In a fourth aspect, embodiments of the present application also provide a computer readable storage medium storing program code executable by a processor, the program code when executed by the processor causing the processor to perform the method of the first aspect.
The application provides a data encryption method, a device, electronic equipment and a computer readable medium, wherein the method obtains a first key corresponding to at least one application program operated by the electronic equipment, and encrypts file data in the application program based on the first key; and then obtaining a second key corresponding to the application program, and encrypting the first key based on the second key to obtain a first encryption key, wherein the second key cannot be read when the electronic equipment is in a specified state. Because the file data corresponding to the application program is encrypted based on the first key, and the first key is encrypted by the second key, the file data needs to be read and written, the first encryption key needs to be decrypted by the second key to obtain the first key, and then the encrypted file data needs to be decrypted based on the first key. The second key cannot be accessed when the electronic device is in the specified state, so that the file data cannot be read and written when the electronic device is in the specified state. Furthermore, in the embodiment provided by the application, different keys for encryption are acquired based on the electronic equipment, so that the method has higher portability and stronger compatibility.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 shows a block diagram of an electronic device according to an embodiment of the present application;
FIG. 2 shows a method flow chart of a data encryption method provided by an embodiment of the application;
FIG. 3 is a flow chart of a method for encrypting data according to another embodiment of the present application;
fig. 4 is a schematic diagram of a data encryption method according to an embodiment of the present application;
FIG. 5 is a flow chart of a method for encrypting data according to another embodiment of the present application;
FIG. 6 is a schematic diagram of a data encryption method according to another embodiment of the present application;
fig. 7 is a block diagram showing a configuration of a data encryption apparatus according to an embodiment of the present application;
FIG. 8 shows a block diagram of a computer-readable storage medium provided by an embodiment of the application;
fig. 9 shows a block diagram of a computer program product provided by an embodiment of the application.
Detailed Description
In order to make the present application better understood by those skilled in the art, the following description will clearly and completely describe the technical solutions in the embodiments of the present application with reference to the accompanying drawings, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. The components of the embodiments of the present application generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the application, as presented in the figures, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by a person skilled in the art without making any inventive effort, are intended to be within the scope of the present application.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only to distinguish the description, and are not to be construed as indicating or implying relative importance.
Currently, with the development of electronic information technology, electronic devices are capable of running a variety of different applications. Although, when the electronic device is in the specified state, the electronic device may be made incapable of reading or writing data corresponding to each application program. The specified state may include, for example, that the electronic device is in a locked state. However, the existing method for implementing that when the electronic device is in a specified state, the data corresponding to each application program cannot be read or written is low in portability and poor in compatibility. How to improve portability and compatibility of data corresponding to each application program, which cannot be read or written when the electronic device is in a specified state, is a problem to be solved.
Various application programs currently operated by the electronic equipment can generate corresponding file data and store the file data into the electronic equipment, and can also read the file data stored in the electronic equipment. If the electronic device is in the specified state, if the application programs continue to read or write without limitation, potential safety hazards may be caused. Therefore, when the electronic device is in the specified state, each application program of the electronic device can not be read or written. At present, the system of the electronic device can be customized by modifying the kernel file of the electronic device, and then the customized system is pushed to the user for system update through Over-the-air (OTA) technology.
However, the inventors found that the systems used by different manufacturers are different, so that the differences between the different manufacturers need to be considered for the customization of the systems of the electronic devices, thereby reducing the portability of the method and making the method not easy to be compatible with the electronic devices of the different manufacturers.
Referring to fig. 1, fig. 1 illustrates an electronic device 100 according to an embodiment of the application, where the electronic device 100 may include a processor 110 and a memory 120, and the processor 110 is connected to the memory 120.
For some embodiments, the electronic device 100 may be running a system program, and based on the running system program, the electronic device 100 may also be running various applications, such as a video playing application, an audio playing application, a photo application, and so on. Specifically, the system program and the data codes corresponding to the application programs may be stored in the memory 120 of the electronic device 100, and the processor 110 may execute the system program and the application programs by calling the code data stored in the memory 120. Further, each application program may read related file data from the memory 120, or may generate some file data and store the file data in the memory 120 when running.
