WO2019127863A1 - Key saving device and method, key obtaining device and method, and computer readable storage medium - Google Patents

Key saving device and method, key obtaining device and method, and computer readable storage medium Download PDF

Info

Publication number
WO2019127863A1
WO2019127863A1 PCT/CN2018/076108 CN2018076108W WO2019127863A1 WO 2019127863 A1 WO2019127863 A1 WO 2019127863A1 CN 2018076108 W CN2018076108 W CN 2018076108W WO 2019127863 A1 WO2019127863 A1 WO 2019127863A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
string
random
key string
preset
Prior art date
Application number
PCT/CN2018/076108
Other languages
French (fr)
Chinese (zh)
Inventor
易小安
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2019127863A1 publication Critical patent/WO2019127863A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Definitions

  • the present application relates to the field of information security technologies, and in particular, to a key storage and retrieval device, method, and computer readable storage medium.
  • the currently widely used key storage method is to encrypt the key and save it on the device by using a user password, for example, a key.
  • the content is directly configured in the configuration file after simple processing such as BASE64 encoding or hexadecimal encoding.
  • the security of the key storage is low. If the device is attacked, the attacker can easily obtain the key stored on the device, and then use the stolen key to impersonate the legitimate user to decrypt the information. The danger of encrypted information being stolen.
  • the present application provides a key storage and retrieval device, method, and computer readable storage medium, the main purpose of which is to improve the security of key storage.
  • the present application provides a key storage apparatus including a memory and a processor, wherein the memory stores a key save program executable on the processor, the key save program being The processor implements the following steps when executed:
  • the key obtaining apparatus Sending the key configuration file to the key obtaining apparatus, for the key obtaining apparatus to use the third key character according to the random character string and a preset decryption algorithm corresponding to the preset encryption algorithm After the string is converted into the first key string, the first key string is used for encryption or decryption operations.
  • the present application provides a key obtaining apparatus, which includes a memory and a processor, wherein the memory stores a key acquisition program executable on the processor, the key acquisition
  • the program implements the following steps when executed by the processor:
  • the third key character is obtained from the preset storage area, and the random character string corresponding to the third key string is obtained from the privileged account management system;
  • the target information is encrypted or decrypted using the first key string.
  • the present application further provides a key saving method, where the method includes:
  • the key obtaining apparatus Sending the key configuration file to the key obtaining apparatus, for the key obtaining apparatus to use the third key character according to the random character string and a preset decryption algorithm corresponding to the preset encryption algorithm After the string is converted into the first key string, the first key string is used for encryption or decryption operations.
  • the present application further provides a key acquisition method, where the method includes:
  • the third key character is obtained from the preset storage area, and the random character string corresponding to the third key string is obtained from the privileged account management system;
  • the target information is encrypted or decrypted using the first key string.
  • the present application further provides a computer readable storage medium having a key save program stored thereon, the key save program being executable by one or more processors, To achieve the following steps:
  • the key obtaining apparatus Sending the key configuration file to the key obtaining apparatus, for the key obtaining apparatus to use the third key character according to the random character string and a preset decryption algorithm corresponding to the preset encryption algorithm After the string is converted into the first key string, the first key string is used for encryption or decryption operations.
  • the present application further provides a computer readable storage medium having a key acquisition program stored thereon, the key acquisition program being executable by one or more processors, To achieve the following steps:
  • the third key character is obtained from the preset storage area, and the random character string corresponding to the third key string is obtained from the privileged account management system;
  • the target information is encrypted or decrypted using the first key string.
  • the device, the method, and the computer readable storage medium provided by the application after acquiring the first key string to be saved, generate a random string based on the random string generator, and store the random string to the privileged account management.
  • the system performs a transform process on the first key string according to the random string to generate a second key string, the second key string being the same as the characters in the first key string, and the order of the characters is different.
  • Applying a preset encryption algorithm the second key string is encrypted to generate a third key string, adding the third key string to the key configuration file, and transmitting the key configuration file to the key acquisition device.
  • the key obtaining apparatus may convert the third key string into the first key string according to the random string and the preset decryption algorithm corresponding to the preset encryption algorithm, and then use the first key string to encrypt or decrypt. Operation, the above solution converts the key to be saved based on the random string, and encrypts it and sends it to the key acquisition device. Even if the key is acquired by the attacker, the random string and the decryption algorithm cannot be obtained. In this case, the key cannot be used to decrypt the information; and the random string is stored in the privileged account management system and is not transmitted between the sender of the message and the device of the receiver, thereby further improving the security of the key storage. .
  • FIG. 1 is a schematic diagram of a preferred embodiment of a key storage device of the present application.
  • FIG. 2 is a schematic diagram of a program module of a key saving program in an embodiment of a key holding device of the present application
  • FIG. 3 is a flowchart of a preferred embodiment of a key saving method of the present application.
  • FIG. 4 is a schematic diagram of a preferred embodiment of a key acquisition apparatus of the present application.
  • FIG. 5 is a flowchart of a preferred embodiment of a key acquisition method of the present application.
  • the application provides a key storage device.
  • FIG. 1 a schematic diagram of a preferred embodiment of a key storage device of the present application is shown.
  • the key storage device may be a PC (Personal Computer), or may be a terminal device such as a smart phone, a tablet computer, an e-book reader, or a portable computer.
  • PC Personal Computer
  • terminal device such as a smart phone, a tablet computer, an e-book reader, or a portable computer.
  • the key holding means includes at least a memory 11, a processor 12, a communication bus 13, and a network interface 14.
  • the memory 11 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (for example, an SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like.
  • the memory 11 may in some embodiments be an internal storage unit of a key holding device, such as a hard disk of the key holding device.
  • the memory 11 may also be an external storage device of the key storage device in other embodiments, such as a plug-in hard disk equipped with a key storage device, a smart memory card (SMC), and a secure digital (Secure Digital, SD) card, flash card, etc.
  • the memory 11 may also include both an internal storage unit of the key holding device and an external storage device.
  • the memory 11 can be used not only for storing application software installed in the key holding device and various types of data, such as code of a key save program, but also for temporarily storing data that has been output or is to be output.
  • the processor 12 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor or other data processing chip for running program code or processing stored in the memory 11. Data, such as executing a key save program.
  • CPU Central Processing Unit
  • controller microcontroller
  • microprocessor or other data processing chip for running program code or processing stored in the memory 11.
  • Data such as executing a key save program.
  • Communication bus 13 is used to implement connection communication between these components.
  • the network interface 14 can optionally include a standard wired interface, a wireless interface (such as a WI-FI interface), and is typically used to establish a communication connection between the device and other electronic devices.
  • a standard wired interface such as a WI-FI interface
  • Figure 1 shows only the key holding device with components 11-14 and the key save program, but it should be understood that not all illustrated components may be implemented, and more or fewer components may be implemented instead.
  • the device may further include a user interface
  • the user interface may include a display
  • an input unit such as a keyboard
  • the optional user interface may further include a standard wired interface and a wireless interface.
  • the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch sensor, or the like.
  • the display may also be suitably referred to as a display screen or display unit for displaying information processed in the key holding device and a user interface for displaying the visualization.
  • the device may also include a touch sensor.
  • the area provided by the touch sensor for the user to perform a touch operation is referred to as a touch area.
  • the touch sensor described herein may be a resistive touch sensor, a capacitive touch sensor, or the like.
  • the touch sensor includes not only a contact type touch sensor but also a proximity type touch sensor or the like.
  • the touch sensor may be a single sensor or a plurality of sensors arranged in an array.
  • the area of the display of the device may be the same as or different from the area of the touch sensor.
  • a display is stacked with the touch sensor to form a touch display. The device detects a user-triggered touch operation based on a touch screen display.
  • the device may further include a camera, an RF (Radio Frequency) circuit, a sensor, an audio circuit, a WiFi module, and the like.
  • sensors such as light sensors, motion sensors, and other sensors.
  • the light sensor may include an ambient light sensor and a proximity sensor, wherein if the device is a mobile terminal, the ambient light sensor may adjust the brightness of the display screen according to the brightness of the ambient light, and the proximity sensor may move when the mobile terminal moves to the ear. , turn off the display and / or backlight.
  • the gravity acceleration sensor can detect the magnitude of acceleration in each direction (usually three axes), and can detect the magnitude and direction of gravity when stationary, and can be used to identify the posture of the mobile terminal (such as horizontal and vertical screen switching, Related games, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping), etc.; of course, the mobile terminal can also be equipped with other sensors such as gyroscope, barometer, hygrometer, thermometer, infrared sensor, etc. No longer.
  • a key save program is stored in the memory 11; when the processor 12 executes the key save program stored in the memory 11, the following steps are implemented:
  • a random string is generated based on the random string generator, and the random string is stored to the privileged account management system.
  • the first key string to be saved in this embodiment may be obtained from an encryption machine or generated according to a preset key generation rule. After obtaining the first key string to be saved, acquiring a random string based on the random string generator, and storing the random string in the privileged account management system for permission to log in to the privileged account management system The key recipient gets a random string from the system.
  • the random string storage management can be performed, and only the privileged user can log in to the system to obtain a random character string. Therefore, in this embodiment, the random string is not required to be carried in the configuration file, and the key is not required to be transmitted between the sender of the key and the device of the receiver, thereby further improving the security of the key storage.
  • the step of generating the second key string includes: performing the random string according to a preset key length.
  • the e-th bit and the 2048-e bit of the first key string are extracted, and placed at the first and last ends of the key respectively to obtain a second key string.
  • other displacement processing may be adopted.
  • displacement processing There are many other types of displacement processing, which are not listed here.
  • a random string may also be inserted at a specific location in the first key string to confuse the first key string, wherein the first key string is the same as the random string The hex.
  • the key obtaining apparatus Sending the key configuration file to the key obtaining apparatus, for the key obtaining apparatus to use the third key character according to the random character string and a preset decryption algorithm corresponding to the preset encryption algorithm After the string is converted into the first key string, the first key string is used for encryption or decryption operations.
  • the foregoing preset encryption algorithm may be a DES (Data Encryption Standard) encryption algorithm or an AES (Advanced Encryption Standard) encryption algorithm.
  • the above random character string can be used as a key.
  • a third key string is generated, and the third key string is added to the key configuration file and sent to the key acquisition device.
  • the key acquisition device After receiving the key configuration file sent by the key storage device, it is stored in a preset storage area.
  • the third key character is obtained from the preset storage area, and the random character string corresponding to the third key string is obtained from the privileged account management system;
  • the target information is encrypted or decrypted using the first key string.
  • the stored key configuration file is read from the preset storage area, and the third key string is extracted therefrom.
  • the string cannot be used for encryption and decryption. In this case, you need to log in to the privilege management system to obtain a random string corresponding to the third key string. Use the random string and the default decryption algorithm for the third key.
  • the key string is reversely decrypted to obtain a second key string, and the displacement parameter is calculated according to the same method as above, and the second key string is reversely deformed using the displacement parameter to generate a first key.
  • the preset encryption algorithm is a reversible encryption algorithm.
  • the random string and the first key string in the cache are deleted.
  • the key saving apparatus is not limited to only having the function of processing and safely storing the first key string to be saved, and in other embodiments, by performing the above The step implementation converts the third key string into a first key string for encrypting and decrypting the information.
  • the foregoing apparatus After acquiring the first key string to be saved, the foregoing apparatus according to the embodiment generates a random character string based on the random string generator, and stores the random string in the privileged account management system according to the random string pair.
  • a key string is transformed to generate a second key string, the second key string being the same as the characters in the first key string, and the order of the characters is different.
  • Applying a preset encryption algorithm the second key string is encrypted to generate a third key string, adding the third key string to the key configuration file, and transmitting the key configuration file to the key acquisition device.
  • the key obtaining apparatus may convert the third key string into the first key string according to the random string and the preset decryption algorithm corresponding to the preset encryption algorithm, and then use the first key string to encrypt or decrypt. Operation, the above solution converts the key to be saved based on the random string, and encrypts it and sends it to the key acquisition device. Even if the key is acquired by the attacker, the random string and the decryption algorithm cannot be obtained. In this case, the key cannot be used to decrypt the information; and the random string is stored in the privileged account management system and is not transmitted between the sender of the message and the device of the receiver, thereby further improving the security of the key storage. .
