DE102018113772B4 - Encryption method - Google Patents

Abstract

Symmetrical method for encrypting digital plain text data into a cipher based on a digital key, the key containing a large number of bytes of each possible date, comprising- generating a section key by cyclically shifting the key by a random shift value and- storing an identifier of the section key in the cipher, and- determining a random position of a byte in the section key, the date of the byte of the section key being identical to the date of a byte of the plaintext to be encrypted, and- storing the determined position in the cipher.

Description

The invention relates to a method and a corresponding device for encrypting digital data with a digital key. Furthermore, a method for decrypting the data (cipher) encrypted with the method described is described, as well as a device and a device provided and set up for performing the method Computer program m product.

Symmetrical encryption methods are known per se. With encryption methods of this type, the plain text data is encrypted and decrypted on the recipient side using a secret key on the sender side. Symmetrical encryption methods are typically used to encrypt digitally available information, which is in the form of bits and bytes and which can be processed by a digital signal processor (DSP). The encryption or corresponding decryption algorithm to be used can be present as an executable computer program which can be executed by a computer (PC). The key and the file to be encrypted or decrypted are stored in a memory on the PC and can be read by the latter. For a number of known methods, there are processors specially developed for the method, which are optimized for encryption or decryption and can carry out the respective method correspondingly quickly, so-called application specific ICs (ASICs).

A large number of symmetrical encryption methods are known, for example the so-called Advanced Encryption Standard (AES) or Rijndael, the Data Encryptions Standard DES or the further development Triple-DES derived from it, the International Data Encryption Algorithm IDEA and the Blowfish or Bruce Schneier processes Twofish or the CAST method of Carlisle M. Adams.

A file that contains the information in unencrypted form is called a plain text file, or plain text for short. A file that contains the information in encrypted form is called a cipher.

One advantage of this method is simple key management, because only one key is required for encryption and decryption. Furthermore, the methods typically have a high processing speed because they are mostly based on efficient operations such as bit shifts or XORs.

However, these methods have the disadvantage that they can be broken computationally. As the computing power of available computers increases, the time required for this decreases.

The US 2002/0126840 A1 describes a method and a corresponding device for adapting a symmetrical encryption algorithm to a semi-symmetrical algorithm. Based on a master key, individual keys can be generated on the basis of which individual decryption processes are generated.

Well-known asymmetrical encryption methods, also known as public key encryption methods, are considered to be more secure. The Rivest, Shamir and Adleman method known as RSA, or the Merkle-Hellman or the McEliece or the Elgamal method are such methods. These have the advantage that the so-called public key does not have to be transmitted to a transmitter via a secure channel, because it can only be used for encryption, but not decryption. However, these asymmetrical methods have the particular disadvantage that they require considerably more computing power both for encryption and for decryption. In addition, in view of the increasingly powerful processors available, these methods can no longer be regarded as unreservedly secure.

There is therefore a need to propose a method which at least partially solves the above-mentioned disadvantages.

• 1 schematischer Aufbau eines Schlüssels
• 2 schematische Darstellung des Formats eines Chiffrats
• 3 Ablaufdiagramm des Verschlüsselungsverfahrens
• 4 Ablaufdiagramm der Umpositionierung

The following describes the method and a system that is suitable and set up for encryption and decryption with the aid of figures. The figures show

• 1 schematic structure of a key
• 2 schematic representation of the format of a cipher
• 3 Encryption process flowchart
• 4th Repositioning flowchart

The data structures explained below each show a possible configuration of the data formats. For the person skilled in the art, it goes without saying that a respective data format can be replaced by an equivalent format if this provides the corresponding functionality.

key

1 shows in schematic form a key 100 , which can be used for the encryption of a plaintext into a cipher and the decryption of a cipher into a plaintext file. A key comprises for each value that can be represented with one byte, i.e. decimal 0 to 255 or in hexadecimal notation 0x00 to OxFF, a large number of bytes 110 . The key thus has a large number of bytes with the value 0x00 (all bits occupied by 0), a large number of bytes with the value 0X01 (all bits except for the LSB (least significant byte) occupied by zero), and a large number of bytes with the value 0x01 (all bits with 0, with the exception of the LSB (Least Significant Bit)) and so on for all byte values and also a large number of bytes with the value OxFF (all bits with 1).

