CN1794629A - Method of ensuring safety of electronic mail - Google Patents
Method of ensuring safety of electronic mail Download PDFInfo
- Publication number
- CN1794629A CN1794629A CN 200510137623 CN200510137623A CN1794629A CN 1794629 A CN1794629 A CN 1794629A CN 200510137623 CN200510137623 CN 200510137623 CN 200510137623 A CN200510137623 A CN 200510137623A CN 1794629 A CN1794629 A CN 1794629A
- Authority
- CN
- China
- Prior art keywords
- key
- user
- algorithm
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Information Transfer Between Computers (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
This invention relates to a method for ensuring security of E-mails including: 1, when a new mail box is registered, a cleartext K input by a user is ciphered in a first single way to get a temporary cryptographic key K' to be hashed in a single way to get a hashed key x to be used to cipher the user private key d with a symmetrical ciphered algorithm to get symmetrical data d' to be stored, 2, generating a systematic key z dynamically first, then ciphering said mail by z after receiving mails of said user, utilizing a public key of users to cipher the systematic key to get a system constant z' to be stored, 3, carrying out a single-way ciphering based on the input cleartext K to get a temporary key k' when a user needs to operate mails of the box then to compute a hashed key x with k', then de-ciphering the stored symmetrical data d' to get a private key d and de-ciphering the pre-stored system constant z' to get the system key z to de-cipher the mail with z.
Description
Technical field
The present invention relates to the e-mail system data security, particularly relate to the encrypting/decrypting method of user cipher and e-mail data, especially the cryptographic algorithm designer E-mail enciphered method that all can not crack according to its algorithm.
Background technology
At present, what Email used in transmission course is smtp protocol, it does not provide cryptographic services, the assailant is intercepted data in mail transmission easily, the binary data (as the .exe file) of text formatting wherein, non-file format is reduced, cause the information leakage of significant data thus.
For this reason, existing E-mail receiver/send system adopts PGP (Pretty Good Privacy) and these two safety that the secure e-mail standard is come certified mail of S/MIME (Secure Multi-Part Intermail Mail Extension) usually.PGP signs to Mail Contents by one-way Hash algorithm, and assurance mail content can't be revised, and it is secret and undeniable with private key techniques certified mail content to use public-key.Addresser and receiver's public key publication is in disclosed place, as the FTP website.S/MME is the same with PGP, also utilizes the encryption system of one-way Hash algorithm and PKI and private key.It with PGP mainly contain 2 different: its authentication mechanism depends on the certificate verification mechanism of hierarchical structure, the organizations and individuals' of all next stage certificate is responsible for authentication by the tissue of upper level, and authentication mutually between the tissue of upper level, whole trusting relationship is tree-shaped substantially, on the other hand X.509 S/MIME as special annex transmission, adopts mail content-encrypt signature back as its certificate format.
By above-mentioned agreement, substantially can the fail safe of certified mail in transmission course, still,, mainly adopt the encryption of system key to data for the mailing system Data Protection.And system password adopts expressly more, or will expressly directly preserve or will preserve after the plain text encryption, and there is following defective in this mode:
If adopt the mode of expressly directly preserving, there is being the assailant to enter mailing system, obtain will cause the loss that can't retrieve to system data safety behind the user cipher.
Preserve if adopt user cipher to encrypt the back, prior art adopts the bidirectional encipher mode usually, and this cipher mode algorithm designer is to decipher mail and corresponding information very easily, the privacy that this from another point of view also can't certified mail.
That is to say that the existing email system relies on program code on the design of system user safety of data,, thereby illegally obtain e-mail messages if the lawless person obtains program code and is very easy to crack algorithm.
Summary of the invention
The object of the present invention is to provide the implementation method that guarantees safety of electronic mail, rely on program code, can not guarantee the technical problem of its fail safe to solve existing email receive-transmit system cryptographic algorithm.