  • the key save program may also be divided into one or more modules, one or more modules are stored in the memory 11 and are composed of one or more processors (this embodiment) Illustrated by the processor 12) to complete the application, a module referred to herein refers to a series of computer program instructions that are capable of performing a particular function for describing the execution of a key save program in a key holding device.
  • FIG. 2 it is a schematic diagram of a program module of a key saving program in an embodiment of the key storage device of the present application.
  • the key saving program may be divided into an obtaining module 110 and a storage module 120.
  • the transform module 130, the encryption module 140, and the sending module 150 are exemplarily:
  • the obtaining module 110 is configured to: acquire a first key string to be saved;
  • the storage module 120 is configured to: generate a random string based on the random string generator, and store the random string into the privileged account management system;
  • the transform module 130 is configured to: perform a transform process on the first key string according to the random string to generate a second key string, where the second key string and the first key The characters in the string are the same and the characters are arranged in different order;
  • the encryption module 140 is configured to: perform encryption processing on the second key string by using a preset encryption algorithm to generate a third key string, and add the third key string to the key configuration file;
  • the sending module 150 is configured to send the key configuration file to the key obtaining apparatus, where the key obtaining apparatus sends the key acquiring apparatus according to the random character string and a preset decryption algorithm corresponding to the preset encryption algorithm. After the third key string is converted into the first key string, the first key string is used for encryption or decryption operations.
  • the present application also provides a key saving method.
  • FIG. 3 it is a flowchart of a preferred embodiment of the key saving method of the present application. The method can be performed by a device that can be implemented by software and/or hardware.
  • the key saving method includes:
  • Step S110 Acquire a first key string to be saved.
  • Step S120 Generate a random character string based on the random string generator, and store the random string into the privileged account management system.
  • the method of the present embodiment is described by using the key storage device as an execution entity.
  • the first key string to be saved in this embodiment may be obtained from the encryption machine, or Pre-set key generation rules are generated. After obtaining the first key string to be saved, acquiring a random string based on the random string generator, and storing the random string in the privileged account management system for permission to log in to the privileged account management system The key recipient gets a random string from the system.
  • the random string storage management can be performed, and only the privileged user can log in to the system to obtain a random character string. Therefore, in this embodiment, the random string is not required to be carried in the configuration file, and the key is not required to be transmitted between the sender of the key and the device of the receiver, thereby further improving the security of the key storage.
  • Step S130 Perform a transform process on the first key string according to the random string to generate a second key string, where the second key string and the first key string are The characters are the same and the characters are arranged in different order.
  • the first key string is transformed according to the random string
  • the step of generating the second key string includes: performing the random string according to a preset key length.
  • the e-th bit and the 2048-e bit of the first key string are extracted, and placed at the first and last ends of the key respectively to obtain a second key string.
  • other displacement processing may be adopted.
  • displacement processing There are many other types of displacement processing, which are not listed here.
  • a random string may also be inserted at a specific location in the first key string to confuse the first key string, wherein the first key string is the same as the random string The hex.
  • Step S140 performing encryption processing on the second key string by using a preset encryption algorithm to generate a third key string, and adding the third key string to the key configuration file;
  • Step S150 Send the key configuration file to the key obtaining apparatus, so that the key obtaining apparatus sets the third according to the random character string and a preset decryption algorithm corresponding to the preset encryption algorithm. After the key string is converted into the first key string, the first key string is used for encryption or decryption operations.
  • the foregoing preset encryption algorithm may be a DES (Data Encryption Standard) encryption algorithm or an AES (Advanced Encryption Standard) encryption algorithm.
  • the above random character string can be used as a key.
  • a third key string is generated, and the third key string is added to the key configuration file and sent to the key acquisition device.
  • the key acquisition device After receiving the key configuration file sent by the key storage device, it is stored in a preset storage area.
  • the third key character is obtained from the preset storage area, and the random character string corresponding to the third key string is obtained from the privileged account management system;
  • the target information is encrypted or decrypted using the first key string.
  • the stored key configuration file is read from the preset storage area, and the third key string is extracted therefrom.
  • the string cannot be used for encryption and decryption. In this case, you need to log in to the privilege management system to obtain a random string corresponding to the third key string. Use the random string and the default decryption algorithm for the third key.
  • the key string is reversely decrypted to obtain a second key string, and the displacement parameter is calculated according to the same method as above, and the second key string is reversely deformed using the displacement parameter to generate a first key.
  • the preset encryption algorithm is a reversible encryption algorithm.
  • the random string and the first key string in the cache are deleted.
  • the key saving apparatus is not limited to only having the function of processing and safely storing the first key string to be saved, and in other embodiments, by performing the above The step implementation converts the third key string into a first key string for encrypting and decrypting the information.
  • the key saving method in this embodiment obtains a first key string to be saved, generates a random string based on the random string generator, and stores the random string in the privileged account management system according to the random string. Transforming the first key string to generate a second key string, the second key string being the same as the characters in the first key string, and the order of the characters is different. Applying a preset encryption algorithm, the second key string is encrypted to generate a third key string, adding the third key string to the key configuration file, and transmitting the key configuration file to the key acquisition device.
  • the key obtaining apparatus may convert the third key string into the first key string according to the random string and the preset decryption algorithm corresponding to the preset encryption algorithm, and then use the first key string to encrypt or decrypt.
  • the above solution converts the key to be saved based on the random string, and encrypts it and sends it to the key acquisition device. Even if the key is acquired by the attacker, the random string and the decryption algorithm cannot be obtained. In this case, the key cannot be used to decrypt the information; and the random string is stored in the privileged account management system and is not transmitted between the sender of the message and the device of the receiver, thereby further improving the security of the key storage. .
  • FIG. 4 it is a schematic diagram of a preferred embodiment of a key acquisition apparatus of the present application.
  • the key acquisition device may be a PC (Personal Computer), or may be a terminal device such as a smart phone, a tablet computer, an e-book reader, or a portable computer.
  • PC Personal Computer
  • terminal device such as a smart phone, a tablet computer, an e-book reader, or a portable computer.
  • the key acquisition means includes at least a memory 21, a processor 22, a communication bus 23, and a network interface 24.
  • the memory 21 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (for example, an SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like.
  • the memory 21 may be an internal storage unit of the key acquisition device, such as a hard disk of the key acquisition device, in some embodiments.
  • the memory 21 may also be an external storage device of the key acquisition device in other embodiments, such as a plug-in hard disk equipped on the key acquisition device, a smart memory card (SMC), and a secure digital (Secure Digital, SD) card, flash card, etc. Further, the memory 21 may also include both an internal storage unit of the key acquisition device and an external storage device.
  • the memory 21 can be used not only for storing application software installed in the key acquisition device and various types of data, such as code of a key acquisition program, but also for temporarily storing data that has been output or is to be output.
  • the processor 22 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor or other data processing chip for running program code or processing stored in the memory 21. Data, such as executing a key acquisition program.
  • CPU Central Processing Unit
  • controller microcontroller
  • microprocessor or other data processing chip for running program code or processing stored in the memory 21. Data, such as executing a key acquisition program.
  • Communication bus 23 is used to implement connection communication between these components.
  • the network interface 24 can optionally include a standard wired interface, a wireless interface (such as a WI-FI interface), and is typically used to establish a communication connection between the device and other electronic devices.
  • a standard wired interface such as a WI-FI interface
  • FIG. 4 shows only the key acquisition means with components 21-24 and the key acquisition procedure, but it should be understood that not all illustrated components may be implemented, and more or fewer components may be implemented instead.
  • the device may further include a user interface
  • the user interface may include a display
  • an input unit such as a keyboard
  • the optional user interface may further include a standard wired interface and a wireless interface.
  • the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch sensor, or the like.
  • the display may also be suitably referred to as a display screen or display unit for displaying information processed in the key acquisition device and a user interface for displaying visualizations.
  • the device may also include a touch sensor.
  • the area provided by the touch sensor for the user to perform a touch operation is referred to as a touch area.
  • the touch sensor described herein may be a resistive touch sensor, a capacitive touch sensor, or the like.
  • the touch sensor includes not only a contact type touch sensor but also a proximity type touch sensor or the like.
  • the touch sensor can be a single sensor or a plurality of sensors arranged in an array.
  • the area of the display of the device may be the same as or different from the area of the touch sensor.
  • a display is stacked with the touch sensor to form a touch display. The device detects a user-triggered touch operation based on a touch screen display.
  • the device may further include a camera, an RF (Radio Frequency) circuit, a sensor, an audio circuit, a WiFi module, and the like.
  • sensors such as light sensors, motion sensors, and other sensors.
  • the light sensor may include an ambient light sensor and a proximity sensor, wherein if the device is a mobile terminal, the ambient light sensor may adjust the brightness of the display screen according to the brightness of the ambient light, and the proximity sensor may move when the mobile terminal moves to the ear. , turn off the display and / or backlight.
  • the gravity acceleration sensor can detect the magnitude of acceleration in each direction (usually three axes), and can detect the magnitude and direction of gravity when stationary, and can be used to identify the posture of the mobile terminal (such as horizontal and vertical screen switching, Related games, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping), etc.; of course, the mobile terminal can also be equipped with other sensors such as gyroscope, barometer, hygrometer, thermometer, infrared sensor, etc. No longer.
  • a key acquisition program is stored in the memory 21; when the processor 22 executes the key acquisition program stored in the memory 21, the following steps are implemented:
  • the third key character is obtained from the preset storage area, and the random character string corresponding to the third key string is obtained from the privileged account management system;
  • the target information is encrypted or decrypted using the first key string.
  • the second key string is inversely transformed according to the obtained random string
  • the step of generating the first key string includes: performing a modular operation on the random string according to a preset key length, and The result of the operation is used as a displacement parameter; the second key string is reversely deformed to generate a first key string.
  • the key obtaining program may be further executed by the processor to perform the following steps after the step of encrypting or decrypting the target information by using the first key string: after completing the encryption or decryption operation, Delete the random string and the first key string in the cache.
  • the present application also provides a key acquisition method.
  • FIG. 5 it is a flowchart of a preferred embodiment of the key acquisition method of the present application. The method can be performed by a device that can be implemented by software and/or hardware.
  • the key acquisition method includes:
  • step S210 when the target information is to be encrypted or decrypted, the third key character is obtained from the preset storage area, and the random character string corresponding to the third key string is obtained from the privileged account management system;
  • Step S220 Perform a reverse decryption operation on the third key string by using a random string and a preset decryption algorithm to obtain a second key string.
  • Step S230 Perform inverse transform processing on the second key string according to the obtained random character string to generate a first key string.
  • Step S240 using the first key string to encrypt or decrypt the target information.
  • the embodiment of the present application further provides a computer readable storage medium, where the key storage program is stored on the computer readable storage medium, and the key saving program can be executed by one or more processors to implement the following operating:
  • the key obtaining apparatus Sending the key configuration file to the key obtaining apparatus, for the key obtaining apparatus to use the third key character according to the random character string and a preset decryption algorithm corresponding to the preset encryption algorithm After the string is converted into the first key string, the first key string is used for encryption or decryption operations.
  • the embodiment of the present application further provides a computer readable storage medium, where the computer readable storage medium stores a key acquisition program, and the acquisition save program can be executed by one or more processors to implement the following operations. :
  • the third key character is obtained from the preset storage area, and the random string corresponding to the third key string is obtained from the privileged account management system; And performing a reverse decryption operation on the third key string by using a random string and a preset decryption algorithm to obtain a second key string; performing inverse transformation on the second key string according to the obtained random string Processing, generating a first key string; using the first key string to encrypt or decrypt the target information.
  • the technical solution of the present application which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM as described above). , a disk, an optical disk, including a number of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the methods described in the various embodiments of the present application.
  • a terminal device which may be a mobile phone, a computer, a server, or a network device, etc.