In one embodiment, the values 0x00 to 0xFF (hexadecimal notation), that is to say decimal 0-255, of the bytes can be evenly distributed within the key. The arrangement of the bytes with different values within the key is chosen at random. The random arrangement of bytes 2a, 2b, 2c, 2d of different values is shown in the 1 for the key 100 represented by exemplary values 0F, E1 ... 0B .... 01, which represent the values 0x0F, 0xE1, 0x0B and 0x01.

In one embodiment, the key can have any possible byte value, that is, any of the 256 with 8 bits representable values from 0x00 to 0xFF, include exactly 256 times, so that the key has a size of 256 x 256 = 65,536 bytes.

In an alternative embodiment, the different values of the bytes can not be evenly distributed, but rather can be distributed according to the statistical frequency of the values in a plain text to be encrypted. In the event that the plain text file is a text in which, for example, printable characters, i.e. the ASCII characters 0x20 (space) to 0x7E (tilde), occur, the frequency of the bytes with these values can be adjusted accordingly.

In a further alternative embodiment, the key can have a plurality of sections, each section being designed as described above for the key. The number of key sections is not limited. In this case, the method and the device are set up accordingly so that the multiple key sections are managed and which key section is used is identified in the cipher. The means necessary for this, that is to say an identification in the cipher of a key section used for the encryption, are familiar to the person skilled in the art, so that they will not be discussed further at this point.

In addition to the bytes in the key sections, which are provided for deriving section keys, the key can contain information about the key, so-called metadata. This metadata about the key can preferably be stored in an additional section, preferably at the beginning of the file, the so-called header 120 , be filed. In this way, before the actual encryption or decryption is carried out, a program can obtain information about the key and, in particular, about the segmentation into individual sections.

The key header 120 , includes an identifier of the key. In one embodiment, this can have a size of 4 bytes, so that 2 ³² = 4294967296 different keys can be identified and thus identified at an encryption or decryption point using this identifier. The identifier of a key is chosen at random, so it is any character string of suitable length. The identifier is therefore not dependent on or in any way connected or linked to the content of the key, so that the content of the key cannot be inferred from the identifier of the key.

The following description is based on a key which has only one key section and exactly every possible byte value 256 times, so that it has a length of 65536 bytes plus the length of the header.

THE CHIFFRAT

The cipher, also called ciphertext, cryptogram or cryptotext in the literature, refers to the file which was generated by applying the encryption algorithm to the plain text file and using a key and which includes the encrypted information of the plain text. The plain text file can be generated based on the cipher and using the key which was used for the encryption by applying the decryption algorithm. A cipher can be a closed file or a quasi-endless stream, for example an encrypted data stream that is continuously transmitted from a transmitter to a receiver.

2 shows schematically the structure of a cipher 200 . The schematic illustration shows one of several possible arrangements of sections of data. The sequence of the sections is arbitrary, although both the encrypting and the decrypting authority must be aware of them so that the decrypting authority can decrypt the cipher and thus restore the plain text file.

The cipher 200 includes metadata and the encrypted data. The metadata itself can be at least partially encrypted and at least partially at the beginning of the cipher in a so-called header 210 be arranged so that the decrypting body first reads the metadata and based thereon can carry out the decryption.

As described later, the cipher can have a header 210 which has metadata that apply to the entire cipher. Furthermore, the cipher can have metadata which are only related to a section of the cipher. If a cipher comprises several sections, each corresponding to a section of the plain text file in encrypted form, the cipher can comprise metadata for each section, this section-related metadata being stored in a section header and only for a single section, typically the following section 220 , 221 The metadata can optionally include an identifier of the key with which the plain text file was encrypted. This information enables the decrypting agency to identify the key to be used. This information can be in an appropriate field 211 fixed size, e.g. 4 bytes, in the header 210 of the cipher 200 or at another agreed position in the cipher. The decrypting body thus receives the information as to which key is to be used to decrypt the cipher. In the event that the cipher does not contain an identifier for the key, the decrypting authority must specify the key to be used for decryption. Further identifications of keys on which the encryption is based can be stored in further fields of the header. Optionally, the metadata can contain further information relating to the encryption method. So the metadata in a field 212 contain information about the program version which was used for the encryption. The decrypting body can use this information to determine, for example, the format of the cipher, which is specific to a program version. Furthermore, further meta information on files that is familiar to the person skilled in the art can be stored in this field. As will be described later, the encrypted data can be divided into several sections in such a way that they are encrypted with the respective section keys. The several sections can be of different lengths. The identifier of the section key used for a cipher section is preferably in the cipher 200 in a suitable place 213 saved. In one variant, the identifier of the section key reflects the shift value on which the derivation of the section key was based. A first section key can be used to encrypt various fields in the header of the cipher, and further section keys can be used to encrypt further sections of the cipher in which encrypted plain text data is stored. The format of the cipher specified here is only one possible variant, further, alternative variants of a file format being familiar to the person skilled in the art.