The processor 110 may be further configured to encrypt file data stored in the electronic device, so that when the electronic device 100 is in a specified state, each application program cannot read the encrypted file data from the memory 120 or cannot write the generated file data to the memory 120. For a specific method, reference may be made to the description of the embodiments that follow.
Referring to fig. 2, fig. 2 illustrates a data encryption method according to an embodiment of the present application, where the data encryption method may be applied to the electronic device 100 illustrated in fig. 1, and specifically, the processor 110 of the electronic device 100 may be used as an execution subject. The method may include step S110 and step S120.
Step S110: acquiring a first key corresponding to at least one application program operated by the electronic equipment, and encrypting file data in the application program based on the first key
In some embodiments, the electronic device may run different applications to implement the functionality corresponding to each application. For example, the electronic device may run a video playback application to play a video file; an audio playing application may also be run to play audio files; the photographing application may also be run to photograph photo files or video files, etc. Further, when the electronic device runs each application program, interaction is generated with corresponding file data, wherein the interaction can comprise reading or writing. For example, the file data corresponding to the video playing application program may be a video file, and when the video playing application program plays the video file, the video file needs to be read, that is, reading the file data will occur at this time. For another example, when a photo is taken by the photo taking application, a photo file may be generated, and the photo file may be written as file data corresponding to the photo taking application, for example, in a memory of the electronic device. Therefore, it can be known from the above description that the file data corresponding to the application program is the data that the application program needs to read, or the data that the application program generates and needs to store in the electronic device.
Further, if the file data corresponding to each application program of the electronic device is stored in a memory of the electronic device in a plaintext form, any other application program can read and write the file data in the plaintext form, and the writing can include tampering the existing file data, so as to cause potential safety hazard. Therefore, the file data corresponding to each application program can be encrypted, and the encrypted file data can be decrypted and accessed only by holding the corresponding key, so that the security can be improved.
Therefore, the first key corresponding to the application program can be acquired, and then the file data is encrypted based on the first key, so that the file data encrypted by the first key is obtained.
For an application program of the electronic device, the encrypted file data may be decrypted as long as the first key corresponding to the file data encrypted by the first key is held. However, when the electronic device is in a specified state, the user may not wish the application program to read or write the file data. Therefore, the first key can be encrypted through the second key, and the application program can not acquire the second key when the electronic equipment is in the appointed state, so that the application program can not read or write the file data encrypted by the first key when the electronic equipment is in the appointed state. The relevant description may refer to the subsequent steps.
In some implementations, for each application, a corresponding first key may be obtained. For example, for the application A1, the first key B1 may be acquired; for application A2, the first key B2 may be obtained. Wherein the first key may be a randomly generated key.
For other embodiments, a corresponding first key may also be obtained for each file data in the application. For example, if the application A1 corresponds to the file data a11, the file data a12, and the file data a13, the application A1 can acquire the first key B11 corresponding to the file data a11, the first key B12 corresponding to the file data a12, and the first key B13 corresponding to the file data a 13.
The first key may be generated by a keystore system (Keystore) in the electronic device, for example. Specifically, an application program interface (App l icat ion Program I NTERFACE, API) corresponding to the key system library may be invoked, through which the application program interface API may be in communication with the key system library, thereby generating a first key based on the key system library.
In some embodiments, the first key may be an Advanced Encryption Standard (AES) key, where the AES key is a symmetric encryption key, that is, a key used to encrypt the file data and a key used to decrypt the encrypted file data are the same key. The AES key of the advanced encryption standard may include 128, 192, or 256 bits, and the user may flexibly select the AES key according to need, which is not limited by the present application.
Thus, for one example, the first key type may be set to 256 bits of advanced encryption standard AES key when the key system library is invoked, and then invoking the key system library generates a random first key. Since the first keys are randomly generated, even if the advanced encryption standard AES keys of 256 bits are set for each application, the obtained first keys corresponding to the respective applications are not the same. Thereby further improving the file data security.