Abstract

Disclosed in the present application is a key saving device, comprising a memory and a processor. A key saving program that can be run on the processor is stored on the memory. The program is executed by the processor to implement the following steps: obtaining a first key string to be saved; generating a random string on the basis of a random string generator and storing the random string to a privileged account management system; converting the first key string according to the random string to generate a second key string; encrypting the second key string by means of an encryption algorithm to generate a third key string, adding the third key string to a key configuration file, and sending the key configuration file to a key obtaining device for the key obtaining device to store and use. The present application also provides a key saving method, a key obtaining device and method, and a computer readable storage medium. The present application improves the security of key storage.

Description

密钥保存和获取装置、方法及计算机可读存储介质Key saving and acquiring device, method and computer readable storage medium
本申请基于巴黎公约申明享有2017年12月29日递交的申请号为201711484445.1、名称为“密钥保存和获取装置、方法及计算机可读存储介质”的中国专利申请的优先权,该中国专利申请的整体内容以参考的方式结合在本申请中。The present application is based on the priority of the Chinese Patent Application entitled "Key Storage and Acquisition Device, Method and Computer-Readable Storage Medium" filed on Dec. 29, 2017, filed on Dec. 29, 2017, which is entitled The overall content is incorporated herein by reference.
技术领域Technical field
本申请涉及信息安全技术领域,尤其涉及一种密钥保存和获取装置、方法及计算机可读存储介质。The present application relates to the field of information security technologies, and in particular, to a key storage and retrieval device, method, and computer readable storage medium.
背景技术Background technique
在使用密钥对信息加密进行传输的方案中,需要对密钥进行安全地存储,目前广泛采用的密钥保存方法是,使用用户密码将密钥加密后保存在设备上,例如,将密钥的内容进行BASE64编码或16进制编码等简单处理后直接配置在配置文件中。对于这种保存方式来说,密钥存储的安全性低,如果设备被攻击,攻击者很容易获取到设备上存储的密钥,进而利用窃取的密钥冒充合法用户对信息进行解密,面临着加密信息被窃取的危险。In the scheme of encrypting and transmitting information by using a key, the key needs to be stored securely. The currently widely used key storage method is to encrypt the key and save it on the device by using a user password, for example, a key. The content is directly configured in the configuration file after simple processing such as BASE64 encoding or hexadecimal encoding. For this type of storage, the security of the key storage is low. If the device is attacked, the attacker can easily obtain the key stored on the device, and then use the stolen key to impersonate the legitimate user to decrypt the information. The danger of encrypted information being stolen.
发明内容Summary of the invention
本申请提供一种密钥保存和获取装置、方法及计算机可读存储介质,其主要目的在于提高密钥存储的安全性。The present application provides a key storage and retrieval device, method, and computer readable storage medium, the main purpose of which is to improve the security of key storage.
为实现上述目的,本申请提供一种密钥保存装置,该装置包括存储器和处理器,所述存储器中存储有可在所述处理器上运行的密钥保存程序,所述密钥保存程序被所述处理器执行时实现如下步骤:To achieve the above object, the present application provides a key storage apparatus including a memory and a processor, wherein the memory stores a key save program executable on the processor, the key save program being The processor implements the following steps when executed:
获取待保存的第一密钥字符串;Obtaining a first key string to be saved;
基于随机字符串生成器生成随机字符串,将所述随机字符串存储至特权账号管理系统;Generating a random string based on the random string generator, and storing the random string to the privileged account management system;
根据所述随机字符串对所述第一密钥字符串做变换处理,生成第二密钥字符串,其中,所述第二密钥字符串与所述第一密钥字符串中的字符相同、字符的排列顺序不同;Performing transformation processing on the first key string according to the random string to generate a second key string, wherein the second key string is the same as the character in the first key string , the order of characters is different;
使用预设加密算法对所述第二密钥字符串进行加密处理以生成第三密钥 字符串,并将所述第三密钥字符串添加至密钥配置文件中;Encrypting the second key string using a preset encryption algorithm to generate a third key string, and adding the third key string to the key configuration file;
将所述密钥配置文件发送至密钥获取装置,以供所述密钥获取装置根据所述随机字符串和与所述预设加密算法对应的预设解密算法将所述第三密钥字符串转换为第一密钥字符串后,使用所述第一密钥字符串进行加密或者解密操作。Sending the key configuration file to the key obtaining apparatus, for the key obtaining apparatus to use the third key character according to the random character string and a preset decryption algorithm corresponding to the preset encryption algorithm After the string is converted into the first key string, the first key string is used for encryption or decryption operations.
此外,为实现上述目的,本申请提供一种密钥获取装置,该装置包括存储器和处理器,所述存储器中存储有可在所述处理器上运行的密钥获取程序,所述密钥获取程序被所述处理器执行时实现如下步骤:In addition, in order to achieve the above object, the present application provides a key obtaining apparatus, which includes a memory and a processor, wherein the memory stores a key acquisition program executable on the processor, the key acquisition The program implements the following steps when executed by the processor:
在需要对目标信息进行加密或者解密操作时,从预设存储区域中获取第三密钥字符,并从特权账号管理系统中获取所述第三密钥字符串对应的随机字符串;When the target information is to be encrypted or decrypted, the third key character is obtained from the preset storage area, and the random character string corresponding to the third key string is obtained from the privileged account management system;
使用所述随机字符串和预设解密算法对所述第三密钥字符串进行逆向解密操作,获取第二密钥字符串;Performing a reverse decryption operation on the third key string by using the random string and a preset decryption algorithm to obtain a second key string;
按照获取的所述随机字符串对所述第二密钥字符串做逆变换处理,生成第一密钥字符串;Performing inverse transform processing on the second key string according to the obtained random string to generate a first key string;
使用该第一密钥字符串对目标信息进行加密或者解密操作。The target information is encrypted or decrypted using the first key string.
此外,为实现上述目的,本申请还提供一种密钥保存方法,该方法包括:In addition, to achieve the above object, the present application further provides a key saving method, where the method includes:
获取待保存的第一密钥字符串;Obtaining a first key string to be saved;
基于随机字符串生成器生成随机字符串,将所述随机字符串存储至特权账号管理系统;Generating a random string based on the random string generator, and storing the random string to the privileged account management system;
根据所述随机字符串对所述第一密钥字符串做变换处理,生成第二密钥字符串,其中,所述第二密钥字符串与所述第一密钥字符串中的字符相同、字符的排列顺序不同;Performing transformation processing on the first key string according to the random string to generate a second key string, wherein the second key string is the same as the character in the first key string , the order of characters is different;
使用预设加密算法对所述第二密钥字符串进行加密处理以生成第三密钥字符串,并将所述第三密钥字符串添加至密钥配置文件中;Encrypting the second key string to generate a third key string using a preset encryption algorithm, and adding the third key string to the key configuration file;
将所述密钥配置文件发送至密钥获取装置,以供所述密钥获取装置根据所述随机字符串和与所述预设加密算法对应的预设解密算法将所述第三密钥字符串转换为第一密钥字符串后,使用所述第一密钥字符串进行加密或者解密操作。Sending the key configuration file to the key obtaining apparatus, for the key obtaining apparatus to use the third key character according to the random character string and a preset decryption algorithm corresponding to the preset encryption algorithm After the string is converted into the first key string, the first key string is used for encryption or decryption operations.
此外,为实现上述目的,本申请还提供一种密钥获取方法,该方法包括:In addition, to achieve the above object, the present application further provides a key acquisition method, where the method includes:
在需要对目标信息进行加密或者解密操作时,从预设存储区域中获取第三密钥字符,并从特权账号管理系统中获取所述第三密钥字符串对应的随机 字符串;When the target information is to be encrypted or decrypted, the third key character is obtained from the preset storage area, and the random character string corresponding to the third key string is obtained from the privileged account management system;
使用所述随机字符串和预设解密算法对所述第三密钥字符串进行逆向解密操作,获取第二密钥字符串;Performing a reverse decryption operation on the third key string by using the random string and a preset decryption algorithm to obtain a second key string;
按照获取的所述随机字符串对所述第二密钥字符串做逆变换处理,生成第一密钥字符串;Performing inverse transform processing on the second key string according to the obtained random string to generate a first key string;
使用该第一密钥字符串对目标信息进行加密或者解密操作。The target information is encrypted or decrypted using the first key string.
此外,为实现上述目的,本申请还提供一种计算机可读存储介质,所述计算机可读存储介质上存储有密钥保存程序,所述密钥保存程序可被一个或者多个处理器执行,以实现如下步骤:Moreover, in order to achieve the above object, the present application further provides a computer readable storage medium having a key save program stored thereon, the key save program being executable by one or more processors, To achieve the following steps:
获取待保存的第一密钥字符串;Obtaining a first key string to be saved;
基于随机字符串生成器生成随机字符串,将所述随机字符串存储至特权账号管理系统;Generating a random string based on the random string generator, and storing the random string to the privileged account management system;
根据所述随机字符串对所述第一密钥字符串做变换处理,生成第二密钥字符串,其中,所述第二密钥字符串与所述第一密钥字符串中的字符相同、字符的排列顺序不同;Performing transformation processing on the first key string according to the random string to generate a second key string, wherein the second key string is the same as the character in the first key string , the order of characters is different;
使用预设加密算法对所述第二密钥字符串进行加密处理以生成第三密钥字符串,并将所述第三密钥字符串添加至密钥配置文件中;Encrypting the second key string to generate a third key string using a preset encryption algorithm, and adding the third key string to the key configuration file;
将所述密钥配置文件发送至密钥获取装置,以供所述密钥获取装置根据所述随机字符串和与所述预设加密算法对应的预设解密算法将所述第三密钥字符串转换为第一密钥字符串后,使用所述第一密钥字符串进行加密或者解密操作。Sending the key configuration file to the key obtaining apparatus, for the key obtaining apparatus to use the third key character according to the random character string and a preset decryption algorithm corresponding to the preset encryption algorithm After the string is converted into the first key string, the first key string is used for encryption or decryption operations.
此外,为实现上述目的,本申请还提供一种计算机可读存储介质,所述计算机可读存储介质上存储有密钥获取程序,所述密钥获取程序可被一个或者多个处理器执行,以实现如下步骤:In addition, in order to achieve the above object, the present application further provides a computer readable storage medium having a key acquisition program stored thereon, the key acquisition program being executable by one or more processors, To achieve the following steps:
在需要对目标信息进行加密或者解密操作时,从预设存储区域中获取第三密钥字符,并从特权账号管理系统中获取所述第三密钥字符串对应的随机字符串;When the target information is to be encrypted or decrypted, the third key character is obtained from the preset storage area, and the random character string corresponding to the third key string is obtained from the privileged account management system;
使用所述随机字符串和预设解密算法对所述第三密钥字符串进行逆向解密操作,获取第二密钥字符串;Performing a reverse decryption operation on the third key string by using the random string and a preset decryption algorithm to obtain a second key string;
按照获取的所述随机字符串对所述第二密钥字符串做逆变换处理,生成第一密钥字符串;Performing inverse transform processing on the second key string according to the obtained random string to generate a first key string;
使用该第一密钥字符串对目标信息进行加密或者解密操作。The target information is encrypted or decrypted using the first key string.
本申请提出的上述装置、方法,及计算机可读存储介质,获取待保存的第一密钥字符串之后,基于随机字符串生成器生成随机字符串,并将该随机字符串存储至特权账号管理系统,根据随机字符串对第一密钥字符串做变换处理生成第二密钥字符串,该第二密钥字符串与第一密钥字符串中的字符相同,字符的顺序排列不同。适用预设加密算法度第二密钥字符串进行加密处理生成第三密钥字符串,将第三密钥字符串添加到密钥配置文件中,将密钥配置文件发送至密钥获取装置,密钥获取装置可以根据上述随机字符串和与预设加密算法对应的预设解密算法将第三密钥字符串转换为第一密钥字符串后,使用第一密钥字符串进行加密或者解密操作,上述方案基于随机字符串对需要保存的密钥进行变换处理,并再次对其加密后发送给密钥获取装置使用,即使该密钥被攻击者获取,在无法获知随机字符串以及解密算法的情况下,也无法使用该密钥对信息进行解密;并且,随机字符串存储在特权账号管理系统中,不在信息发送方与接收方的设备之间传递,进一步提高了密钥存储的安全性。The device, the method, and the computer readable storage medium provided by the application, after acquiring the first key string to be saved, generate a random string based on the random string generator, and store the random string to the privileged account management. The system performs a transform process on the first key string according to the random string to generate a second key string, the second key string being the same as the characters in the first key string, and the order of the characters is different. Applying a preset encryption algorithm, the second key string is encrypted to generate a third key string, adding the third key string to the key configuration file, and transmitting the key configuration file to the key acquisition device. The key obtaining apparatus may convert the third key string into the first key string according to the random string and the preset decryption algorithm corresponding to the preset encryption algorithm, and then use the first key string to encrypt or decrypt. Operation, the above solution converts the key to be saved based on the random string, and encrypts it and sends it to the key acquisition device. Even if the key is acquired by the attacker, the random string and the decryption algorithm cannot be obtained. In this case, the key cannot be used to decrypt the information; and the random string is stored in the privileged account management system and is not transmitted between the sender of the message and the device of the receiver, thereby further improving the security of the key storage. .
附图说明DRAWINGS
图1为本申请密钥保存装置较佳实施例的示意图;1 is a schematic diagram of a preferred embodiment of a key storage device of the present application;
图2为本申请密钥保存装置一实施例中密钥保存程序的程序模块示意图;2 is a schematic diagram of a program module of a key saving program in an embodiment of a key holding device of the present application;
图3为本申请密钥保存方法较佳实施例的流程图;3 is a flowchart of a preferred embodiment of a key saving method of the present application;
图4为本申请密钥获取装置较佳实施例的示意图;4 is a schematic diagram of a preferred embodiment of a key acquisition apparatus of the present application;
图5为本申请密钥获取方法较佳实施例的流程图。FIG. 5 is a flowchart of a preferred embodiment of a key acquisition method of the present application.
本申请目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The implementation, functional features and advantages of the present application will be further described with reference to the accompanying drawings.
具体实施方式Detailed ways
应当理解,此处所描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。It is understood that the specific embodiments described herein are merely illustrative of the application and are not intended to be limiting.
本申请提供一种密钥保存装置。参照图1所示,为本申请密钥保存装置较佳实施例的示意图。The application provides a key storage device. Referring to FIG. 1, a schematic diagram of a preferred embodiment of a key storage device of the present application is shown.
在本实施例中,密钥保存装置可以是PC(Personal Computer,个人电脑),也可以是智能手机、平板电脑、电子书阅读器、便携计算机等终端设备。In this embodiment, the key storage device may be a PC (Personal Computer), or may be a terminal device such as a smart phone, a tablet computer, an e-book reader, or a portable computer.
该密钥保存装置至少包括存储器11、处理器12,通信总线13,以及网络 接口14。The key holding means includes at least a memory 11, a processor 12, a communication bus 13, and a network interface 14.