Optionally, the length of the encrypted plain text file (in bytes) can also be written into the cipher, preferably in a field 214 of the header 210 . In a preferred embodiment, the value of the length can be written into the cipher in byte-wise encrypted form, the byte-wise encryption being carried out based on the key or the section key. The name of the plain text file can also optionally be written in the cipher, preferably in the header of the cipher, see field 215 so that after successful decoding of the cipher, the resulting plain text file will be the Can get the name of the original plain text file. The field can have a fixed length or be structured in such a way that initially a length specification of, for example, 2 bytes is specified, followed by the field of the specified length in which the name of the plain text file is stored in encrypted form. In this way, the decrypting point also receives the information about the name of the plain text file in encrypted form. The name of the plain text file can be encrypted with a section key. In an advantageous embodiment, so-called junk bytes can be included in the cipher. Junk bytes are those bytes that do not belong to the plain text, but have been arbitrarily added to the cipher and have no meaning in terms of content. The decrypting agency can ignore such junk bytes because they do not transport any information and do not belong to the plain text. Junk bytes can be added to the cipher to make unwanted decryption more difficult for an attacker by obfuscating the actual useful information of the cipher by adding the junk bytes. The number of junk bytes added to a section of the cipher are written into the cipher and for the respective section into the cipher, so that the decrypting agency receives information about which bytes of a cipher section are to be ignored during decryption. The number of junk bytes added to the cipher is written in encrypted form in the cipher, see field 216 , whereby the section key can be used for the encryption, which was used for the encryption of the cipher section. The added junk bytes can be in a field 216 of the cipher, which is preferred to the field 217 which indicates the number of junk bytes added. Since the junk bytes themselves do not transport any information, the values of the junk bytes can be chosen at random. Following the header data 5, a cipher comprises at least one or more sections 220 , 221 ..., in which encrypted content of the plain text file is stored. Each such section that contains encrypted plain text can be encrypted with a respective section key. Accordingly, a first section of the plain text can be encrypted with a first section key, and further sections can be encrypted with respective further section keys, a respective section key being derived from an original key. Furthermore, further sections can be encrypted with respective section keys, which are derived from further original keys. For the encryption of a plain text file that is encrypted in several sections, you can use several keys, each with several derived section keys.

The information on such a section key is preferably in a respective data field 211 and stored assigned to a section of the cipher in the cipher which is before the associated cipher section 220 , 221 is arranged. The decrypting body can accordingly derive a corresponding section key from the key based on the identifier, ie based on the shift value, and use it as the basis for decrypting the cipher section.

The cipher also includes information about the length of the cipher section 220 , 221 , which was encrypted with a respective section key. The length 218 of the next encrypted section as well as the identifier of the corresponding section key used 213 can be placed at the end of the previous encrypted section. The cipher can thus be a first cipher section 220 have, which is attached to the header 210 connects. This first section of the cipher 220 further cipher sections of the same structure can follow, so that a cipher 4 can have at least the header and almost any number of cipher sections. The decrypting body receives the information necessary for decryption from the header and the meta information stored in each case for a cipher section, i.e. the section length and the information on the section key to be used.

In this way, a cipher of almost any size can be generated, which is divided into several sections, and the information necessary for the respective decryption is stored in the cipher in front of each section of the cipher. In this way, an encrypting body can encrypt a first section of a plain text and then several other sections with a respective section key, without data having to be stored in the header of the cipher. The transmission of a cipher to a decrypting point can begin as soon as the first section is encrypted and almost any number of cipher sections, which are encrypted with a respective section key, can follow.