Step S120: and obtaining a second key corresponding to the application program, and encrypting the first key based on the second key to obtain a first encryption key, wherein the second key cannot be read when the electronic equipment is in a specified state.
In some embodiments, the application program may decrypt the file data encrypted by the first key, so as to read the decrypted file data, and may encrypt the first key corresponding to the generated new file data, so as to implement writing. When the electronic equipment is in a specified state, in order to enable the application program to not decrypt the file data encrypted by the first key through the first key, the first key can be encrypted through the second key to obtain the first encryption key, and the second key cannot be acquired when the electronic equipment is in the specified state, so that the application program cannot acquire the first key when the electronic equipment is in the specified state, and therefore the file data encrypted by the first key cannot be decrypted, and the file data cannot be read. Further, since the second key cannot be obtained, the first key corresponding to the generated new file data cannot be encrypted, and writing cannot be performed.
In the embodiment provided by the application, the electronic equipment is in the appointed state and can be in the screen locking state. When the electronic device is in the screen locking state, the attention of the user is generally not in the electronic device, and at this time, if an application program of the electronic device reads or writes file data, potential safety hazards may be caused.
The method for obtaining the second key corresponding to the application program may be similar to the method for generating the first key based on the keystore system in the previous step, or may generate the second key based on the keystore system. Further, the second key cannot be read when the electronic device is in the specified state due to the requirement. Thus, when generating the second key based on the keystore system, parameters of the second key may also be configured. For example, it may be characterized by setting the value of the flag bit, whether the second key may be read while the electronic device is in a specified state. For example, if the value of the flag bit is set to 0, the second key can be accessed when the electronic device is in the specified state; the flag bit may be set to be other than 0, e.g., 1, indicating that the second key cannot be accessed while the electronic device is in the specified state. Wherein, for some embodiments, the specified state may be a lock screen state. The flag bit may be "setUn lockedDeviceRequ i red", and setting the flag bit "setUn lockedDeviceRequ i red =1" may characterize that the second key cannot be accessed when the electronic device is in the specified state.
Further, since the first key and the second key may be generated by a key system library, the key system library is generally integrated in electronic devices of different manufacturers. Therefore, even for electronic equipment of different manufacturers, the first secret key and the second secret key can be generated based on the secret key system library, so that the method has better compatibility and portability in the electronic equipment of different manufacturers.
In some embodiments, if an application corresponds to a first key, the first key may be encrypted based on a second key corresponding to the application to obtain a first encryption key. In other embodiments, if an application program corresponds to a plurality of first keys, the plurality of first keys may be encrypted based on a second key corresponding to the application program to obtain the first encryption key. Thus, in the embodiment provided by the application, the first encryption key may be encrypted data obtained by encrypting some data by the second key, where some data may be other encryption keys, for example, the first key.
In this case, since the first key is similar to the file data and is also composed of bits, the first key can be approximately regarded as one type of file data, and thus the first key is encrypted by the second key similarly to the file data is encrypted by the first key.
The second key may also be an advanced encryption standard AES key, similar to the first key in the previous steps, corresponding to some embodiments.
In other embodiments, before the first key is encrypted by the second key, the third key may be further obtained, the first key is encrypted by the third key, and then the third key is encrypted by the second key, so that when the third key is an asymmetric key, it is possible to implement that when the electronic device is in a specified state, file data encrypted by the first key cannot be read, and file data newly generated by the application program can be written. For a specific description, reference may be made to the following examples.
The data encryption method provided by the application comprises the steps of firstly obtaining a first key corresponding to at least one application program operated by the electronic equipment, and encrypting file data in the application program based on the first key; and then obtaining a second key corresponding to the application program, and encrypting the first key based on the second key to obtain a first encryption key, wherein the second key cannot be read when the electronic equipment is in a specified state. Because the file data corresponding to the application program is encrypted based on the first key, and the first key is encrypted by the second key, the file data needs to be read and written, the first encryption key needs to be decrypted by the second key to obtain the first key, and then the encrypted file data needs to be decrypted based on the first key. The second key cannot be accessed when the electronic device is in the specified state, so that the file data cannot be read and written when the electronic device is in the specified state. Furthermore, in the embodiment provided by the application, different keys for encryption are acquired based on the electronic equipment, so that the method has higher portability and stronger compatibility.