Another object of the present invention is to the to give security implementation method of data security relies on program code to solve existing DEA, can not guarantee the technical problem of its fail safe.
In order to address the above problem, the invention provides a kind of implementation method that guarantees safety of electronic mail, comprising:
(1) when new mailbox is registered, the plaintext k of user's input is carried out the One-Way Encryption first time, obtain temporary key k ', and earlier temporary key k ' is carried out uni-directional hash and obtain hash key x, re-use hash key x carries out symmetric encipherment algorithm to user's private key d encryption, obtain symmetric data d ', and with it preservation;
When (2) whenever receiving described user's mail, produce earlier dynamically system key z, utilize z that described mail is encrypted then, and system key z encrypts with user's PKI e and obtains the constant z ' of system, and with it preservation;
(3) in the time of need operating the mail of described mailbox as if the user, plaintext k according to user's input carries out One-Way Encryption acquisition temporary key k ' earlier, utilize k ' to calculate hash key x again, then the symmetric data d ' that preserves is decrypted and obtains private key d, the needs of preserving in advance with private key d deciphering are deciphered the constant z ' of system of mail subsequently, obtain system key z, utilize key z to decipher described mail at last.
The present invention also provides a kind of implementation method that guarantees data security, and comprising:
(1) the plaintext k with user's input carries out the One-Way Encryption first time, obtain temporary key k ', and earlier temporary key k ' is carried out uni-directional hash and obtain hash key x, re-use hash key x carries out symmetric encipherment algorithm to user's private key d encryption, obtain symmetric data d ', and with it preservation;
(2) dynamically produce system key z, the data of utilizing z will need to guarantee its fail safe are then encrypted, and system key z encrypts with user's PKI e and obtains the constant z ' of system, and with it preservation;
(3) when the user is defeated will decipher described data the time, plaintext k according to user's input carries out One-Way Encryption acquisition temporary key k ' earlier, utilize k ' to calculate hash key x again, then the symmetric data d ' that preserves is decrypted and obtains private key d, decipher the constant z ' of system that needs data decryption that preserves in advance with private key d subsequently, obtain system key z, utilize key z to decipher described data at last.
Compared with prior art, the present invention has the following advantages: by the present invention, safety of data does not rely on program code, because the system key that the plaintext of user's input, private key, system produce etc. all is not store as intermediate key, even lawless person's (as algorithm designer) obtains program code, can not be decrypted data (as mail), improve safety of data.
Description of drawings
Fig. 1 is the guarantee data security schematic diagram of algorithm of the present invention;
Fig. 2 is the flow chart that the present invention guarantees the implementation method of safety of electronic mail.
Embodiment
Below in conjunction with accompanying drawing, specify the present invention.
See also Fig. 1, it is the guarantee data security schematic diagram of algorithm of the present invention.
The clear-text passwords of k representative of consumer, the k ' temporary key that to be k obtain through One-Way Encryption, k " be the final key that k ' obtains through One-Way Encryption, k " be stored in the system, x is the key that k ' obtains through uni-directional hash, x and k " between can not derive mutually.Key x is used for the encryption of private key for user, and cryptographic algorithm is a symmetric encipherment algorithm.
A represents a kind of algorithm of public-key cryptography, produce private key d and PKI e by A, each user's d and e are produced automatically by system, and each user's d is never identical with e, obtains d ' after using symmetric encipherment algorithm that d is encrypted d with x, and d ' is stored in the system, z is the key that is produced at random by system dynamics, be used to encrypt the data of need to be keep secret, z itself encrypts with PKI e and obtains z ', and z ' is stored in the system.