Encryption

The procedure for encrypting a plain text file is described schematically below. The plain text file can have any format and any content. The procedure for Encryption is preferably implemented in an executable program code that can be executed on a digital signal processor. The program code can thus be part of a computer program product. In one embodiment, this can be a known computer (PC) which has a processor suitable for executing the program code and a memory for storing the plain text, the key and the section key and the cipher, and which is suitable for executing the program code.

The encryption method 300 can be implemented in any suitable computer language. In alternative embodiments, the program code can be executed on a so-called application-specific integrated circuit which is specially set up and particularly suitable for executing the program code, ie a so-called application-specific IC (ASIC).

In a first step 301 During the encryption process, the key to be used and the plain text file are made available to the program. The person skilled in the art is aware that this can be brought about, for example, by specifying the respective path to the plain text file and the file of the key. We will omit such intermediate steps, which are self-evident for the person skilled in the art, in the following. In the first steps of the encryption process, the identification of the key on which the further encryption process is based begin with the writing of some fields of the header of the cipher, and is written unencrypted in the corresponding field of the header, as is the version.

In a subsequent step, the program reads the key and generates a so-called section key from this key. For this purpose, the method determines an integer random number, hereinafter referred to as the shift value, by whose value the bytes of the key are shifted cyclically. The value of the shift value is in the interval zero to key size, where key size is the number of bytes in the key. For a shift value of 93 assumed here, for example, and a key size of 65,535 bytes assumed here as an example, the bytes in memory positions 0 to 65,535 - 93 = 65,442 are shifted by 93 bytes to memory locations 93 to 65,535. The bytes in memory positions 65,443 to 65,535 are written to memory positions zero to 92 and the order is retained. A generated section key has the same length as the key.

In an alternative embodiment of the method, the section key can be generated by bit-by-bit random shifting; H. that the bits of the key are not shifted by whole bytes, but only by bits, with the randomly generated shift value indicating the number of bits by which the bits of the key are cyclically shifted. Here too, the order of the bits within the shift intervals remains unchanged. In any case, the randomly determined shift value is stored in the cipher and in a suitable place for the section which is encrypted with the section key that was generated with the shift value. A section key generated in this way is therefore random, albeit based on the original key. In a further advantageous embodiment, several keys can be used, from which section keys can be derived by shifting byte or bit byte as described above. In this case, the multiple identifiers of keys used to derive section keys are stored in the cipher and for each section of the cipher it is stored which key the section key used is based on, so that the decrypting body can move the respective section key from the correct key can derive. In particular, the derivation of a further section key can be based on a further key if, based on a first key, all possible permutations according to the procedure described above have already been carried out and the generated section keys have been used. In a particularly preferred embodiment, the shift value is based on the key byte for byte encrypted, and the byte-wise encrypted shift value is written into the cipher as the identifier of the section key.

The byte-wise encryption of the shift value based on the key is achieved by writing the position of a randomly selected byte of the key, which has the same content as the byte of the shift value to be encrypted, in the header of the cipher 4. With an assumed size of the key of 65,535 bytes and an assumed byte-wise shifting of the key to generate the mining key, the shift value could be represented in plain text with 2 bytes. 1 byte of the shift value can now be encrypted by writing the position of a randomly selected byte in the header, whereby the position can again be represented with 2 bytes. The byte-by-byte encryption of the shift value accordingly requires 4 bytes. In this way the shift value is already stored in encrypted form in the header, ie an identifier of the section key, namely the encrypted shift value, is stored in the cipher.

After the first section key has been generated, the header fields described above are encrypted with the first section key and written in the header of the cipher. The fields are encrypted using the same steps as the plain text files are encrypted, but with a section key that is only used to encrypt the header fields.

After the fields of header 5 have been written into the cipher, the encryption of the plain text begins. For this purpose, a further section key can be generated for the subsequent encryption of the plain text, see 303, as described above. The identifier of the section key is written in the cipher and to the cipher section. As mentioned above, the cipher can contain several sections that are encrypted with a respective section key and in which the encrypted plain text file is stored. The plaintext is encrypted byte by byte. To do this, the value of the next, or possibly the first, byte of the plain text is read, step 305 , and a position of a byte in the section key is determined, whereby the value of the byte of the section key must be the same as that of the plain text byte read. A position of a byte of the section key is determined, step 307 which has not yet been used for the encryption of the section, so that each position of a byte of the section key is only used once. The position of the determined byte of the section key is then written into the cipher, step 308 . The position of the determined byte to be written into the cipher has a length of 2 bytes with a length of the section key of 65,536 bytes. With the length of a section key of 65,536 bytes selected here as an example, a position with a length of 2 bytes, in this case a byte pair, is written into the cipher for each byte of the plain text. In this way, the bytes of the plaintext can be read in sequence and, based on the section key, encrypted and written into the cipher.