Referring to fig. 3, fig. 3 illustrates a data encryption method according to an embodiment of the present application, where the data encryption method may be applied to the electronic device 100 illustrated in fig. 1, and specifically, the processor 110 of the electronic device 100 may be used as an execution subject. The method may include steps S210 to S230.
Step S210: and acquiring a first key corresponding to at least one application program operated by the electronic equipment, and encrypting file data in the application program based on the first key.
The step S210 is described in detail in the foregoing embodiments, and the details of step S110 may be referred to herein, which is not repeated here.
Step S220: and acquiring a third key corresponding to the application program, and encrypting the first key based on the third key to obtain a second encryption key.
Step S230: and acquiring a second key corresponding to the application program, and encrypting the third key based on the second key to obtain the first encryption key.
For some embodiments, before the first key is encrypted by the second key, a third key may be further obtained, the first key is encrypted by the third key to obtain a second encryption key, and then the third key is encrypted by the second key to obtain the first encryption key. The method for obtaining the third key corresponding to the application program may be similar to the method for generating the first key based on the keystore system in the previous step, or may generate the third key based on the keystore system.
In the embodiment provided by the application, the second encryption key may be encrypted data obtained by encrypting some data through the third key, where some data may be other keys, for example, the first key.
Thus, if the file data needs to be read, since the file data is encrypted by the first key, the first key needs to be acquired to decrypt the file data encrypted by the first key. Since the second secret key is obtained by encrypting the first key with the third key, the second secret key needs to be decrypted by the third key in order to obtain the first key. Further, the third key is encrypted by the second key to obtain the first encryption key, so in order to obtain the third key, the first encryption key needs to be decrypted by the second key.
It can be seen from the foregoing that the second key cannot be read when the electronic device is in the specified state. Therefore, if the electronic device is in a non-designated state, the second key can be acquired, so that the file data encrypted by the first key can be decrypted based on the analysis, and the file data can be read or written. If the electronic device is in the specified state, the second key cannot be read, the file data encrypted by the first key cannot be decrypted, the file data cannot be read, the first key corresponding to the generated new file data cannot be encrypted, and writing cannot be realized.
In other embodiments, the third key may comprise a symmetric encryption key. Wherein the symmetric encryption key is the same as the encryption key used to encrypt the data and the decryption key needed to decrypt the data encrypted by the encryption key.
Thus, when step S220 is performed, step S221 may be further included: and acquiring the symmetric encryption key corresponding to the application program, and encrypting the first key based on the symmetric encryption key to obtain a second encryption key.
Therefore, when the third key is a symmetric key, since the second encryption key is obtained by encrypting the third key by the first key, decrypting the second encryption key requires the third key. In order to write the generated new file data into the electronic device, the first key corresponding to the new file data needs to be encrypted by the third key, and in this case, the second encryption key also needs to be decrypted by the third key. When the electronic device is in a specified state, the second key cannot be acquired, and thus the third key cannot be acquired, so that when the third key is a symmetric key, the file data cannot be read, and new file data cannot be written.
The third key, which is a symmetric encryption key, may be an advanced encryption standard AES key. Specifically, similar to the first encryption key, a detailed description thereof will be omitted.
In still other embodiments, the third key may further comprise an asymmetric encryption key. Wherein the asymmetric encryption key is different from the encryption key used to encrypt the data and the decryption key required to decrypt the data encrypted by the encryption key, and the decryption key in the third key is encrypted by the second key. Thus, by the third key being an asymmetric encryption key, it is possible to realize that encrypted file data cannot be read when the electronic device is in a specified state, but new file data generated can be encrypted, thereby realizing writing. In particular, reference may be made to the description of the embodiments that follow.