According to aforementioned algorithm, the invention provides a kind of implementation method that guarantees data security, comprising:
(1) the plaintext k with user's input carries out the One-Way Encryption first time, obtain temporary key k ', and earlier temporary key k ' is carried out uni-directional hash and obtain hash key x, re-use hash key x carries out symmetric encipherment algorithm to user's private key d encryption, obtain symmetric data d ', and with it preservation;
(2) dynamically produce system key z, the data of utilizing z will need to guarantee its fail safe are then encrypted, and system key z encrypts with user's PKI e and obtains the constant z ' of system, and with it preservation;
(3) when the user is defeated will decipher described data the time, plaintext k according to user's input carries out One-Way Encryption acquisition temporary key k ' earlier, utilize k ' to calculate hash key x again, then the symmetric data d ' that preserves is decrypted and obtains private key d, decipher the constant z ' of system that needs data decryption that preserves in advance with private key d subsequently, obtain system key z, utilize key z to decipher described data at last.
Pass through above-mentioned steps, safety of data does not rely on program code, because the system key that the plaintext k of user's input, private key, system produce etc. all is not store as intermediate key, even lawless person's (as algorithm designer) obtains program code, can not be decrypted data, improve Information Security.Described data can be any ciphered data that needs, and are example with the email distribution and reception system, and described data can be user alias, mail, address list.
Below just to guarantee that Email Security is embodiment, illustrates the safety that how to guarantee Email.See also Fig. 2, it guarantees the flow chart of the implementation method of safety of electronic mail for the present invention.It may further comprise the steps:
S110: when new mailbox is registered, the plaintext k of user's input is carried out the One-Way Encryption first time, obtain temporary key k ', and earlier temporary key k ' is carried out uni-directional hash and obtain hash key x, re-use hash key x carries out symmetric encipherment algorithm to user's private key d encryption, obtain symmetric data d ', and with it preservation;
S120: when whenever receiving described user's mail, produce earlier dynamically system key z, utilize z that described mail is encrypted then, and system key z encrypts with user's PKI e and obtains the constant z ' of system, and with it preservation;
S130: in the time of need operating the mail of described mailbox as if the user, plaintext k according to user's input carries out One-Way Encryption acquisition temporary key k ' earlier, utilize k ' to calculate hash key x again, then the symmetric data d ' that preserves is decrypted and obtains private key d, the needs of preserving in advance with private key d deciphering are deciphered the constant z ' of system of mail subsequently, obtain system key z, utilize key z to decipher described mail at last.
In system, only preserve symmetric data d ' and the constant z ' of system, other intermediate key is not stored in the system, promptly according to symmetric data d ' and the constant z ' of system, can not crack the cryptographic algorithm of mail, the deciphering mail, even therefore the designer of algorithm also can't crack the encryption of described mail according to the symmetric data d ' and the constant z ' of system of program code and preservation.
When new mailbox was registered, the user can import expressly k separately.Expressly k also can be user cipher.
Below just illustrate with an example how the present invention guarantees the implementation method of safety of electronic mail.This implementation method comprises three phases: the mail stage of new mailbox registration phase, the stage that gets the mail, operation mailbox.
(1) new mailbox registration phase
The user is to the new mailbox of mail server application, and after succeeding in registration, mail server is preserved the user name and the corresponding user cipher of new mailbox.The user is on the man-machine interface of " input is k expressly " that mail server provides, input is k expressly, the plaintext k that mail server will be imported carries out the One-Way Encryption first time, obtain temporary key k ', again temporary key k ' is carried out the One-Way Encryption second time, obtain final key k ", and with final key k " in system, preserve.One-Way Encryption for the first time and One-Way Encryption for the second time can be adopted One-way encryption algorithm such as MD5 algorithm, SHA algorithm.And the algorithm of One-Way Encryption for the first time and the employing of One-Way Encryption for the second time can be identical, also can be inequality.So-called encrypted in units is meant that the result after the One-Way Encryption can't know the password before encrypting, and promptly has one-way.
Each user can produce this user's private key d and PKI e according to a certain algorithm.Because the generation of private key d and PKI e is a known processes, just repeats no more at this.