其中,存储器11至少包括一种类型的可读存储介质,所述可读存储介质包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、磁性存储器、磁盘、光盘等。存储器11在一些实施例中可以是密钥保存装置的内部存储单元,例如该密钥保存装置的硬盘。存储器11在另一些实施例中也可以是密钥保存装置的外部存储设备,例如密钥保存装置上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,存储器11还可以既包括密钥保存装置的内部存储单元也包括外部存储设备。存储器11不仅可以用于存储安装于密钥保存装置的应用软件及各类数据,例如密钥保存程序的代码等,还可以用于暂时地存储已经输出或者将要输出的数据。The memory 11 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (for example, an SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like. The memory 11 may in some embodiments be an internal storage unit of a key holding device, such as a hard disk of the key holding device. The memory 11 may also be an external storage device of the key storage device in other embodiments, such as a plug-in hard disk equipped with a key storage device, a smart memory card (SMC), and a secure digital (Secure Digital, SD) card, flash card, etc. Further, the memory 11 may also include both an internal storage unit of the key holding device and an external storage device. The memory 11 can be used not only for storing application software installed in the key holding device and various types of data, such as code of a key save program, but also for temporarily storing data that has been output or is to be output.
处理器12在一些实施例中可以是一中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器或其他数据处理芯片,用于运行存储器11中存储的程序代码或处理数据,例如执行密钥保存程序等。The processor 12, in some embodiments, may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor or other data processing chip for running program code or processing stored in the memory 11. Data, such as executing a key save program.
通信总线13用于实现这些组件之间的连接通信。 Communication bus 13 is used to implement connection communication between these components.
网络接口14可选的可以包括标准的有线接口、无线接口(如WI-FI接口),通常用于在该装置与其他电子设备之间建立通信连接。The network interface 14 can optionally include a standard wired interface, a wireless interface (such as a WI-FI interface), and is typically used to establish a communication connection between the device and other electronic devices.
图1仅示出了具有组件11-14以及密钥保存程序的密钥保存装置,但是应理解的是,并不要求实施所有示出的组件,可以替代的实施更多或者更少的组件。Figure 1 shows only the key holding device with components 11-14 and the key save program, but it should be understood that not all illustrated components may be implemented, and more or fewer components may be implemented instead.
可选地,该装置还可以包括用户接口,用户接口可以包括显示器(Display)、输入单元比如键盘(Keyboard),可选的用户接口还可以包括标准的有线接口、无线接口。可选地,在一些实施例中,显示器可以是LED显示器、液晶显示器、触控式液晶显示器以及OLED(Organic Light-Emitting Diode,有机发光二极管)触摸器等。其中,显示器也可以适当的称为显示屏或显示单元,用于显示在密钥保存装置中处理的信息以及用于显示可视化的用户界面。Optionally, the device may further include a user interface, the user interface may include a display, an input unit such as a keyboard, and the optional user interface may further include a standard wired interface and a wireless interface. Optionally, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch sensor, or the like. The display may also be suitably referred to as a display screen or display unit for displaying information processed in the key holding device and a user interface for displaying the visualization.
可选地,该装置还可以包括触摸传感器。所述触摸传感器所提供的供用户进行触摸操作的区域称为触控区域。此外,这里所述的触摸传感器可以为电阻式触摸传感器、电容式触摸传感器等。而且,所述触摸传感器不仅包括接触式的触摸传感器,也可包括接近式的触摸传感器等。此外,所述触摸传感器可以为单个传感器,也可以为阵列布置的多个传感器。该装置的显示器的面积可以与所述触摸传感器的面积相同,也可以不同。可选地,将显示器 与所述触摸传感器层叠设置,以形成触摸显示屏。该装置基于触摸显示屏侦测用户触发的触控操作。Optionally, the device may also include a touch sensor. The area provided by the touch sensor for the user to perform a touch operation is referred to as a touch area. Further, the touch sensor described herein may be a resistive touch sensor, a capacitive touch sensor, or the like. Moreover, the touch sensor includes not only a contact type touch sensor but also a proximity type touch sensor or the like. In addition, the touch sensor may be a single sensor or a plurality of sensors arranged in an array. The area of the display of the device may be the same as or different from the area of the touch sensor. Optionally, a display is stacked with the touch sensor to form a touch display. The device detects a user-triggered touch operation based on a touch screen display.
可选地,该装置还可以包括摄像头、RF(Radio Frequency,射频)电路,传感器、音频电路、WiFi模块等。其中,传感器比如光传感器、运动传感器以及其他传感器。具体地,光传感器可包括环境光传感器及接近传感器,其中,若该装置为移动终端,环境光传感器可根据环境光线的明暗来调节显示屏的亮度,接近传感器可在移动终端移动到耳边时,关闭显示屏和/或背光。作为运动传感器的一种,重力加速度传感器可检测各个方向上(一般为三轴)加速度的大小,静止时可检测出重力的大小及方向,可用于识别移动终端姿态的应用(比如横竖屏切换、相关游戏、磁力计姿态校准)、振动识别相关功能(比如计步器、敲击)等;当然,移动终端还可配置陀螺仪、气压计、湿度计、温度计、红外线传感器等其他传感器,在此不再赘述。Optionally, the device may further include a camera, an RF (Radio Frequency) circuit, a sensor, an audio circuit, a WiFi module, and the like. Among them, sensors such as light sensors, motion sensors, and other sensors. Specifically, the light sensor may include an ambient light sensor and a proximity sensor, wherein if the device is a mobile terminal, the ambient light sensor may adjust the brightness of the display screen according to the brightness of the ambient light, and the proximity sensor may move when the mobile terminal moves to the ear. , turn off the display and / or backlight. As a kind of motion sensor, the gravity acceleration sensor can detect the magnitude of acceleration in each direction (usually three axes), and can detect the magnitude and direction of gravity when stationary, and can be used to identify the posture of the mobile terminal (such as horizontal and vertical screen switching, Related games, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping), etc.; of course, the mobile terminal can also be equipped with other sensors such as gyroscope, barometer, hygrometer, thermometer, infrared sensor, etc. No longer.
在图1所示的装置实施例中,存储器11中存储有密钥保存程序;处理器12执行存储器11中存储的密钥保存程序时实现如下步骤:In the apparatus embodiment shown in FIG. 1, a key save program is stored in the memory 11; when the processor 12 executes the key save program stored in the memory 11, the following steps are implemented:
获取待保存的第一密钥字符串。Get the first key string to be saved.
基于随机字符串生成器生成随机字符串,将所述随机字符串存储至特权账号管理系统。A random string is generated based on the random string generator, and the random string is stored to the privileged account management system.
需要说明的是,本实施例中的待保存的第一密钥字符串可以从加密机中获取,或者按照预先设置的密钥生成规则生成。在获取到待保存的第一密钥字符串之后,基于随机字符串生成器获取一个随机字符串,并将该随机字符串存储到特权账号管理系统,以供有登录该特权账号管理系统的权限的密钥接收方从该系统中获取随机字符串。It should be noted that the first key string to be saved in this embodiment may be obtained from an encryption machine or generated according to a preset key generation rule. After obtaining the first key string to be saved, acquiring a random string based on the random string generator, and storing the random string in the privileged account management system for permission to log in to the privileged account management system The key recipient gets a random string from the system.
关于上述特权账号管理系统,能够对上述随机字符串存储管理,只有权限的用户才能够登录该系统获取随机字符串。因此,本实施例中,不需要将随机字符串携带在配置文件中传输,不就不需要在密钥的发送方与接收方的设备之间传递,进一步提高了密钥存储的安全性。Regarding the privileged account management system described above, the random string storage management can be performed, and only the privileged user can log in to the system to obtain a random character string. Therefore, in this embodiment, the random string is not required to be carried in the configuration file, and the key is not required to be transmitted between the sender of the key and the device of the receiver, thereby further improving the security of the key storage.
根据所述随机字符串对所述第一密钥字符串做变换处理,生成第二密钥字符串,其中,所述第二密钥字符串与所述第一密钥字符串中的字符相同、字符的排列顺序不同。在一些实施例中,根据所述随机字符串对所述第一密钥字符串做变换处理,生成第二密钥字符串的步骤包括:按照预设的密钥长度对所述随机字符串进行模运算,将模运算的结果作为变位参数;按照变位参数对所述第一密钥字符串进行变位处理,生成所述第二密钥字符串。假设 预设密钥长度为2048,随机字符串为k,则按照e=k mod 2048进行模运算计算得到变位参数e。抽取第一密钥字符串的第e位与第2048-e位,分别置于密钥的首位和末尾得到第二密钥字符串。或者在其他实施例中,还可以采用其他的变位处理,先将第一密钥字符串中的奇数位于偶数位变换后,抽取第一密钥字符串的第e位与第2048-e位,分别置于密钥的首位和末尾得到第二密钥字符串。还有其他多种变位处理方式,在此不再一一列举。Performing transformation processing on the first key string according to the random string to generate a second key string, wherein the second key string is the same as the character in the first key string The order of characters is different. In some embodiments, the first key string is transformed according to the random string, and the step of generating the second key string includes: performing the random string according to a preset key length. The modulo operation uses the result of the modulo operation as a displacement parameter; the first key string is subjected to a displacement process according to the displacement parameter to generate the second key string. Assuming that the preset key length is 2048 and the random string is k, the modulo operation is calculated according to e=k mod 2048 to obtain the displacement parameter e. The e-th bit and the 2048-e bit of the first key string are extracted, and placed at the first and last ends of the key respectively to obtain a second key string. Or in other embodiments, other displacement processing may be adopted. First, the odd number in the first key string is converted into an even number, and the e-th bit and the 2048-e bit of the first key string are extracted. , respectively, at the first and last ends of the key to get the second key string. There are many other types of displacement processing, which are not listed here.
在其他实施例中,还可以将随机字符串插入到第一密钥字符串中的特定位置处,以混淆该第一密钥字符串,其中,第一密钥字符串采用与随机字符串同样的进制。In other embodiments, a random string may also be inserted at a specific location in the first key string to confuse the first key string, wherein the first key string is the same as the random string The hex.
使用预设加密算法对所述第二密钥字符串进行加密处理以生成第三密钥字符串,并将所述第三密钥字符串添加至密钥配置文件中;Encrypting the second key string to generate a third key string using a preset encryption algorithm, and adding the third key string to the key configuration file;
将所述密钥配置文件发送至密钥获取装置,以供所述密钥获取装置根据所述随机字符串和与所述预设加密算法对应的预设解密算法将所述第三密钥字符串转换为第一密钥字符串后,使用所述第一密钥字符串进行加密或者解密操作。Sending the key configuration file to the key obtaining apparatus, for the key obtaining apparatus to use the third key character according to the random character string and a preset decryption algorithm corresponding to the preset encryption algorithm After the string is converted into the first key string, the first key string is used for encryption or decryption operations.
在一些实施例中,上述预设加密算法可以是DES(Data Encryption Standard,数据加密标准)加密算法或者AES(Advanced Encryption Standard,高级加密标准)加密算法等。此外,在加密时,可以将上述随机字符串作为密钥使用。按照上述加密算法加密后生成第三密钥字符串,将第三密钥字符串添加至密钥配置文件中后发送给密钥获取装置。In some embodiments, the foregoing preset encryption algorithm may be a DES (Data Encryption Standard) encryption algorithm or an AES (Advanced Encryption Standard) encryption algorithm. In addition, when encrypting, the above random character string can be used as a key. After the encryption is performed according to the above encryption algorithm, a third key string is generated, and the third key string is added to the key configuration file and sent to the key acquisition device.
对于密钥获取装置来说,在接收到上述密钥保存装置发送的密钥配置文件后,将其存储到预设的存储区域。在需要对目标信息进行加密或者解密操作时,从预设存储区域中获取第三密钥字符,并从特权账号管理系统中获取所述第三密钥字符串对应的随机字符串;For the key acquisition device, after receiving the key configuration file sent by the key storage device, it is stored in a preset storage area. When the target information is to be encrypted or decrypted, the third key character is obtained from the preset storage area, and the random character string corresponding to the third key string is obtained from the privileged account management system;
使用所述随机字符串和预设解密算法对所述第三密钥字符串进行逆向解密操作,获取第二密钥字符串;Performing a reverse decryption operation on the third key string by using the random string and a preset decryption algorithm to obtain a second key string;
按照获取的所述随机字符串对所述第二密钥字符串做逆变换处理,生成第一密钥字符串;Performing inverse transform processing on the second key string according to the obtained random string to generate a first key string;
使用该第一密钥字符串对目标信息进行加密或者解密操作。The target information is encrypted or decrypted using the first key string.
密钥获取装置需要使用密钥对目标信息进行加解密操作时,从预设存储区域读取存储的上述密钥配置文件,并从中提取出第三密钥字符串。该字符串并不能直接用来对加解密,此时,需要登录特权管理系统,从中获取与第 三密钥字符串对应的随机字符串,使用该随机字符串和预设解密算法对第三密钥字符串逆向解密得到第二密钥字符串,并按照与上文中同样的方法计算得到变位参数,使用该变位参数对第二密钥字符串进行逆向变位处理,生成第一密钥字符串。需要说明的是,预设加密算法是一种可逆的加密算法。When the key acquisition apparatus needs to perform encryption and decryption operations on the target information by using the key, the stored key configuration file is read from the preset storage area, and the third key string is extracted therefrom. The string cannot be used for encryption and decryption. In this case, you need to log in to the privilege management system to obtain a random string corresponding to the third key string. Use the random string and the default decryption algorithm for the third key. The key string is reversely decrypted to obtain a second key string, and the displacement parameter is calculated according to the same method as above, and the second key string is reversely deformed using the displacement parameter to generate a first key. String. It should be noted that the preset encryption algorithm is a reversible encryption algorithm.
可选地,为了保护第一密钥字符串和随机字符串不被泄露,在加解密操作完成后,将缓存中的随机字符串和第一密钥字符串删除。Optionally, in order to protect the first key string and the random string from being leaked, after the encryption and decryption operation is completed, the random string and the first key string in the cache are deleted.
此外,可以理解的是,本实施例提出密钥保存装置并不局限于仅仅具有对待保存的第一密钥字符串进行处理并安全保存的功能,在其他一些实施例中,还可以通过执行上述步骤实现将第三密钥字符串转换为第一密钥字符串,用来对信息进行加解密操作。In addition, it can be understood that the present embodiment provides that the key saving apparatus is not limited to only having the function of processing and safely storing the first key string to be saved, and in other embodiments, by performing the above The step implementation converts the third key string into a first key string for encrypting and decrypting the information.
本实施例提出的上述装置,获取待保存的第一密钥字符串之后,基于随机字符串生成器生成随机字符串,并将该随机字符串存储至特权账号管理系统,根据随机字符串对第一密钥字符串做变换处理生成第二密钥字符串,该第二密钥字符串与第一密钥字符串中的字符相同,字符的顺序排列不同。适用预设加密算法度第二密钥字符串进行加密处理生成第三密钥字符串,将第三密钥字符串添加到密钥配置文件中,将密钥配置文件发送至密钥获取装置,密钥获取装置可以根据上述随机字符串和与预设加密算法对应的预设解密算法将第三密钥字符串转换为第一密钥字符串后,使用第一密钥字符串进行加密或者解密操作,上述方案基于随机字符串对需要保存的密钥进行变换处理,并再次对其加密后发送给密钥获取装置使用,即使该密钥被攻击者获取,在无法获知随机字符串以及解密算法的情况下,也无法使用该密钥对信息进行解密;并且,随机字符串存储在特权账号管理系统中,不在信息发送方与接收方的设备之间传递,进一步提高了密钥存储的安全性。After acquiring the first key string to be saved, the foregoing apparatus according to the embodiment generates a random character string based on the random string generator, and stores the random string in the privileged account management system according to the random string pair. A key string is transformed to generate a second key string, the second key string being the same as the characters in the first key string, and the order of the characters is different. Applying a preset encryption algorithm, the second key string is encrypted to generate a third key string, adding the third key string to the key configuration file, and transmitting the key configuration file to the key acquisition device. The key obtaining apparatus may convert the third key string into the first key string according to the random string and the preset decryption algorithm corresponding to the preset encryption algorithm, and then use the first key string to encrypt or decrypt. Operation, the above solution converts the key to be saved based on the random string, and encrypts it and sends it to the key acquisition device. Even if the key is acquired by the attacker, the random string and the decryption algorithm cannot be obtained. In this case, the key cannot be used to decrypt the information; and the random string is stored in the privileged account management system and is not transmitted between the sender of the message and the device of the receiver, thereby further improving the security of the key storage. .
可选地,在其他的实施例中,密钥保存程序还可以被分割为一个或者多个模块,一个或者多个模块被存储于存储器11中,并由一个或多个处理器(本实施例为处理器12)所执行以完成本申请,本申请所称的模块是指能够完成特定功能的一系列计算机程序指令段,用于描述密钥保存程序在密钥保存装置中的执行过程。Optionally, in other embodiments, the key save program may also be divided into one or more modules, one or more modules are stored in the memory 11 and are composed of one or more processors (this embodiment) Illustrated by the processor 12) to complete the application, a module referred to herein refers to a series of computer program instructions that are capable of performing a particular function for describing the execution of a key save program in a key holding device.
例如,参照图2所示,为本申请密钥保存装置一实施例中的密钥保存程序的程序模块示意图,该实施例中,密钥保存程序可以被分割为获取模块110、存储模块120、变换模块130、加密模块140和发送模块150,示例性地:For example, referring to FIG. 2, it is a schematic diagram of a program module of a key saving program in an embodiment of the key storage device of the present application. In this embodiment, the key saving program may be divided into an obtaining module 110 and a storage module 120. The transform module 130, the encryption module 140, and the sending module 150 are exemplarily:
获取模块110用于:获取待保存的第一密钥字符串;The obtaining module 110 is configured to: acquire a first key string to be saved;
存储模块120用于:基于随机字符串生成器生成随机字符串,将所述随机字符串存储至特权账号管理系统;The storage module 120 is configured to: generate a random string based on the random string generator, and store the random string into the privileged account management system;
变换模块130用于:根据所述随机字符串对所述第一密钥字符串做变换处理,生成第二密钥字符串,其中,所述第二密钥字符串与所述第一密钥字符串中的字符相同、字符的排列顺序不同;The transform module 130 is configured to: perform a transform process on the first key string according to the random string to generate a second key string, where the second key string and the first key The characters in the string are the same and the characters are arranged in different order;
加密模块140用于:使用预设加密算法对所述第二密钥字符串进行加密处理以生成第三密钥字符串,并将所述第三密钥字符串添加至密钥配置文件中;The encryption module 140 is configured to: perform encryption processing on the second key string by using a preset encryption algorithm to generate a third key string, and add the third key string to the key configuration file;
发送模块150用于:将所述密钥配置文件发送至密钥获取装置,以供所述密钥获取装置根据所述随机字符串和与所述预设加密算法对应的预设解密算法将所述第三密钥字符串转换为第一密钥字符串后,使用所述第一密钥字符串进行加密或者解密操作。The sending module 150 is configured to send the key configuration file to the key obtaining apparatus, where the key obtaining apparatus sends the key acquiring apparatus according to the random character string and a preset decryption algorithm corresponding to the preset encryption algorithm. After the third key string is converted into the first key string, the first key string is used for encryption or decryption operations.
上述获取模块110、存储模块120、变换模块130、加密模块140和发送模块50等程序模块被执行时所实现的功能或操作步骤与上述实施例大体相同,在此不再赘述。The functions or operation steps of the above-mentioned acquisition module 110, the storage module 120, the conversion module 130, the encryption module 140, and the transmission module 50 are substantially the same as those in the above embodiment, and are not described herein again.
此外,本申请还提供一种密钥保存方法。参照图3所示,为本申请密钥保存方法较佳实施例的流程图。该方法可以由一个装置执行,该装置可以由软件和/或硬件实现。In addition, the present application also provides a key saving method. Referring to FIG. 3, it is a flowchart of a preferred embodiment of the key saving method of the present application. The method can be performed by a device that can be implemented by software and/or hardware.
在本实施例中,密钥保存方法包括:In this embodiment, the key saving method includes:
步骤S110,获取待保存的第一密钥字符串。Step S110: Acquire a first key string to be saved.
步骤S120,基于随机字符串生成器生成随机字符串,将所述随机字符串存储至特权账号管理系统。Step S120: Generate a random character string based on the random string generator, and store the random string into the privileged account management system.
以下实施例中以密钥保存装置作为执行主体对本实施例的方法进行说明,此外,需要说明的是,本实施例中的待保存的第一密钥字符串可以从加密机中获取,或者按照预先设置的密钥生成规则生成。在获取到待保存的第一密钥字符串之后,基于随机字符串生成器获取一个随机字符串,并将该随机字符串存储到特权账号管理系统,以供有登录该特权账号管理系统的权限的密钥接收方从该系统中获取随机字符串。In the following embodiment, the method of the present embodiment is described by using the key storage device as an execution entity. In addition, it should be noted that the first key string to be saved in this embodiment may be obtained from the encryption machine, or Pre-set key generation rules are generated. After obtaining the first key string to be saved, acquiring a random string based on the random string generator, and storing the random string in the privileged account management system for permission to log in to the privileged account management system The key recipient gets a random string from the system.
关于上述特权账号管理系统,能够对上述随机字符串存储管理,只有权限的用户才能够登录该系统获取随机字符串。因此,本实施例中,不需要将随机字符串携带在配置文件中传输,不就不需要在密钥的发送方与接收方的设备之间传递,进一步提高了密钥存储的安全性。Regarding the privileged account management system described above, the random string storage management can be performed, and only the privileged user can log in to the system to obtain a random character string. Therefore, in this embodiment, the random string is not required to be carried in the configuration file, and the key is not required to be transmitted between the sender of the key and the device of the receiver, thereby further improving the security of the key storage.
步骤S130,根据所述随机字符串对所述第一密钥字符串做变换处理,生成第二密钥字符串,其中,所述第二密钥字符串与所述第一密钥字符串中的字符相同、字符的排列顺序不同。在一些实施例中,根据所述随机字符串对所述第一密钥字符串做变换处理,生成第二密钥字符串的步骤包括:按照预设的密钥长度对所述随机字符串进行模运算,将模运算的结果作为变位参数;按照变位参数对所述第一密钥字符串进行变位处理,生成所述第二密钥字符串。假设预设密钥长度为2048,随机字符串为k,则按照e=k mod 2048进行模运算计算得到变位参数e。抽取第一密钥字符串的第e位与第2048-e位,分别置于密钥的首位和末尾得到第二密钥字符串。或者在其他实施例中,还可以采用其他的变位处理,先将第一密钥字符串中的奇数位于偶数位变换后,抽取第一密钥字符串的第e位与第2048-e位,分别置于密钥的首位和末尾得到第二密钥字符串。还有其他多种变位处理方式,在此不再一一列举。Step S130: Perform a transform process on the first key string according to the random string to generate a second key string, where the second key string and the first key string are The characters are the same and the characters are arranged in different order. In some embodiments, the first key string is transformed according to the random string, and the step of generating the second key string includes: performing the random string according to a preset key length. The modulo operation uses the result of the modulo operation as a displacement parameter; the first key string is subjected to a displacement process according to the displacement parameter to generate the second key string. Assuming that the preset key length is 2048 and the random string is k, the modulo operation is calculated according to e=k mod 2048 to obtain the displacement parameter e. The e-th bit and the 2048-e bit of the first key string are extracted, and placed at the first and last ends of the key respectively to obtain a second key string. Or in other embodiments, other displacement processing may be adopted. First, the odd number in the first key string is converted into an even number, and the e-th bit and the 2048-e bit of the first key string are extracted. , respectively, at the first and last ends of the key to get the second key string. There are many other types of displacement processing, which are not listed here.
在其他实施例中,还可以将随机字符串插入到第一密钥字符串中的特定位置处,以混淆该第一密钥字符串,其中,第一密钥字符串采用与随机字符串同样的进制。In other embodiments, a random string may also be inserted at a specific location in the first key string to confuse the first key string, wherein the first key string is the same as the random string The hex.
步骤S140,使用预设加密算法对所述第二密钥字符串进行加密处理以生成第三密钥字符串,并将所述第三密钥字符串添加至密钥配置文件中;Step S140, performing encryption processing on the second key string by using a preset encryption algorithm to generate a third key string, and adding the third key string to the key configuration file;
步骤S150,将所述密钥配置文件发送至密钥获取装置,以供所述密钥获取装置根据所述随机字符串和与所述预设加密算法对应的预设解密算法将所述第三密钥字符串转换为第一密钥字符串后,使用所述第一密钥字符串进行加密或者解密操作。Step S150: Send the key configuration file to the key obtaining apparatus, so that the key obtaining apparatus sets the third according to the random character string and a preset decryption algorithm corresponding to the preset encryption algorithm. After the key string is converted into the first key string, the first key string is used for encryption or decryption operations.
在一些实施例中,上述预设加密算法可以是DES(Data Encryption Standard,数据加密标准)加密算法或者AES(Advanced Encryption Standard,高级加密标准)加密算法等。此外,在加密时,可以将上述随机字符串作为密钥使用。按照上述加密算法加密后生成第三密钥字符串,将第三密钥字符串添加至密钥配置文件中后发送给密钥获取装置。In some embodiments, the foregoing preset encryption algorithm may be a DES (Data Encryption Standard) encryption algorithm or an AES (Advanced Encryption Standard) encryption algorithm. In addition, when encrypting, the above random character string can be used as a key. After the encryption is performed according to the above encryption algorithm, a third key string is generated, and the third key string is added to the key configuration file and sent to the key acquisition device.
对于密钥获取装置来说,在接收到上述密钥保存装置发送的密钥配置文件后,将其存储到预设的存储区域。在需要对目标信息进行加密或者解密操作时,从预设存储区域中获取第三密钥字符,并从特权账号管理系统中获取所述第三密钥字符串对应的随机字符串;For the key acquisition device, after receiving the key configuration file sent by the key storage device, it is stored in a preset storage area. When the target information is to be encrypted or decrypted, the third key character is obtained from the preset storage area, and the random character string corresponding to the third key string is obtained from the privileged account management system;
使用所述随机字符串和预设解密算法对所述第三密钥字符串进行逆向解密操作,获取第二密钥字符串;Performing a reverse decryption operation on the third key string by using the random string and a preset decryption algorithm to obtain a second key string;
按照获取的所述随机字符串对所述第二密钥字符串做逆变换处理,生成第一密钥字符串;Performing inverse transform processing on the second key string according to the obtained random string to generate a first key string;
使用该第一密钥字符串对目标信息进行加密或者解密操作。The target information is encrypted or decrypted using the first key string.
密钥获取装置需要使用密钥对目标信息进行加解密操作时,从预设存储区域读取存储的上述密钥配置文件,并从中提取出第三密钥字符串。该字符串并不能直接用来对加解密,此时,需要登录特权管理系统,从中获取与第三密钥字符串对应的随机字符串,使用该随机字符串和预设解密算法对第三密钥字符串逆向解密得到第二密钥字符串,并按照与上文中同样的方法计算得到变位参数,使用该变位参数对第二密钥字符串进行逆向变位处理,生成第一密钥字符串。需要说明的是,预设加密算法是一种可逆的加密算法。When the key acquisition apparatus needs to perform encryption and decryption operations on the target information by using the key, the stored key configuration file is read from the preset storage area, and the third key string is extracted therefrom. The string cannot be used for encryption and decryption. In this case, you need to log in to the privilege management system to obtain a random string corresponding to the third key string. Use the random string and the default decryption algorithm for the third key. The key string is reversely decrypted to obtain a second key string, and the displacement parameter is calculated according to the same method as above, and the second key string is reversely deformed using the displacement parameter to generate a first key. String. It should be noted that the preset encryption algorithm is a reversible encryption algorithm.
可选地,为了保护第一密钥字符串和随机字符串不被泄露,在加解密操作完成后,将缓存中的随机字符串和第一密钥字符串删除。Optionally, in order to protect the first key string and the random string from being leaked, after the encryption and decryption operation is completed, the random string and the first key string in the cache are deleted.
此外,可以理解的是,本实施例提出密钥保存装置并不局限于仅仅具有对待保存的第一密钥字符串进行处理并安全保存的功能,在其他一些实施例中,还可以通过执行上述步骤实现将第三密钥字符串转换为第一密钥字符串,用来对信息进行加解密操作。In addition, it can be understood that the present embodiment provides that the key saving apparatus is not limited to only having the function of processing and safely storing the first key string to be saved, and in other embodiments, by performing the above The step implementation converts the third key string into a first key string for encrypting and decrypting the information.
本实施例提出的密钥保存方法,获取待保存的第一密钥字符串之后,基于随机字符串生成器生成随机字符串,并将该随机字符串存储至特权账号管理系统,根据随机字符串对第一密钥字符串做变换处理生成第二密钥字符串,该第二密钥字符串与第一密钥字符串中的字符相同,字符的顺序排列不同。适用预设加密算法度第二密钥字符串进行加密处理生成第三密钥字符串,将第三密钥字符串添加到密钥配置文件中,将密钥配置文件发送至密钥获取装置,密钥获取装置可以根据上述随机字符串和与预设加密算法对应的预设解密算法将第三密钥字符串转换为第一密钥字符串后,使用第一密钥字符串进行加密或者解密操作,上述方案基于随机字符串对需要保存的密钥进行变换处理,并再次对其加密后发送给密钥获取装置使用,即使该密钥被攻击者获取,在无法获知随机字符串以及解密算法的情况下,也无法使用该密钥对信息进行解密;并且,随机字符串存储在特权账号管理系统中,不在信息发送方与接收方的设备之间传递,进一步提高了密钥存储的安全性。The key saving method in this embodiment obtains a first key string to be saved, generates a random string based on the random string generator, and stores the random string in the privileged account management system according to the random string. Transforming the first key string to generate a second key string, the second key string being the same as the characters in the first key string, and the order of the characters is different. Applying a preset encryption algorithm, the second key string is encrypted to generate a third key string, adding the third key string to the key configuration file, and transmitting the key configuration file to the key acquisition device. The key obtaining apparatus may convert the third key string into the first key string according to the random string and the preset decryption algorithm corresponding to the preset encryption algorithm, and then use the first key string to encrypt or decrypt. Operation, the above solution converts the key to be saved based on the random string, and encrypts it and sends it to the key acquisition device. Even if the key is acquired by the attacker, the random string and the decryption algorithm cannot be obtained. In this case, the key cannot be used to decrypt the information; and the random string is stored in the privileged account management system and is not transmitted between the sender of the message and the device of the receiver, thereby further improving the security of the key storage. .
此外,本申请还提供一种密钥获取装置。参照图4所示,为本申请密钥获取装置较佳实施例的示意图。In addition, the present application also provides a key acquisition apparatus. Referring to FIG. 4, it is a schematic diagram of a preferred embodiment of a key acquisition apparatus of the present application.
在本实施例中,密钥获取装置可以是PC(Personal Computer,个人电脑), 也可以是智能手机、平板电脑、电子书阅读器、便携计算机等终端设备。In this embodiment, the key acquisition device may be a PC (Personal Computer), or may be a terminal device such as a smart phone, a tablet computer, an e-book reader, or a portable computer.
该密钥获取装置至少包括存储器21、处理器22,通信总线23,以及网络接口24。The key acquisition means includes at least a memory 21, a processor 22, a communication bus 23, and a network interface 24.
其中,存储器21至少包括一种类型的可读存储介质,所述可读存储介质包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、磁性存储器、磁盘、光盘等。存储器21在一些实施例中可以是密钥获取装置的内部存储单元,例如该密钥获取装置的硬盘。存储器21在另一些实施例中也可以是密钥获取装置的外部存储设备,例如密钥获取装置上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,存储器21还可以既包括密钥获取装置的内部存储单元也包括外部存储设备。存储器21不仅可以用于存储安装于密钥获取装置的应用软件及各类数据,例如密钥获取程序的代码等,还可以用于暂时地存储已经输出或者将要输出的数据。The memory 21 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (for example, an SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like. The memory 21 may be an internal storage unit of the key acquisition device, such as a hard disk of the key acquisition device, in some embodiments. The memory 21 may also be an external storage device of the key acquisition device in other embodiments, such as a plug-in hard disk equipped on the key acquisition device, a smart memory card (SMC), and a secure digital (Secure Digital, SD) card, flash card, etc. Further, the memory 21 may also include both an internal storage unit of the key acquisition device and an external storage device. The memory 21 can be used not only for storing application software installed in the key acquisition device and various types of data, such as code of a key acquisition program, but also for temporarily storing data that has been output or is to be output.
处理器22在一些实施例中可以是一中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器或其他数据处理芯片,用于运行存储器21中存储的程序代码或处理数据,例如执行密钥获取程序等。The processor 22, in some embodiments, may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor or other data processing chip for running program code or processing stored in the memory 21. Data, such as executing a key acquisition program.
通信总线23用于实现这些组件之间的连接通信。 Communication bus 23 is used to implement connection communication between these components.
网络接口24可选的可以包括标准的有线接口、无线接口(如WI-FI接口),通常用于在该装置与其他电子设备之间建立通信连接。The network interface 24 can optionally include a standard wired interface, a wireless interface (such as a WI-FI interface), and is typically used to establish a communication connection between the device and other electronic devices.
图4仅示出了具有组件21-24以及密钥获取程序的密钥获取装置,但是应理解的是,并不要求实施所有示出的组件,可以替代的实施更多或者更少的组件。Figure 4 shows only the key acquisition means with components 21-24 and the key acquisition procedure, but it should be understood that not all illustrated components may be implemented, and more or fewer components may be implemented instead.
可选地,该装置还可以包括用户接口,用户接口可以包括显示器(Display)、输入单元比如键盘(Keyboard),可选的用户接口还可以包括标准的有线接口、无线接口。可选地,在一些实施例中,显示器可以是LED显示器、液晶显示器、触控式液晶显示器以及OLED(Organic Light-Emitting Diode,有机发光二极管)触摸器等。其中,显示器也可以适当的称为显示屏或显示单元,用于显示在密钥获取装置中处理的信息以及用于显示可视化的用户界面。Optionally, the device may further include a user interface, the user interface may include a display, an input unit such as a keyboard, and the optional user interface may further include a standard wired interface and a wireless interface. Optionally, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch sensor, or the like. The display may also be suitably referred to as a display screen or display unit for displaying information processed in the key acquisition device and a user interface for displaying visualizations.
可选地,该装置还可以包括触摸传感器。所述触摸传感器所提供的供用户进行触摸操作的区域称为触控区域。此外,这里所述的触摸传感器可以为电阻式触摸传感器、电容式触摸传感器等。而且,所述触摸传感器不仅包括接触式的触摸传感器,也可包括接近式的触摸传感器等。此外,所述触摸传 感器可以为单个传感器,也可以为阵列布置的多个传感器。该装置的显示器的面积可以与所述触摸传感器的面积相同,也可以不同。可选地,将显示器与所述触摸传感器层叠设置,以形成触摸显示屏。该装置基于触摸显示屏侦测用户触发的触控操作。Optionally, the device may also include a touch sensor. The area provided by the touch sensor for the user to perform a touch operation is referred to as a touch area. Further, the touch sensor described herein may be a resistive touch sensor, a capacitive touch sensor, or the like. Moreover, the touch sensor includes not only a contact type touch sensor but also a proximity type touch sensor or the like. Furthermore, the touch sensor can be a single sensor or a plurality of sensors arranged in an array. The area of the display of the device may be the same as or different from the area of the touch sensor. Optionally, a display is stacked with the touch sensor to form a touch display. The device detects a user-triggered touch operation based on a touch screen display.
可选地,该装置还可以包括摄像头、RF(Radio Frequency,射频)电路,传感器、音频电路、WiFi模块等。其中,传感器比如光传感器、运动传感器以及其他传感器。具体地,光传感器可包括环境光传感器及接近传感器,其中,若该装置为移动终端,环境光传感器可根据环境光线的明暗来调节显示屏的亮度,接近传感器可在移动终端移动到耳边时,关闭显示屏和/或背光。作为运动传感器的一种,重力加速度传感器可检测各个方向上(一般为三轴)加速度的大小,静止时可检测出重力的大小及方向,可用于识别移动终端姿态的应用(比如横竖屏切换、相关游戏、磁力计姿态校准)、振动识别相关功能(比如计步器、敲击)等;当然,移动终端还可配置陀螺仪、气压计、湿度计、温度计、红外线传感器等其他传感器,在此不再赘述。Optionally, the device may further include a camera, an RF (Radio Frequency) circuit, a sensor, an audio circuit, a WiFi module, and the like. Among them, sensors such as light sensors, motion sensors, and other sensors. Specifically, the light sensor may include an ambient light sensor and a proximity sensor, wherein if the device is a mobile terminal, the ambient light sensor may adjust the brightness of the display screen according to the brightness of the ambient light, and the proximity sensor may move when the mobile terminal moves to the ear. , turn off the display and / or backlight. As a kind of motion sensor, the gravity acceleration sensor can detect the magnitude of acceleration in each direction (usually three axes), and can detect the magnitude and direction of gravity when stationary, and can be used to identify the posture of the mobile terminal (such as horizontal and vertical screen switching, Related games, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping), etc.; of course, the mobile terminal can also be equipped with other sensors such as gyroscope, barometer, hygrometer, thermometer, infrared sensor, etc. No longer.
在图4所示的装置实施例中,存储器21中存储有密钥获取程序;处理器22执行存储器21中存储的密钥获取程序时实现如下步骤:In the apparatus embodiment shown in FIG. 4, a key acquisition program is stored in the memory 21; when the processor 22 executes the key acquisition program stored in the memory 21, the following steps are implemented:
在需要对目标信息进行加密或者解密操作时,从预设存储区域中获取第三密钥字符,并从特权账号管理系统中获取第三密钥字符串对应的随机字符串;When the target information is to be encrypted or decrypted, the third key character is obtained from the preset storage area, and the random character string corresponding to the third key string is obtained from the privileged account management system;
使用随机字符串和预设解密算法对第三密钥字符串进行逆向解密操作,获取第二密钥字符串;Performing a reverse decryption operation on the third key string by using a random string and a preset decryption algorithm to obtain a second key string;
按照获取的随机字符串对第二密钥字符串做逆变换处理,生成第一密钥字符串;Performing an inverse transform process on the second key string according to the obtained random string to generate a first key string;
使用该第一密钥字符串对目标信息进行加密或者解密操作。The target information is encrypted or decrypted using the first key string.
关于该实施例中提出的密钥获取装置的具体实施方式参见上述密钥保存装置实施例中的描述,在此不再赘述。For a specific implementation of the key acquisition apparatus proposed in this embodiment, refer to the description in the foregoing embodiment of the key storage apparatus, and details are not described herein again.
可选地,按照获取的随机字符串对第二密钥字符串做逆变换处理,生成第一密钥字符串的步骤包括:按照预设的密钥长度对随机字符串进行模运算,将模运算的结果作为变位参数;对第二密钥字符串进行逆向变位处理,生成第一密钥字符串。Optionally, the second key string is inversely transformed according to the obtained random string, and the step of generating the first key string includes: performing a modular operation on the random string according to a preset key length, and The result of the operation is used as a displacement parameter; the second key string is reversely deformed to generate a first key string.
可选地,密钥获取程序还可被处理器执行,以在使用该第一密钥字符串对目标信息进行加密或者解密操作的步骤之后,还实现如下步骤:在完成加 密或者解密操作后,将缓存中的随机字符串和第一密钥字符串删除。Optionally, the key obtaining program may be further executed by the processor to perform the following steps after the step of encrypting or decrypting the target information by using the first key string: after completing the encryption or decryption operation, Delete the random string and the first key string in the cache.
此外,本申请还提供一种密钥获取方法。参照图5所示,为本申请密钥获取方法较佳实施例的流程图。该方法可以由一个装置执行,该装置可以由软件和/或硬件实现。In addition, the present application also provides a key acquisition method. Referring to FIG. 5, it is a flowchart of a preferred embodiment of the key acquisition method of the present application. The method can be performed by a device that can be implemented by software and/or hardware.
在本实施例中,密钥获取方法包括:In this embodiment, the key acquisition method includes:
步骤S210,在需要对目标信息进行加密或者解密操作时,从预设存储区域中获取第三密钥字符,并从特权账号管理系统中获取第三密钥字符串对应的随机字符串;In step S210, when the target information is to be encrypted or decrypted, the third key character is obtained from the preset storage area, and the random character string corresponding to the third key string is obtained from the privileged account management system;
步骤S220,使用随机字符串和预设解密算法对第三密钥字符串进行逆向解密操作,获取第二密钥字符串;Step S220: Perform a reverse decryption operation on the third key string by using a random string and a preset decryption algorithm to obtain a second key string.
步骤S230,按照获取的随机字符串对第二密钥字符串做逆变换处理,生成第一密钥字符串;Step S230: Perform inverse transform processing on the second key string according to the obtained random character string to generate a first key string.
步骤S240,使用该第一密钥字符串对目标信息进行加密或者解密操作。Step S240, using the first key string to encrypt or decrypt the target information.
关于该实施例中提出的密钥获取方法的具体实施方式参见上述密钥保存方法实施例中的描述,在此不再赘述。For a specific implementation of the key acquisition method in this embodiment, refer to the description in the foregoing embodiment of the key storage method, and details are not described herein again.
此外,本申请实施例还提出一种计算机可读存储介质,所述计算机可读存储介质上存储有密钥保存程序,所述密钥保存程序可被一个或多个处理器执行,以实现如下操作:In addition, the embodiment of the present application further provides a computer readable storage medium, where the key storage program is stored on the computer readable storage medium, and the key saving program can be executed by one or more processors to implement the following operating:
获取待保存的第一密钥字符串;Obtaining a first key string to be saved;
基于随机字符串生成器生成随机字符串,将所述随机字符串存储至特权账号管理系统;Generating a random string based on the random string generator, and storing the random string to the privileged account management system;
根据所述随机字符串对所述第一密钥字符串做变换处理,生成第二密钥字符串,其中,所述第二密钥字符串与所述第一密钥字符串中的字符相同、字符的排列顺序不同;Performing transformation processing on the first key string according to the random string to generate a second key string, wherein the second key string is the same as the character in the first key string , the order of characters is different;
使用预设加密算法对所述第二密钥字符串进行加密处理以生成第三密钥字符串,并将所述第三密钥字符串添加至密钥配置文件中;Encrypting the second key string to generate a third key string using a preset encryption algorithm, and adding the third key string to the key configuration file;
将所述密钥配置文件发送至密钥获取装置,以供所述密钥获取装置根据所述随机字符串和与所述预设加密算法对应的预设解密算法将所述第三密钥字符串转换为第一密钥字符串后,使用所述第一密钥字符串进行加密或者解密操作。Sending the key configuration file to the key obtaining apparatus, for the key obtaining apparatus to use the third key character according to the random character string and a preset decryption algorithm corresponding to the preset encryption algorithm After the string is converted into the first key string, the first key string is used for encryption or decryption operations.
此外,本申请实施例还提出一种计算机可读存储介质,所述计算机可读存储介质上存储有密钥获取程序,所述获取保存程序可被一个或多个处理器 执行,以实现如下操作:In addition, the embodiment of the present application further provides a computer readable storage medium, where the computer readable storage medium stores a key acquisition program, and the acquisition save program can be executed by one or more processors to implement the following operations. :
在需要对目标信息进行加密或者解密操作时,从预设存储区域中获取第三密钥字符,并从特权账号管理系统中获取所述第三密钥字符串对应的随机字符串;使用所述随机字符串和预设解密算法对所述第三密钥字符串进行逆向解密操作,获取第二密钥字符串;按照获取的所述随机字符串对所述第二密钥字符串做逆变换处理,生成第一密钥字符串;使用该第一密钥字符串对目标信息进行加密或者解密操作。When the target information is to be encrypted or decrypted, the third key character is obtained from the preset storage area, and the random string corresponding to the third key string is obtained from the privileged account management system; And performing a reverse decryption operation on the third key string by using a random string and a preset decryption algorithm to obtain a second key string; performing inverse transformation on the second key string according to the obtained random string Processing, generating a first key string; using the first key string to encrypt or decrypt the target information.
本申请计算机可读存储介质具体实施方式与上述密钥保存装置和方法,或者密钥获取装置和方法各实施例基本相同,在此不作累述。The specific embodiment of the computer readable storage medium of the present application is substantially the same as the foregoing key storage device and method, or the key acquisition device and method embodiments, and will not be described herein.
需要说明的是,上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。并且本文中的术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、装置、物品或者方法不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、装置、物品或者方法所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、装置、物品或者方法中还存在另外的相同要素。It should be noted that the foregoing serial numbers of the embodiments of the present application are merely for the description, and do not represent the advantages and disadvantages of the embodiments. And the terms "including", "comprising", or any other variations thereof are intended to encompass a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a plurality of elements includes not only those elements but also Other elements listed, or elements that are inherent to such a process, device, item, or method. An element that is defined by the phrase "comprising a ..." does not exclude the presence of additional equivalent elements in the process, the device, the item, or the method that comprises the element.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在如上所述的一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本申请各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the foregoing embodiment method can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is better. Implementation. Based on such understanding, the technical solution of the present application, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM as described above). , a disk, an optical disk, including a number of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the methods described in the various embodiments of the present application.
以上仅为本申请的优选实施例,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。The above is only a preferred embodiment of the present application, and is not intended to limit the scope of the patent application, and the equivalent structure or equivalent process transformations made by the specification and the drawings of the present application, or directly or indirectly applied to other related technical fields. The same is included in the scope of patent protection of this application.

Claims (20)

  1. 一种密钥保存装置,其特征在于,所述装置包括存储器和处理器,所述存储器上存储有可在所述处理器上运行的密钥保存程序,所述密钥保存程序被所述处理器执行时实现如下步骤:A key holding device, comprising: a memory and a processor, wherein the memory stores a key save program executable on the processor, the key save program being processed The following steps are implemented when the device is executed:
    获取待保存的第一密钥字符串;Obtaining a first key string to be saved;
    基于随机字符串生成器生成随机字符串,将所述随机字符串存储至特权账号管理系统;Generating a random string based on the random string generator, and storing the random string to the privileged account management system;
    根据所述随机字符串对所述第一密钥字符串做变换处理,生成第二密钥字符串,其中,所述第二密钥字符串与所述第一密钥字符串中的字符相同、字符的排列顺序不同;Performing transformation processing on the first key string according to the random string to generate a second key string, wherein the second key string is the same as the character in the first key string , the order of characters is different;
    使用预设加密算法对所述第二密钥字符串进行加密处理以生成第三密钥字符串,并将所述第三密钥字符串添加至密钥配置文件中;Encrypting the second key string to generate a third key string using a preset encryption algorithm, and adding the third key string to the key configuration file;
    将所述密钥配置文件发送至密钥获取装置,以供所述密钥获取装置根据所述随机字符串和与所述预设加密算法对应的预设解密算法将所述第三密钥字符串转换为第一密钥字符串后,使用所述第一密钥字符串进行加密或者解密操作。Sending the key configuration file to the key obtaining apparatus, for the key obtaining apparatus to use the third key character according to the random character string and a preset decryption algorithm corresponding to the preset encryption algorithm After the string is converted into the first key string, the first key string is used for encryption or decryption operations.
  2. 如权利要求1所述的密钥保存装置,其特征在于,所述根据所述随机字符串对所述第一密钥字符串做变换处理,生成第二密钥字符串的步骤包括:The key storage device according to claim 1, wherein the step of transforming the first key string according to the random character string to generate a second key string comprises:
    按照预设的密钥长度对所述随机字符串进行模运算,将模运算的结果作为变位参数;Performing a modulo operation on the random string according to a preset key length, and using the result of the modulo operation as a displacement parameter;
    按照变位参数对所述第一密钥字符串进行变位处理,生成所述第二密钥字符串。The first key string is subjected to a displacement process according to the displacement parameter to generate the second key string.
  3. 如权利要求2所述的密钥保存装置,其特征在于,所述预设加密算法为预设加密算法可以是DES加密算法或者AES加密算法。The key storage device according to claim 2, wherein the preset encryption algorithm is a preset encryption algorithm, which may be a DES encryption algorithm or an AES encryption algorithm.
  4. 一种密钥获取装置,其特征在于,所述装置包括存储器和处理器,所述存储器上存储有可在所述处理器上运行的密钥获取程序,所述密钥获取程序被所述处理器执行时实现如下步骤:A key acquisition apparatus, comprising: a memory and a processor, wherein the memory stores a key acquisition program executable on the processor, the key acquisition program being processed by the key The following steps are implemented when the device is executed:
    在需要对目标信息进行加密或者解密操作时,从预设存储区域中获取第三密钥字符,并从特权账号管理系统中获取所述第三密钥字符串对应的随机字符串;When the target information is to be encrypted or decrypted, the third key character is obtained from the preset storage area, and the random character string corresponding to the third key string is obtained from the privileged account management system;
    使用所述随机字符串和预设解密算法对所述第三密钥字符串进行逆向解密操作,获取第二密钥字符串;Performing a reverse decryption operation on the third key string by using the random string and a preset decryption algorithm to obtain a second key string;
    按照获取的所述随机字符串对所述第二密钥字符串做逆变换处理,生成第一密钥字符串;Performing inverse transform processing on the second key string according to the obtained random string to generate a first key string;
    使用该第一密钥字符串对目标信息进行加密或者解密操作。The target information is encrypted or decrypted using the first key string.
  5. 如权利要求4所述的密钥获取装置,其特征在于,所述按照获取的所述随机字符串对所述第二密钥字符串做逆变换处理,生成第一密钥字符串的步骤包括:The key acquisition apparatus according to claim 4, wherein the step of performing inverse transform processing on the second key string according to the acquired random character string to generate the first key string includes :
    按照预设的密钥长度对所述随机字符串进行模运算,将模运算的结果作为变位参数;Performing a modulo operation on the random string according to a preset key length, and using the result of the modulo operation as a displacement parameter;
    对所述第二密钥字符串进行逆向变位处理,生成所述第一密钥字符串。Performing reverse displacement processing on the second key string to generate the first key string.
  6. 如权利要求4所述的密钥获取装置,其特征在于,所述密钥获取程序还可被所述处理器执行,以在所述使用该第一密钥字符串对目标信息进行加密或者解密操作的步骤之后,还实现如下步骤:The key acquisition apparatus according to claim 4, wherein said key acquisition program is further executable by said processor to encrypt or decrypt the target information using said first key string After the steps of the operation, the following steps are also implemented:
    在完成所述加密或者解密操作后,将缓存中的所述随机字符串和所述第一密钥字符串删除。After completing the encryption or decryption operation, the random string in the cache and the first key string are deleted.
  7. 如权利要求5所述的密钥获取装置,其特征在于,所述密钥获取程序还可被所述处理器执行,以在所述使用该第一密钥字符串对目标信息进行加密或者解密操作的步骤之后,还实现如下步骤:A key acquisition apparatus according to claim 5, wherein said key acquisition program is further executable by said processor to encrypt or decrypt the target information using said first key string After the steps of the operation, the following steps are also implemented:
    在完成所述加密或者解密操作后,将缓存中的所述随机字符串和所述第一密钥字符串删除。After completing the encryption or decryption operation, the random string in the cache and the first key string are deleted.
  8. 一种密钥保存方法,其特征在于,所述方法包括:A key saving method, the method comprising:
    获取待保存的第一密钥字符串;Obtaining a first key string to be saved;
    基于随机字符串生成器生成随机字符串,将所述随机字符串存储至特权账号管理系统;Generating a random string based on the random string generator, and storing the random string to the privileged account management system;
    根据所述随机字符串对所述第一密钥字符串做变换处理,生成第二密钥字符串,其中,所述第二密钥字符串与所述第一密钥字符串中的字符相同、字符的排列顺序不同;Performing transformation processing on the first key string according to the random string to generate a second key string, wherein the second key string is the same as the character in the first key string , the order of characters is different;
    使用预设加密算法对所述第二密钥字符串进行加密处理以生成第三密钥字符串,并将所述第三密钥字符串添加至密钥配置文件中;Encrypting the second key string to generate a third key string using a preset encryption algorithm, and adding the third key string to the key configuration file;
    将所述密钥配置文件发送至密钥获取装置,以供所述密钥获取装置根据所述随机字符串和与所述预设加密算法对应的预设解密算法将所述第三密钥字符串转换为第一密钥字符串后,使用所述第一密钥字符串进行加密或者解密操作。Sending the key configuration file to the key obtaining apparatus, for the key obtaining apparatus to use the third key character according to the random character string and a preset decryption algorithm corresponding to the preset encryption algorithm After the string is converted into the first key string, the first key string is used for encryption or decryption operations.
  9. 如权利要求8所述的密钥保存方法,其特征在于,所述根据所述随机字符串对所述第一密钥字符串做变换处理,生成第二密钥字符串的步骤包括:The key storage method according to claim 8, wherein the step of transforming the first key string according to the random character string to generate a second key string comprises:
    按照预设的密钥长度对所述随机字符串进行模运算,将模运算的结果作为变位参数;Performing a modulo operation on the random string according to a preset key length, and using the result of the modulo operation as a displacement parameter;
    按照变位参数对所述第一密钥字符串进行变位处理,生成所述第二密钥字符串。The first key string is subjected to a displacement process according to the displacement parameter to generate the second key string.
  10. 如权利要求9所述的密钥保存方法,其特征在于,所述预设加密算法为预设加密算法可以是DES加密算法或者AES加密算法。The key saving method according to claim 9, wherein the preset encryption algorithm is a preset encryption algorithm, which may be a DES encryption algorithm or an AES encryption algorithm.
  11. 一种密钥获取方法,其特征在于,所述方法包括:A key acquisition method, the method comprising:
    在需要对目标信息进行加密或者解密操作时,从预设存储区域中获取第三密钥字符,并从特权账号管理系统中获取所述第三密钥字符串对应的随机字符串;When the target information is to be encrypted or decrypted, the third key character is obtained from the preset storage area, and the random character string corresponding to the third key string is obtained from the privileged account management system;
    使用所述随机字符串和预设解密算法对所述第三密钥字符串进行逆向解密操作,获取第二密钥字符串;Performing a reverse decryption operation on the third key string by using the random string and a preset decryption algorithm to obtain a second key string;
    按照获取的所述随机字符串对所述第二密钥字符串做逆变换处理,生成第一密钥字符串;Performing inverse transform processing on the second key string according to the obtained random string to generate a first key string;
    使用该第一密钥字符串对目标信息进行加密或者解密操作。The target information is encrypted or decrypted using the first key string.
  12. 如权利要求11所述的密钥获取方法,其特征在于,所述按照获取的所述随机字符串对所述第二密钥字符串做逆变换处理,生成第一密钥字符串的步骤包括:The key acquisition method according to claim 11, wherein the step of performing inverse transform processing on the second key string according to the obtained random character string, the step of generating the first key string includes :
    按照预设的密钥长度对所述随机字符串进行模运算,将模运算的结果作为变位参数;Performing a modulo operation on the random string according to a preset key length, and using the result of the modulo operation as a displacement parameter;
    对所述第二密钥字符串进行逆向变位处理,生成所述第一密钥字符串。Performing reverse displacement processing on the second key string to generate the first key string.
  13. 如权利要求11所述的密钥获取方法,其特征在于,所述使用该第一密钥字符串对目标信息进行加密或者解密操作的步骤之后,所述方法还包括步骤:在完成所述加密或者解密操作后,将缓存中的所述随机字符串和所述第一密钥字符串删除。The key acquisition method according to claim 11, wherein after the step of encrypting or decrypting the target information using the first key string, the method further comprises the step of: completing the encryption Or after the decryption operation, the random string in the cache and the first key string are deleted.
  14. 如权利要求12所述的密钥获取方法,其特征在于,所述使用该第一密钥字符串对目标信息进行加密或者解密操作的步骤之后,所述方法还包括步骤:在完成所述加密或者解密操作后,将缓存中的所述随机字符串和所述第一密钥字符串删除。The key acquisition method according to claim 12, wherein after the step of encrypting or decrypting the target information using the first key string, the method further comprises the step of: completing the encryption Or after the decryption operation, the random string in the cache and the first key string are deleted.
  15. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质 上存储有密钥保存程序,所述密钥保存程序可被一个或者多个处理器执行,以实现如下步骤:A computer readable storage medium, characterized in that the computer readable storage medium stores a key save program, and the key save program can be executed by one or more processors to implement the following steps:
    获取待保存的第一密钥字符串;Obtaining a first key string to be saved;
    基于随机字符串生成器生成随机字符串,将所述随机字符串存储至特权账号管理系统;Generating a random string based on the random string generator, and storing the random string to the privileged account management system;
    根据所述随机字符串对所述第一密钥字符串做变换处理,生成第二密钥字符串,其中,所述第二密钥字符串与所述第一密钥字符串中的字符相同、字符的排列顺序不同;Performing transformation processing on the first key string according to the random string to generate a second key string, wherein the second key string is the same as the character in the first key string , the order of characters is different;
    使用预设加密算法对所述第二密钥字符串进行加密处理以生成第三密钥字符串,并将所述第三密钥字符串添加至密钥配置文件中;Encrypting the second key string to generate a third key string using a preset encryption algorithm, and adding the third key string to the key configuration file;
    将所述密钥配置文件发送至密钥获取装置,以供所述密钥获取装置根据所述随机字符串和与所述预设加密算法对应的预设解密算法将所述第三密钥字符串转换为第一密钥字符串后,使用所述第一密钥字符串进行加密或者解密操作。Sending the key configuration file to the key obtaining apparatus, for the key obtaining apparatus to use the third key character according to the random character string and a preset decryption algorithm corresponding to the preset encryption algorithm After the string is converted into the first key string, the first key string is used for encryption or decryption operations.
  16. 如权利要求15所述的计算机可读存储介质,其特征在于,所述根据所述随机字符串对所述第一密钥字符串做变换处理,生成第二密钥字符串的步骤包括:The computer readable storage medium according to claim 15, wherein the step of transforming the first key string according to the random character string to generate a second key string comprises:
    按照预设的密钥长度对所述随机字符串进行模运算,将模运算的结果作为变位参数;Performing a modulo operation on the random string according to a preset key length, and using the result of the modulo operation as a displacement parameter;
    按照变位参数对所述第一密钥字符串进行变位处理,生成所述第二密钥字符串。The first key string is subjected to a displacement process according to the displacement parameter to generate the second key string.
  17. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有密钥获取程序,所述密钥获取程序可被一个或者多个处理器执行,以实现如下步骤:A computer readable storage medium, characterized in that the computer readable storage medium stores a key acquisition program, and the key acquisition program can be executed by one or more processors to implement the following steps:
    在需要对目标信息进行加密或者解密操作时,从预设存储区域中获取第三密钥字符,并从特权账号管理系统中获取所述第三密钥字符串对应的随机字符串;When the target information is to be encrypted or decrypted, the third key character is obtained from the preset storage area, and the random character string corresponding to the third key string is obtained from the privileged account management system;
    使用所述随机字符串和预设解密算法对所述第三密钥字符串进行逆向解密操作,获取第二密钥字符串;Performing a reverse decryption operation on the third key string by using the random string and a preset decryption algorithm to obtain a second key string;
    按照获取的所述随机字符串对所述第二密钥字符串做逆变换处理,生成第一密钥字符串;Performing inverse transform processing on the second key string according to the obtained random string to generate a first key string;
    使用该第一密钥字符串对目标信息进行加密或者解密操作。The target information is encrypted or decrypted using the first key string.
  18. 如权利要求17所述的计算机可读存储介质,其特征在于,所述按照获取的所述随机字符串对所述第二密钥字符串做逆变换处理,生成第一密钥字符串的步骤包括:The computer readable storage medium according to claim 17, wherein said step of performing inverse transform processing on said second key string according to said obtained random character string to generate a first key string include:
    按照预设的密钥长度对所述随机字符串进行模运算,将模运算的结果作为变位参数;Performing a modulo operation on the random string according to a preset key length, and using the result of the modulo operation as a displacement parameter;
    对所述第二密钥字符串进行逆向变位处理,生成所述第一密钥字符串。Performing reverse displacement processing on the second key string to generate the first key string.
  19. 如权利要求17所述的计算机可读存储介质,其特征在于,所述密钥获取程序还可被所述一个或者多个处理器执行,以在所述使用该第一密钥字符串对目标信息进行加密或者解密操作的步骤之后,还实现如下步骤:在完成所述加密或者解密操作后,将缓存中的所述随机字符串和所述第一密钥字符串删除。The computer readable storage medium of claim 17 wherein said key acquisition program is further executable by said one or more processors to use said first key string against said target After the step of performing the encryption or decryption operation, the following steps are further performed: after the encryption or decryption operation is completed, the random character string and the first key string in the cache are deleted.
  20. 如权利要求18所述的计算机可读存储介质,其特征在于,所述密钥获取程序还可被所述一个或者多个处理器执行,以在所述使用该第一密钥字符串对目标信息进行加密或者解密操作的步骤之后,还实现如下步骤:在完成所述加密或者解密操作后,将缓存中的所述随机字符串和所述第一密钥字符串删除。A computer readable storage medium as recited in claim 18, wherein said key acquisition program is further executable by said one or more processors to use said first key string against said target After the step of performing the encryption or decryption operation, the following steps are further performed: after the encryption or decryption operation is completed, the random character string and the first key string in the cache are deleted.
PCT/CN2018/076108 2017-12-29 2018-02-10 Key saving device and method, key obtaining device and method, and computer readable storage medium WO2019127863A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201711484445.1A CN108282330A (en) 2017-12-29 2017-12-29 Key preserves and acquisition device, method and computer readable storage medium
CN201711484445.1 2017-12-29

Publications (1)

Publication Number Publication Date
WO2019127863A1 true WO2019127863A1 (en) 2019-07-04

Family

ID=62802864

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/076108 WO2019127863A1 (en) 2017-12-29 2018-02-10 Key saving device and method, key obtaining device and method, and computer readable storage medium

Country Status (2)

Country Link
CN (1) CN108282330A (en)
WO (1) WO2019127863A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109446234B (en) * 2018-10-12 2021-10-19 Oppo广东移动通信有限公司 Data processing method and device and electronic equipment
CN110855423A (en) * 2019-09-23 2020-02-28 深圳市智讯互动体育科技有限公司 Method, device and storage medium for encrypting and decrypting ordered numerical value string
CN111740954B (en) * 2020-05-18 2021-05-11 北京索德电气工业有限公司 Elevator main controller and elevator board card communication encryption method
CN111753316B (en) * 2020-05-23 2023-01-10 苏州浪潮智能科技有限公司 Object storage metadata encryption method, system, terminal and storage medium
CN112084511A (en) * 2020-08-27 2020-12-15 欧菲微电子技术有限公司 Encryption method and device of service life information, storage medium and electronic equipment
CN112906034B (en) * 2021-03-16 2022-04-05 北京深思数盾科技股份有限公司 Key storage method, device, storage medium and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102355351A (en) * 2011-07-21 2012-02-15 华为技术有限公司 Key generation, backup and migration method and system based on trusted computing
US20140136841A1 (en) * 2012-06-14 2014-05-15 Kabushiki Kaisha Toshiba Device
US20170187524A1 (en) * 2014-05-26 2017-06-29 Nec Corporation Key exchange system, key exchange method, key exchange device, control method thereof, and recording medium for storing control program
US20170302445A1 (en) * 2016-04-19 2017-10-19 Nippon Telegraph And Telephone Corporation Key exchange method and key exchange system
CN206610320U (en) * 2016-06-03 2017-11-03 质子世界国际公司 Non-contact type telecommunication circuit

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8014530B2 (en) * 2006-03-22 2011-09-06 Intel Corporation Method and apparatus for authenticated, recoverable key distribution with no database secrets
CN104917753B (en) * 2015-05-04 2018-07-10 北京奇艺世纪科技有限公司 A kind of method and system to be communicated based on symmetric key
CN107294714B (en) * 2017-07-31 2019-12-31 美的智慧家居科技有限公司 Key agreement method, device and equipment thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102355351A (en) * 2011-07-21 2012-02-15 华为技术有限公司 Key generation, backup and migration method and system based on trusted computing
US20140136841A1 (en) * 2012-06-14 2014-05-15 Kabushiki Kaisha Toshiba Device
US20170187524A1 (en) * 2014-05-26 2017-06-29 Nec Corporation Key exchange system, key exchange method, key exchange device, control method thereof, and recording medium for storing control program
US20170302445A1 (en) * 2016-04-19 2017-10-19 Nippon Telegraph And Telephone Corporation Key exchange method and key exchange system
CN206610320U (en) * 2016-06-03 2017-11-03 质子世界国际公司 Non-contact type telecommunication circuit

Also Published As

Publication number Publication date
CN108282330A (en) 2018-07-13

Similar Documents

Publication Publication Date Title
WO2019127863A1 (en) Key saving device and method, key obtaining device and method, and computer readable storage medium
JP6871393B2 (en) Login information processing method and device
CN106850220B (en) Data encryption method, data decryption method and device
CN107689869B (en) User password management method and server
ES2829916T3 (en) Procedure, apparatus and system that provides a safety check
CN107786331B (en) Data processing method, device, system and computer readable storage medium
CN111600710B (en) Key storage method, device, terminal, server and readable medium
CN108769027B (en) Secure communication method, device, mobile terminal and storage medium
CN110347723A (en) A kind of data query method, system and electronic equipment and storage medium
JP2018107814A (en) Confidential data management method and device, and security authentication method and system
US20150281229A1 (en) Method and apparatus for supporting login through user terminal
CN109714176B (en) Password authentication method, device and storage medium
CN102196375A (en) Securing out-of-band messages
TWI724684B (en) Method, system and device for performing cryptographic operations subject to identity verification
JP2019514314A (en) Method, system and medium for using dynamic public key infrastructure to send and receive encrypted messages
CN107872315B (en) Data processing method and intelligent terminal
JP4684714B2 (en) File management system and program
US8769301B2 (en) Product authentication based upon a hyperelliptic curve equation and a curve pairing function
KR102443255B1 (en) Method for Generating Encryption Key and Digital Signature Based on Lattices
CN105409159B (en) Key storage appts, key keeping method and its recording medium
CN113793141A (en) Transaction method, device and equipment based on hardware wallet and readable storage medium
CN111698682A (en) Data transmission method based on public WiFi network environment, server and storage medium
JP2018067807A (en) Electronic signature system, electronic signature client, electronic signature program, server, and electronic signature method
US9553723B2 (en) Multi-dimensional encryption
CN111291414A (en) Data storage method and device, computer device and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18893465

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 06/10/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 18893465

Country of ref document: EP

Kind code of ref document: A1