Referring to fig. 4, fig. 4 is a schematic diagram illustrating a data encryption method according to an embodiment of the present application. Specifically, fig. 4 includes a first encryption layer 401, a second encryption layer 402, a third encryption layer 403, and a data layer 404. The first key 4031 may be included in the third encryption layer 403 so that the file data 4041 included in the data layer 404 is encrypted by the first key. Further, the second encryption layer 402 includes a third key 4021, and the first key 4031 may be encrypted by the third key 4021. The first encryption layer 401 includes a second key 4011, and the second key 4011 encrypts the third key 4021 in the second encryption layer 402, where the second key 4011 in the first encryption layer 401 cannot be read when the electronic device is in a specified state.
Illustratively, the first encryption layer 401 may be identified by "master_kek_rp" and the second key layer 402 may be identified by "kek_sdp_rp"; the third encryption layer 403 may be identified by "DEK FP".
The data encryption method provided by the application comprises the steps of firstly obtaining a first key corresponding to at least one application program operated by the electronic equipment, and encrypting file data in the application program based on the first key; then a third key corresponding to the application program is obtained, and the first key is encrypted based on the third key to obtain a second encryption key; and obtaining a second key corresponding to the application program, and encrypting the third key based on the second key to obtain the first encryption key. The first key is encrypted based on the file data corresponding to the application program, the first key is encrypted by the third key, and the third key is encrypted by the second key, so that the file data needs to be read, the first encryption key needs to be decrypted through the second key to obtain the third key, the second encryption key needs to be decrypted through the third key to obtain the first key, the encrypted file data is decrypted based on the first key, and the second key cannot be accessed when the electronic equipment is in a specified state, so that the file data cannot be read when the electronic equipment is in the specified state, and the security of the file data is improved through multi-layer encryption. Furthermore, in the embodiment provided by the application, different keys for encryption are acquired based on the electronic equipment, so that the method has higher portability and stronger compatibility.
Referring to fig. 5, fig. 5 illustrates a data encryption method according to an embodiment of the present application, where the data encryption method may be applied to the electronic device 100 illustrated in fig. 1, and specifically, the processor 110 of the electronic device 100 may be used as an execution subject. The method may include steps S310 to S330.
Step S310: and acquiring a first key corresponding to at least one application program operated by the electronic equipment, and encrypting file data in the application program based on the first key.
The step S310 is described in detail in the foregoing embodiments, and the details of step S110 may be referred to herein, which is not repeated here.
Step S320: acquiring the first partial key corresponding to the application program, encrypting the first key based on the first partial key to obtain the second encryption key
Step S330: acquiring the first partial key corresponding to the application program, and encrypting the first key based on the first partial key to obtain a second encryption key
For some embodiments, the third key may comprise an asymmetric encryption key, and as will be appreciated from the description of the foregoing embodiments, the encryption key and the decryption key in asymmetric encryption are not identical. Thus, the asymmetric encryption key may comprise a first partial key by which said first key is encrypted to obtain a second encryption key.
Further, the asymmetric encryption key may further include a second partial key, and the second partial key is encrypted by the second key to obtain the first encryption key.
Wherein the first partial key is stored unencrypted, i.e. the first partial key is not encrypted by other keys, e.g. by the second key. And the second partial key is used to decrypt the data encrypted by the first partial key.
Wherein the file data is encrypted by the first key, and the second encryption key is obtained by encrypting the first key by the first partial key in the third key. However, since the third key is an asymmetric encryption key, in order to decrypt the second encryption key, it is necessary to acquire the second partial key in the third key. The second partial key is encrypted by the second key, and the second key cannot be read when the electronic device is in a specified state. Therefore, when the electronic device is in the specified state, the second key cannot be acquired, and further the file data cannot be acquired.
Further, the first partial key of the third key may be stored in plaintext, for example in the respective application sandbox. The first partial key is used for encrypting the first key, so that after the application program generates new file data, the first key corresponding to the new file data is generated, and the first partial key in the third key stored in a plaintext manner can encrypt the first key corresponding to the new file data, so that the new file data can be stored in the electronic device, namely, writing is realized.
In some embodiments, the third key may be an RSA key. Similar to the method of advanced encryption standard AES key, when the third key is generated by the keystore system, the RSA key type may be set so that the first partial key and the second partial key of the third key may be acquired. Since the second partial key is used to decrypt the data encrypted by the first partial key, the first partial key may be a public key and the second partial key may be a private key for the case where the third key is of the RSA key type.