Mail server can carry out uni-directional hash to temporary key k ' and obtain hash key x, re-uses hash key x user's private key d is carried out the encryption of symmetric encipherment algorithm, obtains symmetric data d ', and with it preservation.The One-way encryption algorithm that adopts can use MD5, SHA etc.Described symmetric encipherment algorithm is meant according to hash key x and symmetric data d ' equally also can obtain private key d.
(2) get the mail the stage
Mail server is whenever received described user's mail, and each user name is corresponding with email address, and mail server can be determined user name according to the receiving terminal address of mail.Behind every receiving terminal one mail of mail server, dynamically produce system key z, utilize system key z that the mail that receives is encrypted then, such as the letter body content of mail being encrypted.And system key z encrypts with user's PKI e and obtains the constant z ' of system, and the constant z ' of system is preserved.Above-mentioned encryption also is to adopt One-way encryption algorithm, such as RSA, ECC etc.
(3) the mail stage of operation mailbox
When the user need enter this mailbox, when carrying out corresponding operating, at first need described user is carried out authentication.If expressly k is not a user cipher, then the user name of user's input, corresponding user cipher can be compared with user name, the user cipher preserved in advance, if having identical user name and user cipher, then authentication is passed through.When if expressly k is meant user cipher, then the plaintext k of user's input that the user who receives is imported carries out the secondary One-Way Encryption through One-way encryption algorithm, obtain final key, judge the final key k that described final key and system preserve " compare; if identical; then the user passes through authentication, otherwise the user is by authentication.
After the user is through authentication, if need operate (such as reading) to a certain mail that receives, then at first need mail is decrypted: the plaintext k according to user's input carries out One-Way Encryption acquisition temporary key k ' earlier, utilize k ' to calculate hash key x again, then the symmetric data d ' that preserves is decrypted and obtains private key d, the needs of preserving in advance with private key d deciphering are deciphered the constant z ' of system of mail subsequently, obtain system key z, utilize key z to decipher described mail at last.
Pass through above-mentioned steps, safety of data does not rely on program code, because the system key that the plaintext k of user's input, private key, system produce etc. all is not store as intermediate key, even lawless person's (as algorithm designer) obtains program code, can not be decrypted mail, improve the fail safe of whole mailing system.
More than disclosed only be several specific embodiment of the present invention, but the present invention is not limited thereto, any those skilled in the art can think variation, all should drop in protection scope of the present invention.
Claims (8)
1, a kind of implementation method that guarantees safety of electronic mail is characterized in that, comprising:
(1) when new mailbox is registered, the plaintext k of user's input is carried out the One-Way Encryption first time, obtain temporary key k ', and earlier temporary key k ' is carried out uni-directional hash and obtain hash key x, re-use hash key x carries out symmetric encipherment algorithm to user's private key d encryption, obtain symmetric data d ', and with it preservation;
When (2) whenever receiving described user's mail, produce earlier dynamically system key z, utilize z that described mail is encrypted then, and system key z encrypts with user's PKI e and obtains the constant z ' of system, and with it preservation;
(3) in the time of need operating the mail of described mailbox as if the user, plaintext k according to user's input carries out One-Way Encryption acquisition temporary key k ' earlier, utilize k ' to calculate hash key x again, then the symmetric data d ' that preserves is decrypted and obtains private key d, the needs of preserving in advance with private key d deciphering are deciphered the constant z ' of system of mail subsequently, obtain system key z, utilize key z to decipher described mail at last.
2, the implementation method of assurance safety of electronic mail as claimed in claim 1 is characterized in that,
Step (1) also comprises: temporary key k ' is done One-Way Encryption for the second time, obtain final key k " and with it preservation;
Step (3) also comprises requiring the user who logins mailbox to authenticate: the plaintext k that will receive user's input carries out the secondary One-Way Encryption through the One-way encryption algorithm that adopts step (1), obtain final key, judge the final key k that described final key and system preserve " compare; if identical; then the user passes through authentication, otherwise the user is by authentication.