It is clear to a person skilled in the art that with the size of the section key selected here of 256 x 256 = 65,536 bytes, i.e. 65kB, the positions of bytes in the section key can be represented with two bytes. However, keys and section keys can be used which can be smaller or larger than the 65kB selected here by way of example and without restriction of generality and which accordingly require fewer or more bits or bytes for addressing. It is clear to the person skilled in the art that byte limits do not necessarily have to be adhered to. So if two bytes or byte pairs are mentioned below, which stand for an encrypted byte, it is clear to the person skilled in the art that this storage space size may have to be adapted for other key sizes.

In order to ensure that the position of a byte of the section key is only used once, the method can keep a list that is used to ensure that a byte position within an encryption section is only used once. For this purpose, the encrypted system can set up a suitable internal data structure, for example a two-dimensional array, in which it is marked which positions of bytes of the section key currently in use have already been used and thus written into the cipher and should therefore not be used again. If no corresponding position of a byte value can be found for a byte value of the plaintext because all byte positions of this value have already been used, see 307 in 3 , a new section key is generated according to the steps described above and used for the encryption of the next bytes of the plain text, see 303 . Furthermore, before a next byte position is written into the cipher, the length of the previously encrypted section of the plain text file, i.e. the length of the section of the cipher last written, is written into the cipher, step 309 and field 218 . The decrypting body thus receives the information which bytes were encrypted with a section key and which are to be decrypted accordingly with the section key. The value of the length of a section of the cipher is preferably written into the cipher before the corresponding section. The encryption process is then continued with the newly generated section key. In an advantageous embodiment, any number of junk bytes can be written into a cipher section before or after the encrypted plain text data. To do this, specify how many junk bytes are specified for the corresponding cipher section. In one embodiment, the number of subsequently introduced junk bytes can be specified in a field 5f, wherein the number can be encrypted with a section key, and the corresponding junk bytes can be entered in a subsequent field 217 be specified. When reading the cipher, the decrypting body receives the information whether and, if so, which of the following bytes of a section of the cipher are to be ignored. The encryption process is ended for a plain text file when the end of the plain text file (EOF = End Of File), see 306 , was achieved. In this case the length will be of the section encrypted with the section key is written into the cipher, see 310 and field 218 , this length in turn being written to the section.

In an advantageous embodiment of the encryption method, the content of encrypted plain text bytes can be written into the cipher in reverse order, so that this section has to be reversed once during the decryption in the order of the bytes, ie. H. this section is to be read backwards. For this purpose, the cipher can have a corresponding field, the content of which provides information on whether a certain section of the cipher was written in reverse order. This can be written into the cipher for a section of the cipher using a 2-byte long key, for example.

Repositioning

In an advantageous embodiment, the encryption of a section can additionally include a change in the position of the byte pairs within a cipher section. This has the effect that the byte pairs, which each specify a position / address of a byte value in the section key, are no longer arranged in the order which corresponds to the order of the plaintext bytes. 4th shows a corresponding sequence of method steps for such a repositioning in a cipher section.

First, a position key is derived from the section key, step 410 . This contains a (pseudo-) random distribution of the values from 0 to the maximum number of byte pairs for the maximum number of byte pairs of a cipher section, ie the positions of the byte pairs. Based on the position key, the byte pairs can be repositioned within a cipher section, ie the sequence of the byte pairs is changed according to an assignment rule and based on the position key.

By repositioning the byte pairs of a cipher section based on the position key, the byte pairs are shifted to those positions which correspond to the values of the position key. A first byte pair is accordingly shifted to that position which corresponds to a value in the repositioning key. The second pair of bytes placed in the reading direction in the cipher section is then shifted to the position which corresponds to the value of the next value of the repositioning key in reading direction and so on. In this way, the byte pairs placed next to one another in the cipher section are shifted to those positions which are determined by the values in the position key. Values of the position key, i.e. position values that lie outside the length of the cipher section, are ignored and the next value in the reading direction is used, which designates a position that lies within the cipher section.

The repositioning of the byte pairs of a cipher section begins with the first byte pair. In one embodiment, this byte pair can be shifted to that position within the cipher section which is designated by the first value of the position key. In a further, particularly preferred embodiment, the first byte pair of the cipher section is shifted to that position which is defined by the value at the point of the shift value of the position key, that is, for the first repositioning, not the value of the first field of the position key, but that of the field indicated by the shift value is used. If this value, as already mentioned above, designates a position that lies outside the cipher section, the next value in the reading direction for the repositioning is read, see 402 , and checked again. If the end of the position key is reached when reading the next position value, the first value of the position key is used next.

In a variant of the repositioning of the byte pairs of a cipher section, the repositioning can begin with the last byte pair of the cipher section and the repositioning is carried out in the reverse order. This can be done in the metadata of a cipher section, for example in a field 219 , which is placed in front of a cipher section, the direction in which the repositioning took place must be coded.

After generating the item code, see 401 , a value of the item code is then read, see 402 . The next value of the position key is read in a loop until a value is found which designates a position in the cipher section, see 403 and 402 . Then the byte pair that is to be repositioned is read and shifted to the position in the cipher indicated by the read value, i.e. stored there, see 404 , it being clear to the person skilled in the art that the byte pair previously placed there in the cipher section must not be overwritten. Such overwriting can be prevented, for example, by using a temporary memory into which the repositioned byte pairs are initially written.

The repositioning ends 406 when the end of the cipher section is reached, see 405 , ie when all byte pairs of a cipher section have been moved to a different position within the cipher section. Otherwise, if there are still further bytes of the cipher section to be repositioned, a next position value of the position key is read and checked until a position value is found within the cipher section, see 402 and 403 .

In the exemplary embodiment selected here, the key has a length of 65536 bytes, as does the section key. Accordingly, a cipher section has fewer than 65536 byte pairs. In fact, a cipher section has fewer byte pairs, namely 256 x 255 = 65280 byte pairs, since a new section key is generated and used at the latest when all positions of a byte value in a cipher section have been used.

Wenn ein Wert des Schlüssels erstmalig in dem Sectionschlüssel vorkommt, wird dieser in den Positionsschlüssel übernommen. Dementsprechend werden die ersten Werte 117, 0, 255 und 14 des Sectionschlüssels unverändert in den Positionsschlüssel übernommen. Für den (in Leserichtung) zum zweiten Mal vorkommenden Wert 255 wird ein Wert 256 x 1 + 255 = 511 in den Positionsschlüssel geschrieben, für den zum zweiten Mal vorkommenden Wert 0 wird nach gleichem Algorithmus der Wert 256 x 1 + 0 = 256 in den Positionsschlüssel geschrieben, für den zum dritten Mal vorkommenden Wert 255 wird der Wert 256 x 2 + 255 = 767 abgeleitet und in den Positonsschlüssel geschrieben, für das dritte Vorkommen des Wertes 0 wird ein Wert von 256 x 2 + 0 = 512, für den zum vierten Mal vorkommenden Wert 0 entsprechend ein Wert 768 und für das zweite Vorkommen des Wertes 14 wird ein Wert von 270 abgeleitet und entsprechend in den Positionsschüssel geschrieben. Für den hier beispielhaft angenommenen Sectionschlüssel mit einer Gleichverteilung aller 256 Bytewerte bei einer Länge von 256 x 256 = 65536 Bytes bei zufälliger Anordnung der Werte wird dementsprechend ein Positionsschlüssel erzeugt, welcher in (pseudo) zufälliger Anordnung alle Werte von 0 bis 65535 aufweist. Auf diese Weise kann also aus dem Sectionschlüssel ein Positionsschlüssel abgeleitet werden, welcher für das Intervall entsprechend der Länge des Sectionschlüssels sämtliche Werte aufweist, jedoch jeden Wert genau einmal. Die Anordnung der Werte in dem Positionsschlüssel ist dabei (pseudo-)zufällig, da die Reihenfolge der Werte des Sectionschlüssels zufällig gewählt ist. Der für die Entschlüsselung ebenfalls notwendige Positionsschlüssel kann mit selbiger Vorschrift aus dem Sectionschlüssel abgeleitet werden und steht damit bei der Entschlüsselung zur Verfügung.In one embodiment, a position key can be derived from the section key. The position key is derived from the section key in accordance with the following regulation. The value of a byte of the position key is calculated as the sum of the byte value of the byte of the section key and the number of previous occurrences of the byte value multiplied by 256 . The section key is accordingly read byte for byte, and the bytes, ie the values of the position key, are written byte by byte. For every possible byte value, i.e. for every value in the interval 0 to 255 counts how often a respective value in the random arrangement of the section key has already been read. The following example illustrates such a derivation of the item key from a section key, the section key being shown in the top line and the item key in the bottom line.

When a value of the key appears in the section key for the first time, it is transferred to the item key. Accordingly, the first values are 117, 0, 255 and 14 of the section key transferred unchanged to the position key. For the value that occurs the second time (in reading direction) 255 becomes a value 256 x 1 + 255 = 511 written in the position key, for the value 0 occurring the second time, the value 256 x 1 + 0 = 256 written in the position key for the value that occurs the third time 255 becomes the value 256 x 2 + 255 = 767 and written to the position key, for the third occurrence of the value 0 a value of 256 x 2 + 0 = 512, for the fourth occurrence of the value 0 a value 768 and for the second occurrence of the value 14 a value of 270 is derived and written accordingly in the position key. For the section key assumed here as an example with an equal distribution of all 256 Byte values with a length of 256 x 256 = 65536 bytes if the values are arranged randomly, a position key is generated that has all values from 0 to 65535 in a (pseudo) random order. In this way, a position key can be derived from the section key, which has all values for the interval according to the length of the section key, but each value exactly once. The arrangement of the values in the position key is (pseudo-) random, since the order of the values in the section key is chosen randomly. The position key, which is also required for decryption, can be derived from the section key with the same rule and is therefore available for decryption.

It should be noted that any suitable position key can be used, as long as it is identical on the encryption and also on the decryption side, so that the same position key is used for the encryption and, correspondingly, the decryption.

In this embodiment, the position key has the same length as the section key, so that it is ensured that a repositioning key is available for each byte pair. If a cipher section has as many or fewer bytes as the repositioning key has elements, the repositioning of the cipher section can be carried out for individual bytes. For the case described here, in which the encryption of a byte of the plain text is reflected in a byte pair, this means that the two bytes of a byte pair are no longer arranged next to one another after the repositioning. Decryption The decryption of a cipher essentially comprises the steps described above in reverse order. The decrypting agency can ignore the junk bytes specified in the cipher. The decrypting body first reads a key identifier and the other unencrypted meta information, for example a version number, from the header of the cipher. Based on the version number, the decrypting agency can identify the format of the cipher. The identifier of the section key that was used to encrypt the other fields of the header can then be derived from the key based on the key identified using the key identifier and the identifier of the section key. With this, the other fields of the header can then be read, decrypted and written to a plain text file.

Likewise, based on the key and on the identifier of a section key, a section key can be derived for the subsequent decryption of a cipher section. The decryption of the encrypted plain text data then takes place in that a position of the cipher section is read and the value of the byte at the position in the section key is read and written to the plain text file. In this way, a byte value can be written to the plain text file for every 2-byte position in a cipher section. The positions of a cipher section are read in sequence until the end of a cipher section is reached. The decrypting body has the information about the length of a cipher section in the corresponding field 218 taken.

When the end of the cipher has been reached, the decrypting agency can rename the plaintext file with the original name that appears in the cipher in field 215 is coded. The decrypting agency can also check whether the length of the plain text file created matches the file length encoded in the cipher, see field 214 , matches.

In the event that it is specified for a cipher section that this cipher section was written in the reverse order, the sequence must be reversed accordingly when the section is decrypted.

During the decryption it is also necessary to check whether the byte pairs for a cipher section have been positioned based on a positioning key. In this case, the original order of the byte pairs of the cipher section is to be restored based on the positioning key, which is derived from the section key as described above. It is also necessary to check whether the repositioning is carried out in the reverse order, i. H. starting with the last byte pair of a cipher section. If necessary, the repositioning must also be carried out in the corresponding reverse order. The order of the two pairs within a cipher section can be reversed before or after the byte pairs have been decrypted. Repositioning can also be carried out using the position key either before or after decryption.

The ver or. Decryption methods can be carried out on an appropriately set up device. The device can each have a digital signal processor as well as a data memory, the data memory being set up to store an executable program code that controls or Decryption program implemented. If the program code is loaded from the data memory into the digital signal processor, the processor carries out the corresponding processing or processing. Decryption program. Furthermore, the data memory is set up and provided to store the plain text and the cipher. The digital signal processor can access the data memory for this purpose, i. H. Read content from the data memory and write content to the data memory so that the program can encrypt a plain text and decrypt it accordingly. In one embodiment, the digital signal processor and the data memory can be a PC known per se. In this case, the program can be implemented as a computer program product, which the processing or. Decryption program implemented, which is stored on a data memory, and from which it can be loaded into the signal processor. In an alternative embodiment, the digital signal processor and the data memory can be implemented in a so-called application-specific IC (ASIC).

List of reference symbols

100

key

110

Bytes of different values of the key

120

Header of the key

200

Cipher

210

Header

220, 221

Cipher section

211

Key identifier

212

Version, meta information

213

Identification of a section key (shift value)

214

Length of the plain text file

215

Name of the plain text file

216

Number of junk bytes

217

Junk bytes

218

Length of the cipher section (encrypted with section key)

219

Reverse encryption identifier, repositioning

300

Encryption method

301

Reading the start information

302

Header data d. Write cipher

303

Generate section key

304

Create an array

305

Read (next) plain text byte

306

End of plain text file (EOF)

307

Check byte position in the section key

308

Write byte position

309

Write ciphertext section length

310

Write the length of the cipher section

400

Repositioning procedure

401

Generating a position key

402

Read the next position value

403

Check position value

404

Repositioning

405

End of cipher section

406

end

Claims (17)

Symmetrical method for encrypting digital plain text data to form a cipher based on a digital key, the key containing a large number of bytes of each possible date, comprising - generating a section key by cyclically shifting the key by a random shift value and - storing an identifier of the section key in the cipher, and - Determining a random position of a byte in the section key, the date of the byte of the section key being identical to the date of a byte of the plain text to be encrypted, and storing the determined position in the cipher. Method according to one of the preceding claims, wherein the shift carried out for the cyclical shift of the key to generate a section key is one-to-one. Method according to one of the preceding claims, wherein the shift value is encrypted with the key before it is stored in the cipher. Method according to one of the preceding claims, wherein the size of the plain text file is stored in the cipher. Method according to one of the preceding claims, wherein the shift value is selected randomly in a predefined value range. A method according to any preceding claim, further comprising the step of storing the name of the plain text file in the cipher. Method according to one of the preceding claims, further comprising the step of generating a further section key by shifting the key by a further random shift value, and storing the further shift value in the cipher. A method according to any preceding claim, further comprising - Generating a position key based on the section key, and - Repositioning of byte pairs in the cipher based on the position key. Procedure according to Claim 8 The shifting of positions in the cipher is still based on the identifier of the section key. A method for decrypting a cipher into plain text data based on a digital key, the key containing a plurality of bytes of each possible date, comprising Reading an identifier of a section key, and Generation of the section key based on the identifier of the section key and the digital key, and Determining the value of a byte in the section key, the position of which is identical to the value of a byte pair in the cipher, and Saving the determined byte value in the plain text data. Procedure according to Claim 10 , whereby the identifier of the section key in the cipher is encrypted with the key. A method according to any one of claims ten or eleven, further comprising the step of reading the encrypted name of the plain text file, decrypting the name of the plain text file, and renaming the plain text file. Method according to one of the preceding Claims 10 - 12th , further comprising generating a position key based on the section key, and repositioning the positions based on the position key. Procedure according to Claim 13 , whereby the repositioning is still based on the identifier of the section key. A device for encrypting digital plain text data comprising a digital signal processor and a data memory, the data memory storing an executable program code which can be used in a method according to one of the above methods claims 1 to 9 implemented, and wherein the device is set up to carry out a method according to one of the aforementioned method claims. Device for decrypting a cipher, comprising a digital signal processor and a data memory, wherein the data memory stores an executable program code which a method according to any of the above Claims 10 to 15th implemented, and wherein the device for performing a method according to one of the aforementioned methods claims 10 to 15th is set up. Computer program product with instructions for execution by a digital signal processor, wherein a method according to one of the preceding method claims is executed when the instructions are executed on your computer.

Images