In other embodiments, the third key may also be an elliptic encryption algorithm (E l l ipt ic curve cryptography, ECC) key. The elliptic encryption algorithm ECC key may also include a public key and a private key, and the first partial key may be a public key of the elliptic encryption algorithm ECC key and the second partial key may be a private key of the elliptic encryption algorithm ECC key.
Referring to fig. 6, fig. 6 is a schematic diagram illustrating a data encryption method according to an embodiment of the application. Specifically, fig. 6 includes a first encryption layer 601, a second encryption layer 602, a third encryption layer 603, and a data layer 604. The third encryption layer 603 may include therein a first key 6031 so that file data 6041 included in the data layer 604 is encrypted by the first key 6031. Further, the second encryption layer 602 includes a third key 6021, where the third key 6021 includes a first partial key 6022 and a second partial key 6023, and the first key 6031 may be encrypted by the first partial key 6022. The first encryption layer 601 includes a second key 6011, and the second encryption layer 602 encrypts a second partial key 6023 by using the second key 6011, where the second key 6011 in the first encryption layer 601 cannot be read when the electronic device is in a specified state.
The data encryption method provided by the application comprises the steps of firstly obtaining a first key corresponding to at least one application program operated by the electronic equipment, and encrypting file data in the application program based on the first key; then, the first partial key corresponding to the application program is obtained, and the first key is encrypted based on the first partial key to obtain a second encryption key; and obtaining a second key corresponding to the application program, and encrypting the second partial key based on the second key to obtain a first encryption key. Wherein the third key comprises a first partial key and a second partial key, the first partial key being stored unencrypted and the second partial key being used to decrypt data encrypted by the first partial key. Wherein the second partial key is encrypted by the second key, and the second key cannot be read when the electronic device is in the specified state. Therefore, when the electronic device is in the specified state, the second key cannot be acquired, and further the file data cannot be acquired. Further, the first partial key of the third key is used for encrypting the first key, so after the application program generates the new file data, the first key corresponding to the new file data is generated, and the first partial key of the third key stored in a plaintext manner can encrypt the first key corresponding to the new file data, so that the new file data can be stored in the electronic device, i.e. writing is realized. Furthermore, in the embodiment provided by the application, different keys for encryption are acquired based on the electronic equipment, so that the method has higher portability and stronger compatibility.
Referring to fig. 7, a block diagram of a data encryption device 700 according to an embodiment of the present application is shown, including: a first encryption unit 710 and a second encryption unit 720.
The first encryption unit 710 is configured to obtain a first key corresponding to at least one application running on the electronic device, and encrypt file data in the application based on the first key. Wherein,
The second encryption unit 720 is configured to obtain a second key corresponding to the application program, and encrypt the first key based on the second key to obtain a first encryption key, where the second key cannot be read when the electronic device is in a specified state.
Further, the second encryption unit 720 is further configured to obtain a third key corresponding to the application program, and encrypt the first key based on the third key to obtain a second encryption key; and acquiring a second key corresponding to the application program, and encrypting the third key based on the second key to obtain the first encryption key. Wherein the first key, the second key, and the third key are all generated based on a keystore system. The specified state includes a lock screen state.
Further, the second encryption unit 720 is further configured to obtain the first partial key corresponding to the application program, and encrypt the first key based on the first partial key to obtain a second encryption key.
Further, the second encryption unit 720 is further configured to obtain a second key corresponding to the application program, and encrypt the second partial key based on the second key to obtain a first encryption key.
Further, the second encryption unit 720 is further configured to obtain the symmetric encryption key corresponding to the application program, and encrypt the first key based on the symmetric encryption key to obtain a second encryption key.
It will be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the above-described apparatus and unit may refer to the corresponding process in the foregoing method embodiment, which is not repeated herein.