3, the implementation method of assurance safety of electronic mail as claimed in claim 1 or 2 is characterized in that, described plaintext k is a user cipher.
4, the implementation method of assurance safety of electronic mail as claimed in claim 1 or 2, it is characterized in that the algorithm that One-Way Encryption is adopted can be MD5 algorithm, SHA algorithm, and, the algorithm of One-Way Encryption for the first time and the employing of One-Way Encryption for the second time can be identical, also can be inequality.
5, the implementation method of assurance safety of electronic mail as claimed in claim 1 or 2 is characterized in that, symmetric encipherment algorithm can use DES algorithm, aes algorithm.
6, the implementation method of assurance safety of electronic mail as claimed in claim 1 or 2 is characterized in that, public key encryption algorithm can use RSA Algorithm and ECC algorithm.
7, a kind of implementation method that guarantees data security is characterized in that, comprising:
(1) the plaintext k with user's input carries out the One-Way Encryption first time, obtain temporary key k ', and earlier temporary key k ' is carried out uni-directional hash and obtain hash key x, re-use hash key x carries out symmetric encipherment algorithm to user's private key d encryption, obtain symmetric data d ', and with it preservation;
(2) dynamically produce system key z, the data of utilizing z will need to guarantee its fail safe are then encrypted, and system key z encrypts with user's PKI e and obtains the constant z ' of system, and with it preservation;
(3) when the user is defeated will decipher described data the time, plaintext k according to user's input carries out One-Way Encryption acquisition temporary key k ' earlier, utilize k ' to calculate hash key x again, then the symmetric data d ' that preserves is decrypted and obtains private key d, decipher the constant z ' of system that needs data decryption that preserves in advance with private key d subsequently, obtain system key z, utilize key z to decipher described data at last.
8, the implementation method that guarantees data security as claimed in claim 7 is characterized in that, described data comprise user alias, mail, address list.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101376234A CN100521600C (en) | 2005-12-26 | 2005-12-26 | Method of ensuring safety of electronic mail |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101376234A CN100521600C (en) | 2005-12-26 | 2005-12-26 | Method of ensuring safety of electronic mail |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1794629A true CN1794629A (en) | 2006-06-28 |
| CN100521600C CN100521600C (en) | 2009-07-29 |
Family
ID=36805923
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005101376234A Expired - Fee Related CN100521600C (en) | 2005-12-26 | 2005-12-26 | Method of ensuring safety of electronic mail |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100521600C (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100555937C (en) * | 2007-11-20 | 2009-10-28 | 重庆大学 | A kind of E-mail encryption transmitting-receiving system |
| WO2010078755A1 (en) * | 2009-01-12 | 2010-07-15 | 中兴通讯股份有限公司 | Method and system for transmitting electronic mail, wlan authentication and privacy infrastructure (wapi) terminal thereof |
| CN101178861B (en) * | 2006-11-08 | 2011-05-25 | 冲电气工业株式会社 | SHA operation method and device |
| CN103780380A (en) * | 2012-10-22 | 2014-05-07 | 上海俊悦智能科技有限公司 | Asymmetric mail security encryption realization method |
| CN104580255A (en) * | 2015-02-02 | 2015-04-29 | 陈梅池 | Terminal equipment authentication method and terminal equipment authentication system based on identification equipment capable of identifying code streams |
| CN112995204A (en) * | 2021-04-09 | 2021-06-18 | 厦门市美亚柏科信息股份有限公司 | Method, device, equipment and storage medium for safely reading Protonmail encrypted mail |
| CN113923053A (en) * | 2021-12-09 | 2022-01-11 | 华中科技大学 | Cross-equipment safety synchronization method and system for encrypted mail |
-
2005
- 2005-12-26 CN CNB2005101376234A patent/CN100521600C/en not_active Expired - Fee Related
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101178861B (en) * | 2006-11-08 | 2011-05-25 | 冲电气工业株式会社 | SHA operation method and device |
| CN100555937C (en) * | 2007-11-20 | 2009-10-28 | 重庆大学 | A kind of E-mail encryption transmitting-receiving system |
| WO2010078755A1 (en) * | 2009-01-12 | 2010-07-15 | 中兴通讯股份有限公司 | Method and system for transmitting electronic mail, wlan authentication and privacy infrastructure (wapi) terminal thereof |
| CN103780380A (en) * | 2012-10-22 | 2014-05-07 | 上海俊悦智能科技有限公司 | Asymmetric mail security encryption realization method |
| CN104580255A (en) * | 2015-02-02 | 2015-04-29 | 陈梅池 | Terminal equipment authentication method and terminal equipment authentication system based on identification equipment capable of identifying code streams |
| CN104580255B (en) * | 2015-02-02 | 2017-12-12 | 广州邻礼信息科技有限公司 | Authentication method and system of the identification equipment based on recognizable code stream to terminal device |
| CN112995204A (en) * | 2021-04-09 | 2021-06-18 | 厦门市美亚柏科信息股份有限公司 | Method, device, equipment and storage medium for safely reading Protonmail encrypted mail |
| CN112995204B (en) * | 2021-04-09 | 2022-07-08 | 厦门市美亚柏科信息股份有限公司 | Method, device, equipment and storage medium for safely reading Protonmail encrypted mail |
| CN113923053A (en) * | 2021-12-09 | 2022-01-11 | 华中科技大学 | Cross-equipment safety synchronization method and system for encrypted mail |
| CN113923053B (en) * | 2021-12-09 | 2022-02-08 | 华中科技大学 | Cross-equipment safety synchronization method and system for encrypted mail |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100521600C (en) | 2009-07-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109067524B (en) | Public and private key pair generation method and system | |
| CN105025019B (en) | A kind of data safety sharing method | |
| US20110145576A1 (en) | Secure method of data transmission and encryption and decryption system allowing such transmission | |
| CN110958219B (en) | SM2 proxy re-encryption method and device for medical cloud shared data | |
| CN108090370B (en) | Instant communication encryption method and system based on index | |
| CN100521600C (en) | Method of ensuring safety of electronic mail | |
| WO2007088337A3 (en) | Kem-dem encrpyted electronic data communication system | |
| CN114024689B (en) | E-mail receiving and sending method and system based on post quantum and identity | |
| CN101466079A (en) | Method, system and WAPI terminal for transmitting e-mail | |
| JPH11231778A (en) | Device and method for enciphering and deciphering and recording medium recording the same methods | |
| CN103516516A (en) | File safe sharing method, system and terminal | |
| US7660987B2 (en) | Method of establishing a secure e-mail transmission link | |
| CN101001142A (en) | Encipher-decipher method based on iterative random number generator | |
| US20130198513A1 (en) | Encryption method and system for network communication | |
| Nurhaida et al. | Digital signature & encryption implementation for increasing authentication, integrity, security and data non-repudiation | |
| CN104486756A (en) | Encryption and decryption method and system for secret letter short message | |
| CN102195782A (en) | Two-way identity authentication method with integration of identity and password for mailing system | |
| CN105743884A (en) | Mail hiding method and mail hiding system | |
| KR20140033824A (en) | Encryption systems and methods using hash value as symmetric key in the smart device | |
| CN111541652B (en) | System for improving security of secret information keeping and transmission | |
| KR20040071918A (en) | Encryption/decryption method of transmission data | |
| Wong et al. | E–mail protocols with perfect forward secrecy | |
| Rachmawanto et al. | Triple DES Cryptography Based on Hash Function and DSA for Digital Certificate Authentication | |
| CN113014531B (en) | Method for encrypting and transmitting e-mail data | |
| Wu et al. | Design and application of IBE email encryption based on Pseudo RSA certificate |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090729 Termination date: 20141226 |
|
| EXPY | Termination of patent right or utility model |