CN1741443A - Key transplanting method based on safety environment - Google Patents
Key transplanting method based on safety environment Download PDFInfo
- Publication number
- CN1741443A CN1741443A CN 200510036220 CN200510036220A CN1741443A CN 1741443 A CN1741443 A CN 1741443A CN 200510036220 CN200510036220 CN 200510036220 CN 200510036220 A CN200510036220 A CN 200510036220A CN 1741443 A CN1741443 A CN 1741443A
- Authority
- CN
- China
- Prior art keywords
- key
- private key
- oaep
- result
- transplanting method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
A method of cipher key desired to implant to be above two portions and utilizing different mode to encipher them . combining and restoring them to be private key of cipher key after private key portion is deciphered by utilizing applied different enciphering mode at implantation receiving end .
Description
Technical field
The invention belongs to computer safety field, relate to a kind of safe and reliable key transplanting method particularly based on security context.
Background technology
In the prior art, described security context is that all cipher key operation in this environment comprise that encryption and decryption are safe, specifically it is safe having two aspects at least: when carrying out secret key encryption and decryption oprerations, can guarantee that the private key part of key can not leaked; Can guarantee that the private data that is comprised in the object of encryption and decryption operation can not leaked.
In computer safety field the inside, for the transmission and the storage of the safety that guarantees key, adopted the safety of many methods protection keys, for example the private key of key is partly encrypted, be exactly wherein a kind of most important method.But, sometimes need in the computer application key shift is used down to the strange land security context.
In general, the PKI of a key partly is disclosed, and private key partly is need to be keep secret, and so, the private key with key partly shifts and need be perfectly safe usually.
Usually can adopt a kind of method in the prior art: use strange land security context user's PKI will need the private key of the key that shifts partly to encrypt; private key after encrypted sends to the strange land with this then, uses private key to decipher this encrypted private key by the user of strange land security context.Though this method is fairly simple, lower aspect security reliability, require than higher application for security reliability, this method also is not suitable for; Especially when the user's of strange land security context private key had leaked accidentally, the private key that needs so to shift just might be seized by force by the go-between, was untied, and the private key that so needs to shift has just been leaked, and its consequence is hardly imaginable.Therefore, need the higher method of a kind of security reliability of design.
Summary of the invention
The purpose of this invention is to provide a kind of key transplanting method,, propose a kind of more reliable and secure key transplanting method at the defective of tradition based on the key transplanting method of security context based on security context.
In order to reach above purpose, the technical solution adopted in the present invention is:
A kind of key transplanting method based on security context, it may further comprise the steps:
A), will need the private key of the key transplanted partly to be divided into plural part, adopt different cipher modes to encrypt;
B), partly be decrypted the back and merge the private key part be reduced to key accepting the private key of graft end at this difference cipher mode.
Described key transplanting method, wherein, described step a) also comprises:
A1), with each several part private key part respectively through sending to the described graft end of accepting behind at least OAEP coding.
Described key transplanting method, wherein, described step a) also comprises:
A2), result and the random number of each private key part behind the OAEP coding carried out xor operation, send to afterwards and accept graft end.
Described key transplanting method, wherein, the concrete steps of described method also comprise:
A11), will need the private key part separated into two parts of the key that shifts to be designated as K1 and K2, K1 is the length of private key and preceding 16 bytes of private key, K2 is made as the remainder of private key;
B11), create a key translation data bag, be designated as M1, it comprises length, K2 private key part and other relevant key information of K2;
C11), result that described key translation data bag is carried out behind the OAEP coding is made as O1, the input parameter of described OAEP coding is:
Be M1 expressly,
PHash is the cryptographic Hash of the possessory password of this key,
Seed is K1;
D11), create a random number, be made as R1, and carry out XOR with O1 and obtain X1 as a result;
E11), use strange land security context user's public key encryption X1, portable E1 as a result to the end;
F11), E1 and described random number R 1 are passed to described strange land user as a result with described portable.
Described key transplanting method, wherein, described strange land user also takes following steps:
A12) described strange land user uses the private key of oneself to decipher described portable E1 as a result, and then with described random number R 1 XOR, reduction obtains O1;
B12) decoding obtains plaintext M 1, seed (K1), pHash through OAEP to O1;
C12) K2 among preceding 16 bytes of the private key of K1 and the described M1 being combined is exactly the private key part that needs the key that shifts.
Described key transplanting method, wherein, the length of described key is 1024,2048, or higher figure place.
Described key transplanting method, wherein, described data also add the checking procedure to the transmission data in transmission.
A kind of key transplanting method based on security context provided by the present invention because its key that will need to shift is divided into two parts, and is hidden in a different manner, increased and has cracked difficulty, very difficultly can access a complete private key; Secondly, the each several part private key is encoded through an OAEP, expect that the private key part of key must crack the OAEP coding, has increased and has cracked difficulty; The third aspect, the result and a random number of described OAEP coding are carried out XOR, have increased once more and have cracked difficulty, make the transplanting of key become reliable more and safety by adopting above-mentioned a series of processing.
Description of drawings
Fig. 1 is the inventive method encryption flow under the local security environment;
Fig. 2 is the deciphering flow process of the inventive method after encryption key is transferred to the strange land security context.
Embodiment
Below, will describe each preferred embodiment of the present invention in detail.
A kind of key transplanting method based on security context of the present invention is mainly used in computer safety field, comprises following step in the present embodiment when the needs key transplanting:
(1) at first, the private key of the key that needs are shifted partly is divided into two: be designated as K1 and K2, K1 comprises the length (four bytes) of private key and preceding 16 bytes of private key, and K2 is the remainder (except preceding 16 bytes) of private key;
(2) create a key translation data bag M1 then, comprised the length of K2 among the M1, the key information that K2 key part is relevant with other; Here the form of M1 packet can be customized voluntarily by the user, and other relevant key informations are also customized according to the actual requirements voluntarily by the user;
(3) create one by the O1 as a result that described key translation data bag M1 is carried out after OAEP encodes, O1 is the value of one 198 byte length; The input parameter of OAEP coding can be with reference to as follows:
Expressly=M1,
The cryptographic Hash of the possessory password of this key of pHash=,
Seed=K1; According to the OAEP encryption algorithm, with reference to " PCKS#1v2.0:RSACryptography Standard " 9.1.1 joint, when using the OAEP coding, need do following adjustment to some steps: " Let pHash=Hash (P); an octet string of lengthhLen. ", wherein pHash sets the cryptographic Hash that shifts key owner password in the mode of input parameter; In " Generate a random octet string seed of length hLen. ", Seed sets K1 in the mode of input parameter; The form of original like this OAEP input parameter (M, P emLen) be transformed into (M, pHash, Seed, emLen).Wherein emLen is the length of coding back desired output, omits this input parameter in patent, and this parameter should be appointed as 198.
(4) create a random number R 1, this random number R 1 can be the length random number that is 198 bytes;
(5) create XOR X1 as a result, X1=R1 XOR O1;
(6) this XOR of public key encryption that uses strange land security context user X1 as a result obtains portable E1 as a result;
(7) E1 and described random number R 1 are passed to described strange land user as a result with described portable;
(8) described strange land user use oneself corresponding private key can to described portable as a result E1 be decrypted, obtain decrypted result D1, because RSA cryptographic algorithms, the corresponding PKI and the private key of encryption and decryption are different, are a kind of asymmetrical encryption algorithm therefore;
(9) with decrypted result D1 and described random number R 1 XOR, the reducible O1 as a result that obtains after OAEP encodes;
(10) decoding obtains M1, seed (K1), pHash to the O1 as a result behind this OAEP coding through OAEP again;
(11) K2 among preceding 16 bytes of the private key of K1 and the M1 partly being combined is exactly the private key part that needs the key that shifts.
Further, in the inventive method in order to make the present invention have better effect, preferably 1024 of the length of the key of RSA Algorithm, 2048, or higher figure place.Do not lose in transmission for the assurance data, add that preferably the method for data check has a variety of in the prior art, does not repeat them here to the verification of transmission data.
Effect of the present invention just is, the first, and the key that needs are shifted is divided into two Partial K 1 and K2, and K1, and K2 is hidden by different way, has increased to crack difficulty, very difficultly can access a complete private key; The second, M1 and K1 encode through an OAEP, expect that the private key part of key must crack the OAEP coding, have increased and have cracked difficulty; The 3rd, the result and random number R 1 XOR of OAEP coding have increased once more and have cracked difficulty.Make key transplanting become reliable more and safety by this a series of processing.
But should be understood that above-mentioned description at specific embodiment of the present invention is comparatively concrete, can not therefore think the restriction of scope of patent protection of the present invention, scope of patent protection of the present invention should be as the criterion with claims.
Claims (7)
1, a kind of key transplanting method based on security context, it may further comprise the steps:
A), will need the private key of the key transplanted partly to be divided into plural part, adopt different cipher modes to encrypt;
B), partly be decrypted the back and merge the private key part be reduced to key accepting the private key of graft end at this difference cipher mode.
2, key transplanting method according to claim 1 is characterized in that, described step a)
Also comprise:
A1), with each several part private key part respectively through sending to the described graft end of accepting behind at least OAEP coding.
3, key transplanting method according to claim 2 is characterized in that, described step a)
Also comprise:
A2), result and the random number of each private key part behind the OAEP coding carried out xor operation, send to afterwards and accept graft end.
4, key transplanting method according to claim 3 is characterized in that, the concrete steps of described method also comprise:
A11), will need the private key part separated into two parts of the key that shifts to be designated as K1 and K2, K1 is the length of private key and preceding 16 bytes of private key, K2 is made as the remainder of private key;
B11), create a key translation data bag, be designated as M1, it comprises length, the K2 private key part of K2;
C11), result that described key translation data bag is carried out behind the OAEP coding is made as 01, the input parameter of described OAEP coding is:
Be M1 expressly,
PHash is the cryptographic Hash of the possessory password of this key,
Seed is K1;
D11), create a random number, be made as R1, and with 01 carry out XOR and obtain X1 as a result;
E11), use strange land security context user's public key encryption X1, portable E1 as a result to the end;
F11), E1 and described random number R 1 are passed to described strange land user as a result with described portable.
5, key transplanting method according to claim 4 is characterized in that, described strange land user also takes following steps:
A12) described strange land user uses the private key of oneself to decipher described portable E1 as a result, and then with described random number R 1 XOR, reduction obtains 01;
B12) decoding obtains plaintext M 1, seed (K1), pHash through OAEP to 01;
C12) K2 among preceding 16 bytes of the private key of K1 and the described M1 being combined is exactly the private key part that needs the key that shifts.
6, according to any described key transplanting method of claim of claim 1~5, it is characterized in that the length of described key is 1024,2048, or higher figure place.
7, key transplanting method according to claim 6 is characterized in that, described data also add the checking procedure to the transmission data in transmission.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100362200A CN100531027C (en) | 2005-07-28 | 2005-07-28 | Key transplanting method based on safety environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100362200A CN100531027C (en) | 2005-07-28 | 2005-07-28 | Key transplanting method based on safety environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1741443A true CN1741443A (en) | 2006-03-01 |
| CN100531027C CN100531027C (en) | 2009-08-19 |
Family
ID=36093670
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005100362200A Active CN100531027C (en) | 2005-07-28 | 2005-07-28 | Key transplanting method based on safety environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100531027C (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102306418A (en) * | 2007-11-28 | 2012-01-04 | 冲电气工业株式会社 | Method and apparatus for determining check value |
| CN104052592A (en) * | 2011-07-21 | 2014-09-17 | 华为技术有限公司 | Secret key backup and transfer method and system based on trusted computing |
| CN104135371A (en) * | 2014-08-18 | 2014-11-05 | 杭州华三通信技术有限公司 | Password saving method and device |
| CN105960775A (en) * | 2014-03-03 | 2016-09-21 | 英特尔公司 | Pneumatic ore charging |
| CN107451490A (en) * | 2017-07-21 | 2017-12-08 | 广州大学 | Safety certifying method, device, system and storage medium based on TrustZone |
| CN108537537A (en) * | 2018-04-16 | 2018-09-14 | 杭州网看科技有限公司 | A kind of safe and reliable digital cash Wallet System |
| CN109067517A (en) * | 2018-06-22 | 2018-12-21 | 成都卫士通信息产业股份有限公司 | Encryption, the communication means for decrypting device, encryption and decryption method and secrete key |
| CN109981576A (en) * | 2019-02-22 | 2019-07-05 | 矩阵元技术(深圳)有限公司 | Key migration method and apparatus |
-
2005
- 2005-07-28 CN CNB2005100362200A patent/CN100531027C/en active Active
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102306418A (en) * | 2007-11-28 | 2012-01-04 | 冲电气工业株式会社 | Method and apparatus for determining check value |
| CN104052592A (en) * | 2011-07-21 | 2014-09-17 | 华为技术有限公司 | Secret key backup and transfer method and system based on trusted computing |
| CN105960775A (en) * | 2014-03-03 | 2016-09-21 | 英特尔公司 | Pneumatic ore charging |
| US10469253B2 (en) | 2014-03-03 | 2019-11-05 | Intel Corporation | Methods and apparatus for migrating keys |
| CN104135371A (en) * | 2014-08-18 | 2014-11-05 | 杭州华三通信技术有限公司 | Password saving method and device |
| CN104135371B (en) * | 2014-08-18 | 2017-07-14 | 新华三技术有限公司 | A kind of password store method and device |
| CN107451490A (en) * | 2017-07-21 | 2017-12-08 | 广州大学 | Safety certifying method, device, system and storage medium based on TrustZone |
| CN107451490B (en) * | 2017-07-21 | 2020-02-28 | 广州大学 | TrustZone-based security authentication method, device, system and storage medium |
| CN108537537A (en) * | 2018-04-16 | 2018-09-14 | 杭州网看科技有限公司 | A kind of safe and reliable digital cash Wallet System |
| CN109067517A (en) * | 2018-06-22 | 2018-12-21 | 成都卫士通信息产业股份有限公司 | Encryption, the communication means for decrypting device, encryption and decryption method and secrete key |
| CN109981576A (en) * | 2019-02-22 | 2019-07-05 | 矩阵元技术(深圳)有限公司 | Key migration method and apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100531027C (en) | 2009-08-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7260215B2 (en) | Method for encryption in an un-trusted environment | |
| US6819766B1 (en) | Method and system for managing keys for encrypted data | |
| CN1741443A (en) | Key transplanting method based on safety environment | |
| EP0916209B1 (en) | Cryptographic key recovery system | |
| US8249255B2 (en) | System and method for securing communications between devices | |
| US10237248B2 (en) | Encoder, decoder and method | |
| US20030123667A1 (en) | Method for encryption key generation | |
| KR101091246B1 (en) | A simple and efficient one-pass authenticated encryption scheme | |
| AU2003273688B2 (en) | Method of generating a stream cipher using multiple keys | |
| CN101989984A (en) | Electronic document safe sharing system and method thereof | |
| CN1805337A (en) | Secret shared key mechanism based user management method | |
| CN111314050B (en) | Encryption and decryption method and device | |
| US20070277043A1 (en) | Methods for Generating Identification Values for Identifying Electronic Messages | |
| CN1777089A (en) | Complex phase shift encrypting and decrypting method | |
| CN1226691C (en) | Method for multiple encryption of file and simultaneous sealing/unsealing | |
| KR100551992B1 (en) | encryption/decryption method of application data | |
| CN112907247B (en) | Block chain authorization calculation control method | |
| CN1209710C (en) | Digital watermark journal structural method | |
| US7539305B2 (en) | Schryption method and device | |
| CN115643015A (en) | Digital watermark tracing method | |
| Prafullchandra et al. | Diffie-Hellman proof-of-possession algorithms | |
| CN111314051B (en) | Encryption and decryption method and device | |
| Sharma et al. | Steganography techniques using cryptography-a review paper | |
| CN101043334A (en) | Method and device of encryption and data certification and decryption and data authenticity validating | |
| Sreejith et al. | Framework for concealing medical data in images using modified Hill cipher, multi-bit EF and ECDSA |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: SHENZHEN ZHAORI TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: ZHAORI SCIENCE AND TECHNOLOGY CO. LTD., BEIJING Effective date: 20061110 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20061110 Address after: Nine road 518040 Shenzhen city Futian District Tairan 213 building 6 floor C-3 block Applicant after: Zhaori Tech Co., Ltd., Shenzhen Address before: 100088 Beijing City, Haidian District Zhichun Road Jinqiu International Building No. 6 B block 4 layer Applicant before: Zhaori Science and Technology Co., Ltd., Beijing |
|
| EE01 | Entry into force of recordation of patent licensing contract |
Assignee: Zhaori Science & Technology (Shenzhen) Co., Ltd. Assignor: Zhaori Tech Co., Ltd., Shenzhen Contract fulfillment period: 2009.2.28 to 2027.9.11 contract change Contract record no.: 2009990000224 Denomination of invention: Key transplanting method based on safety environment License type: Exclusive license Record date: 2009.3.26 |
|
| LIC | Patent licence contract for exploitation submitted for record |
Free format text: EXCLUSIVE LICENSE; TIME LIMIT OF IMPLEMENTING CONTACT: 2009.2.28 TO 2027.9.11; CHANGE OF CONTRACT Name of requester: ZHAORI SCIENCE + TECHNOLOGY (SHENZHEN) CO., LTD. Effective date: 20090326 |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: SINOSUN TECHNOLOGY (SHENZHEN) CO., LTD. Free format text: FORMER OWNER: SHENZHEN SINOSUN TECH CO., LTD. Effective date: 20100622 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 518040 TOWER C-3, 6/F, BUILDING 213, TAIRANJIU ROAD, FUTIAN DISTRICT, SHENZHEN CITY TO: 518040 TOWER C, 6/F, BUILDING 213, TAIRAN INDUSTRY DISTRICT, CHEGONGMIAO, FUTIAN DISTRICT, SHENZHEN CITY |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20100622 Address after: 518040 Shenzhen city Futian District Che Kung Temple Tairan industrial district 213 building 6 floor C block Patentee after: Sinosun Technology (Shenzhen) Co., Ltd. Address before: Nine road 518040 Shenzhen city Futian District Tairan 213 building 6 floor C-3 block Patentee before: Zhaori Tech Co., Ltd., Shenzhen |
|
| C56 | Change in the name or address of the patentee |
Owner name: SHENZHEN ZHAORI TECHNOLOGY CO., LTD. Free format text: FORMER NAME: ZHAORI SCIENCE + TECHNOLOGY (SHENZHEN) CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 518040 Shenzhen city Futian District Che Kung Temple Tairan industrial district 213 building 6 floor C block Patentee after: Shenzhen Sinosun Technology Co., Ltd. Address before: 518040 Shenzhen city Futian District Che Kung Temple Tairan industrial district 213 building 6 floor C block Patentee before: Sinosun Technology (Shenzhen) Co., Ltd. |