In several embodiments provided by the present application, the coupling of the elements to each other may be electrical, mechanical, or other.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
With continued reference to fig. 1, the electronic device 100 may be a smart phone, a tablet computer, or other electronic device capable of running a computer program. The electronic device 100 of the present application may include one or more of the following components: processor 110 and memory 120, and one or more application programs, wherein processor 110 is electrically coupled to memory 110, the one or more program(s) are configured to perform the methods as described in the foregoing method embodiments.
Processor 110 may include one or more processing cores. The processor 110 utilizes various interfaces and lines to connect various portions of the overall electronic device 100, perform various functions of the electronic device 100, and process data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 120, and invoking data stored in the memory 120. Alternatively, the processor 110 may be implemented in at least one hardware form of digital signal processing (DIGITA L SIGNA L processing, DSP), field programmable gate array (Fie ld-Programmab LE GATE ARRAY, FPGA), programmable logic array (Programmab le Logic Array, PLA). The processor 10 may integrate one or a combination of several of a central processing unit (Centra l Process ing Un it, CPU), an image processor (Graph ics Process ing Un it, GPU), and a modem, etc. Wherein, the CPU mainly processes an operating system, a user interface, a computer program and the like; the GPU is used for being responsible for rendering and drawing of display content; the modem is used to handle wireless communications. It will be appreciated that the modem may not be integrated into the processor 110 and may be implemented solely by a single communication chip. The method as described in the previous embodiments may be performed in particular by one or more processors 110.
For some embodiments, memory 120 may include random access Memory (Random Access Memory, RAM) or Read-only Memory (ROM). Memory 120 may be used to store instructions, programs, code, sets of codes, or sets of instructions. The memory 120 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for implementing at least one function, instructions for implementing various method embodiments described below, and the like. The storage data area may also store data created by the electronic device 100 in use, and the like.
Referring to fig. 8, a block diagram of a computer readable storage medium according to an embodiment of the present application is shown. The computer readable medium 800 has stored therein program code which can be invoked by a processor to perform the methods described in the method embodiments described above.
The computer readable storage medium 800 may be an electronic memory such as a flash memory, an EEPROM (electrically erasable programmable read only memory), an EPROM, a hard disk, or a ROM. Optionally, the computer readable storage medium 800 comprises a non-volatile computer readable medium (non-trans itory computer-readab le storage med ium). The computer readable storage medium 800 has storage space for program code 810 that performs any of the method steps described above. The program code can be read from or written to one or more computer program products. Program code 810 may be compressed, for example, in a suitable form.
Referring to FIG. 9, a block diagram 900 of a computer program product according to an embodiment of the present application is shown. Included in the computer program product 900 are computer programs/instructions 910 which when executed by a processor implement the steps of the method described above.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and are not limiting; although the application has been described in detail with reference to the foregoing embodiments, it will be appreciated by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not drive the essence of the corresponding technical solutions to depart from the spirit and scope of the technical solutions of the embodiments of the present application.
Claims (10)
1. A data encryption method, applied to an electronic device, comprising:
Acquiring a first key corresponding to at least one application program operated by the electronic equipment, and encrypting file data in the application program based on the first key;
And obtaining a second key corresponding to the application program, and encrypting the first key based on the second key to obtain a first encryption key, wherein the second key cannot be read when the electronic equipment is in a specified state.
2. The method of claim 1, wherein the obtaining the second key corresponding to the application program, and encrypting the first key based on the second key, to obtain a first encryption key, where the second key cannot be read when the electronic device is in a specified state, includes:
acquiring a third key corresponding to the application program, and encrypting the first key based on the third key to obtain a second encryption key;
And acquiring a second key corresponding to the application program, and encrypting the third key based on the second key to obtain the first encryption key.
3. The method of claim 2, wherein the third key comprises an asymmetric encryption key, the asymmetric encryption key comprises a first partial key, the first partial key is stored in an unencrypted manner, the obtaining the third key corresponding to the application program, and encrypting the first key based on the third key to obtain a second encryption key, including:
and acquiring the first partial key corresponding to the application program, and encrypting the first key based on the first partial key to obtain a second encryption key.
4. The method of claim 3, wherein the asymmetric encryption key further comprises a second partial key, the second partial key is used for decrypting data encrypted by the first partial key, the obtaining a second key corresponding to the application program, and encrypting the third key based on the second key, to obtain the first encryption key, and the method comprises:
and acquiring a second key corresponding to the application program, and encrypting the second partial key based on the second key to obtain a first encryption key.
5. The method according to claim 2, wherein the third key includes a symmetric encryption key, the obtaining a third key corresponding to the application program, and encrypting the first key based on the third key, to obtain a second encryption key, includes:
and acquiring the symmetric encryption key corresponding to the application program, and encrypting the first key based on the symmetric encryption key to obtain a second encryption key.
6. The method of claim 2, wherein the first key, the second key, and the third key are each generated based on a keystore system (Keystore).
7. The method of claim 1, wherein the specified state comprises a lock screen state.
8. A data encryption apparatus, characterized by being applied to an electronic device, comprising:
The first encryption unit is used for acquiring a first key corresponding to at least one application program operated by the electronic equipment and encrypting file data in the application program based on the first key;
the second encryption unit is used for obtaining a second key corresponding to the application program, encrypting the first key based on the second key and obtaining a first encryption key, wherein the second key cannot be read when the electronic equipment is in a specified state.
9. An electronic device, comprising:
one or more processors;
a memory;
One or more computer programs, wherein the one or more computer programs are stored in the memory and configured to be executed by the one or more processors to cause the electronic device to perform the method of any of claims 1-7.
10. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a program code, which is callable by a processor for executing the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211450827.3A CN118057764A (en) | 2022-11-18 | 2022-11-18 | Data encryption method, device, electronic equipment and computer readable medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211450827.3A CN118057764A (en) | 2022-11-18 | 2022-11-18 | Data encryption method, device, electronic equipment and computer readable medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118057764A true CN118057764A (en) | 2024-05-21 |
Family
ID=91068909
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211450827.3A Pending CN118057764A (en) | 2022-11-18 | 2022-11-18 | Data encryption method, device, electronic equipment and computer readable medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118057764A (en) |
-
2022
- 2022-11-18 CN CN202211450827.3A patent/CN118057764A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108932297B (en) | Data query method, data sharing method, device and equipment | |
| CN108599930B (en) | Firmware encryption and decryption system and method | |
| CN107078904B (en) | Hybrid cryptographic key derivation | |
| CN109583189A (en) | Firmware method for secure loading, device, computer equipment and storage medium | |
| CN110661748B (en) | Log encryption method, log decryption method and log encryption device | |
| JP5645725B2 (en) | Data processing apparatus, data processing system, and control method therefor | |
| CN108830096B (en) | Data processing method and device, electronic equipment and storage medium | |
| JP4758904B2 (en) | Confidential information processing method | |
| CN111385084A (en) | Key management method and device for digital assets and computer readable storage medium | |
| US10103884B2 (en) | Information processing device and information processing method | |
| WO2020228366A1 (en) | Picture processing method and apparatus based on block chain | |
| US20160182952A1 (en) | Protected Media Decoding System Supporting Metadata | |
| US9292708B2 (en) | Protection of interpreted source code in virtual appliances | |
| KR101310232B1 (en) | Method for sharing bus key and apparatus therefor | |
| US8607068B2 (en) | Method of storing data in a memory device and a processing device for processing such data | |
| CN113127844A (en) | Variable access method, device, system, equipment and medium | |
| CN118057764A (en) | Data encryption method, device, electronic equipment and computer readable medium | |
| WO2019184741A1 (en) | Application program information storing method and apparatus, and application program information processing method and apparatus | |
| CN107463808B (en) | Method for calling functional module integrated in operating system | |
| CN113886850A (en) | Information encryption method, decryption method, device, electronic equipment and storage medium | |
| CN110516468B (en) | Method and device for encrypting memory snapshot of virtual machine | |
| CN112596797A (en) | BIOS setting method, device, system, equipment and storage medium | |
| JP2002290395A (en) | Information terminal | |
| US10630470B2 (en) | Zone based key version encoding | |
| TW201642621A (en) | Key protecting device and key protecting method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination |