[go: up one dir, main page]

CN101938481A - File Encryption and Distribution Method Based on Digital Certificate - Google Patents

File Encryption and Distribution Method Based on Digital Certificate Download PDF

Info

Publication number
CN101938481A
CN101938481A CN2010102758171A CN201010275817A CN101938481A CN 101938481 A CN101938481 A CN 101938481A CN 2010102758171 A CN2010102758171 A CN 2010102758171A CN 201010275817 A CN201010275817 A CN 201010275817A CN 101938481 A CN101938481 A CN 101938481A
Authority
CN
China
Prior art keywords
file
encryption
new
encrypted
length
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2010102758171A
Other languages
Chinese (zh)
Inventor
许勇
许文民
张凌
杨道全
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Count Network Co Ltd Of Park In Guangzhou
South China University of Technology SCUT
Original Assignee
Count Network Co Ltd Of Park In Guangzhou
South China University of Technology SCUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Count Network Co Ltd Of Park In Guangzhou, South China University of Technology SCUT filed Critical Count Network Co Ltd Of Park In Guangzhou
Priority to CN2010102758171A priority Critical patent/CN101938481A/en
Publication of CN101938481A publication Critical patent/CN101938481A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明公开了一种基于数字证书的文件加密和分发方法,包括以下步骤:S1、文件主初始化运行参数,设置加密文件时使用的文件加密密码,获取文件接收者的公钥,新建一个文件;S2、将文件接收者的个数写入新文件中;S3、将各文件接收者的加密验证信息依次写入新文件中;S4、对需要加密的源文件进行分组加密后依次写入到新文件中;S5、将新文件发送给各文件接收者。本发明具有采用多种加密方法结合、方便、安全分发、安全性高等优点,并解决了传统对称加密算法带来的因忘记密码而无法恢复原文的问题。

Figure 201010275817

The invention discloses a file encryption and distribution method based on a digital certificate, comprising the following steps: S1, the file master initializes operating parameters, sets a file encryption password used when encrypting files, obtains a public key of a file receiver, and creates a new file; S2, write the number of file receivers in the new file; S3, write the encrypted verification information of each file receiver in the new file in turn; S4, write the source files that need to be encrypted into the new file in turn after group encryption In the file; S5, sending the new file to each file receiver. The invention has the advantages of combining multiple encryption methods, convenience, safe distribution, and high security, and solves the problem that the original text cannot be restored due to forgotten passwords caused by traditional symmetric encryption algorithms.

Figure 201010275817

Description

File encryption and distribution method based on digital certificate
Technical field
The present invention relates to field of computer information security, particularly a kind of file encryption and distribution method based on digital certificate.
Background technology
Along with the popularization of information technology and popularizing of Internet, people's life more and more depends on computer.People enjoy that computer system provides simultaneously easily, also be faced with the threat of various information securities, as leakage of personal information, classified papers be stolen, user's USB flash disk is lost, the leakage of information of the webserver side of having malice etc.A few days ago, an investigation about enterprise information security has been carried out at the information-based director of 358 enterprises in the SearchSecurity website.The result of investigation shows that enterprise's secret has 30%~40% in revealing at present, is caused by the leakage of e-file, and the company of last thousand families of " wealth " rank, and the loss that causes of divulging a secret of each electronic document is about 4,000,000 US dollars.
Network hard disc is an important application on the present Internet, and data security is the key problem that network hard disc is used.When transmitting some vital documents of distribution, traditional method adopts some symmetric encipherment algorithms to come encrypt file usually, then password is expressly informed the file recipient, this method operates simple relatively, but a lot of potential safety hazards are also arranged: at first, when leaking appears in password, we can't guarantee that the actual people who views file is legal file recipient; Secondly, when removing declassified document again behind the certain interval of time, if when forgetting initial Crypted password, the file that the user can't enabling decryption of encrypted; The 3rd, after needs are with a file encryption, be distributed to a plurality of man-hours, if adopt identical password encryption, then risk is with uncontrollable, and leaking appears in any one password, and file all will be stolen, and also be difficult to launch when following the trail of source of leaks, if adopt different keys separately to encrypt, then strengthened workload virtually, and the password table is difficult to safeguard to different file recipients.
Summary of the invention
The objective of the invention is to overcome above-mentioned shortcoming and defect, a kind of file encryption and distribution method based on digital certificate is provided, this method has advantages such as adopting multiple encryption method combination, convenience, secure distribution, fail safe height, and solved that traditional symmetric encipherment algorithm brings can't recover the problem of original text because of forgetting Password.
The objective of the invention is to be achieved through the following technical solutions: a kind of file encryption and distribution method based on digital certificate as shown in Figure 1, may further comprise the steps:
S1, file master initialization operational factor, the file encryption password that uses when encrypt file is set obtains file recipient's PKI, and a newly-built file enters step S2;
S2, file recipient's number is write in the new file, enter step S3;
S3, each file recipient's encrypted authentication information is write in the new file successively, enter step S4;
S4, the source file that needs are encrypted carry out being written to successively in the new file behind the block encryption, enter step S5;
S5, new file is sent to each file recipient.
To better implement the present invention, described file recipient comprises file master self.
Preferably, described file recipient's encrypted authentication information specifically comprises:
(1) use file recipient's PKI by rivest, shamir, adelman, is encrypted the file encryption password string among the step S1, obtains file recipient's file encrypted message;
(2) length value of above-mentioned file encrypted message.
Preferably, described step S3, each file recipient's encrypted authentication information is write in the new file successively, specifically may further comprise the steps:
S3.1, file instigator use file recipient's PKI, by rivest, shamir, adelman, the file encryption password string are encrypted, obtain file recipient's file encrypted message, obtain this document encrypted message string length, length value is appended in the new file, enter step S3.2;
S3.2, file chief commander file encrypted message are appended in the new file, enter step S3.3;
S3.3, file master judge whether to generate all files recipient's file encrypted message, if then enter step S4; If not, return step S3.1.
Preferably, described rivest, shamir, adelman is RSA cryptographic algorithms, ECC (elliptic curve) cryptographic algorithm or other rivest, shamir, adelmans.
Preferably, described step S4, the source file that needs are encrypted carry out being written to successively in the new file behind the block encryption, specifically are meant:
The file main root is according to the symmetric encipherment algorithm that will use, source file is divided into groups, when if the not enough composition one of last grouped data of source file divides into groups, then make last grouping consistent with other grouped data length in the terminal zero padding of data, the file master encrypts each grouping by symmetric encipherment algorithm;
The file master is appended to the physical length value of last group of source file in the new file, and each grouping after encrypting is write in the new file successively.
Preferably, described step S4, the source file that needs are encrypted carry out being written to successively in the new file behind the block encryption, specifically may further comprise the steps:
S4.1, file master are the length value that unit obtains source file with the byte, calculate the mould of source file length value and m, and the result is appended to during new file connects, and enter step S4.2;
S4.2, file master judge that whether source file length is 0, if be not 0, then enters step S4.3; If be 0, then jump to step S5;
S4.3, file master read the preceding m byte data of source file, when the not enough m byte of data, make its length just in time be the m byte in the terminal zero padding of data, use the file encryption password among the step S1, by symmetric encipherment algorithm this m byte data is encrypted, result after encrypting is appended in the new file, enters step S4.4;
S4.4, file master judge whether untreated residue file size is 0 in the source file, if be not 0, then enters step S4.5; If be 0, then jump to step S5;
S4.5, file master read ensuing m byte data, when the not enough m byte of data, terminal zero padding makes its length just in time be the m byte, use the file encryption password among the step S1, by symmetric encipherment algorithm this m byte data is encrypted, result after encrypting is appended in the new file, is back to step S4.4.
Preferably, the original length of each grouping when described m represents block encryption, the m value is by the symmetric encipherment algorithm decision of being adopted.
If adopt the AES cryptographic algorithm, then the m value is 16.
Preferably, described symmetric encipherment algorithm is one or more among DES, 3DES, RC4, RC5 and the Blowfish.
Compared with prior art, the present invention has following beneficial effect:
The first, multiple encryption method combination: the present invention combines traditional symmetric encipherment algorithm and modern public key encryption algorithm, use symmetric encipherment algorithm to realize encrypted content file, the cryptographic algorithm that uses public-key stamps file recipient's finger print information and file encryption information, the file recipient at first uses the private key deciphering of oneself to obtain the file encryption password, use oneself private key and file encryption password to carry out file decryption more simultaneously, obtain original document, guarantee safety of files.
The second, secure distribution: adopt file user PKI to come the file of needs distribution is encrypted, system is when encrypting file, in file header, used a variable-length file head form, each file recipient user's of corresponding record public key verifications information and encrypted authentication information realize the secure distribution file.The file master only needs to select simultaneously the PKI of the groups or users correspondence of needs distribution, once encrypts, and just can give different users with the file distributing after encrypting, and reach once the purpose that encryption, multi-user's multigroup component are sent out authentication.
What three, solved that traditional symmetric encipherment algorithm brings can't recover the problem of original text because of forgetting Password.In encrypt file, write down file master's file encrypted message simultaneously, as fingerprint, the convenience file master fetches password when forgetting Password: file master's file encryption encrypted message is encrypted by himself's PKI, data encrypted is put into the assigned address of file header, when the file master forgets Password, can fetch the corresponding file Crypted password by file master's oneself private key.
Four, improve fail safe: the user must use effective private key and file encryption password simultaneously when declassified document, has improved safety of files.
Five, convenience: system can both can carry out above cryptographic operation to a file according to user's actual needs, also can carry out above cryptographic operation to a file, and was very convenient.
Description of drawings
Fig. 1 is that the present invention is a kind of based on the file encryption of digital certificate and the workflow diagram of distribution method;
Fig. 2 is a kind of based on the file encryption of digital certificate and the workflow diagram of distribution method among the embodiment one.
Embodiment
Below in conjunction with embodiment and accompanying drawing, the present invention is described in further detail, but embodiments of the present invention are not limited thereto.
Embodiment one
A kind of file encryption and distribution method based on digital certificate as shown in Figure 2, may further comprise the steps:
S1, file master initialization operational factor, the file encryption password that uses when comprising encrypt file, file master's PKI, and file recipient's PKI enter step S2;
The number that S2, file master add up the encrypt file preserver, this numerical value is written in preceding 4 bytes of new files 1, wherein encrypt file preserver's number comprises that file recipient and file master self (for example wish to send to user B, C behind file of user A encryption, user A self also preserves this encrypt file simultaneously, then the value at this place is 3), enter step S3;
S3, file instigator use the PKI of oneself, by RSA cryptographic algorithms, the file encryption password string are encrypted, and obtain file master's file encrypted message; The file master obtains the length of file encrypted message character string, length value is written in next 4 bytes of new file 1, enters step S4;
S4, file chief commander file encrypted message are appended in the new file 1, enter step S5;
S5, file instigator use file recipient's PKI, by RSA Algorithm, the file encryption password string are encrypted, obtain file recipient's file encrypted message, obtain this document encrypted message string length, length value is appended in new file 1 ensuing 4 bytes, enter step S6;
S6, file chief commander file encrypted message are appended in the new file 1, enter step S7;
S7, file master judge whether to generate all files recipient's file encrypted message, if then enter poly-S8 of step; If not, return step S5;
S8, file master are the length value that unit obtains source file with the byte, calculate the mould of source file length value and 16, and the result is appended in new file 1 ensuing 4 bytes, enter step S9;
S9, file master judge that whether source file length is 0, if be not 0, then enters step S10; If be 0, then jump to step S13;
S10, file master read preceding 16 byte datas of source file, when not enough 16 bytes of data, replenish specific data, the file encryption password that provides among the step S1 is provided, by the AES cryptographic algorithm this 16 byte data is encrypted, the result after encrypting is appended in the new file 1, enter step S11;
S11, file master judge whether untreated residue file size is 0 in the source file, if be not 0, then enters step S12; If be 0, then jump to step S13;
S12, read ensuing 16 byte datas, when not enough 16 bytes of data, replenish specific data, the file encryption password that provides among the step S1 is provided, by the AES cryptographic algorithm this 16 byte data is encrypted, the result after encrypting is appended in the new file 1, be back to step S11;
S13, file master ends file are encrypted, and each file recipient is preserved and sent to new file 1.
Among above-mentioned steps S10 and the step S12, described additional specific data is meant that specifically making its length in the terminal zero padding of data just in time is 16 bytes.Because in S8, write down the physical length of last group of source file, when decryption oprerations, can add according to the deletion of the physical length of last group of source file those zero.
The form of encrypt file in the present embodiment one is shown in Table 1:
Figure BSA00000261674800051
● encrypt file preserver number: length is 4 bytes, the number that is used for the encrypted file preserver, comprise file recipient and file master self, for example user A wishes to send to user B, C after encrypting a file, user A self also preserves this encrypt file simultaneously, and then the value at this place is 3.
● file master's file encrypted message length: length is 4 bytes, be used to preserve file master's file encrypted message string length, above-mentioned said file master's file encrypted message is that the PKI by the file master carries out obtaining after RSA cryptographic algorithms is encrypted to the file encryption password.
● file master's file encrypted message: length is determined by the value that last item provides, is used to preserve file master's file encrypted message.
● recipient 1 file encrypted message length: length is 4 bytes, be used to preserve file recipient 1 file encrypted message string length, above-mentioned said file recipient's 1 file encrypted message is that the PKI by file recipient 1 carries out obtaining after RSA cryptographic algorithms is encrypted to the file encryption password.
● recipient 1 file encrypted message: length is determined by the value that last item provides, is used to preserve file recipient 1 file encrypted message.
● recipient 2 file encrypted message length: length is 4 bytes, be used to preserve file recipient 2 file encrypted message string length, above-mentioned said file recipient's 2 file encrypted message is that the PKI by file recipient 2 carries out obtaining after RSA cryptographic algorithms is encrypted to the file encryption password.
● recipient 2 file encrypted message: length is determined by the value that last item provides, is used to preserve file recipient 2 file encrypted message.
●……
●……
● the file encrypted message length of recipient n: length is 4 bytes, be used to preserve the file encrypted message string length of file recipient n, the file encrypted message of above-mentioned said file recipient n is that the PKI by file recipient n carries out obtaining after RSA cryptographic algorithms is encrypted to the file encryption password.
● the file encrypted message of recipient n: length is determined by the value that last item provides, is used to preserve the file encrypted message of file recipient n.
● last group figure place of block encryption: length is 4 bytes, is used to write down the residue figure place (for the mould of source file length value and 16) of last group when source file carried out block encryption, if source file length just is the integral multiple of 16 bytes, should place's value be 0 then.
Body part: when the source file content was empty, this part was empty; When source file was not empty, this part was used to preserve the file content after the encryption, is meant that specifically with 16 bytes be one group, uses the file encryption password by the AES cryptographic algorithm each group to be encrypted, and successively the content after encrypting is written to here and preserves.If last organizes not enough 16 bytes, it just in time is to encrypt after 16 bytes that then terminal zero padding makes its length again.
Based on the file encryption and the distribution method of above-mentioned digital certificate, the file recipient receives new file 1 and is decrypted, and reads file content, specifically may further comprise the steps:
S20, file recipient receive new file 1, are required input file recipient's private key and file decryption password, enter step S21;
S21, file recipient read preceding 4 bytes in the new file 1, learn that total n+1 people can read this document, and promptly this document head includes n+1 file encrypted message, enters step S22;
S22, read new file 1 ensuing 4 byte datas, this data value is represented the string length of ensuing file encrypted message, enters step S23;
S23, according to the data value of reading among the step S22, in new file 1, then reading the data (these data are the file encrypted message) of this data value length, and storage; Enter step S24;
S24, file recipient use the private key of oneself to attempt by RSA Algorithm file encryption information being decrypted, if decrypted result is consistent with the file decryption password of file recipient input, then this document recipient obtains the file decryption password, enters step S25; If deciphering is unsuccessful, then the file recipient further judges whether to have read n+1 file encrypted message, if then enter step S29; If not, then return step S22;
S25, file recipient judge whether to read n+1 file encrypted message, if then enter step S27; If not, then enter step S26;
S26, file recipient read ensuing 4 byte datas in the new file 1, according to this data value, then read the data of this data value length in new file 1, and return step S25;
S27, file recipient read ensuing 4 byte datas in the new file 1, and step S28 is stored and entered to the residue figure place of last group when this data representation source file carried out block encryption;
S28, file recipient then read the remaining data in the new file 1, are one group with 16 bytes in order, and remaining data is divided into groups, and use the file decryption password that obtains among the step S24 successively grouped data to be decrypted by aes algorithm, and preserve; Wherein behind last component group data decryption,, preserve the data of corresponding data length, finally obtain the source file content, enter step S29 according to the residue figure place among the step S27;
S29, end operation.
Based on the file encryption and the distribution method of above-mentioned digital certificate, the file master self preserves new file 1 and is decrypted, and reads file content, specifically may further comprise the steps:
S31, file master read preceding 4 bytes in the new file 1, learn that total n+1 people can read this document, and promptly this document head includes n+1 file encrypted message, enters step S32;
S32, read new file 1 ensuing 4 byte datas, this data value is represented the string length of ensuing file encrypted message, enters step S33;
S33, according to the data value of reading among the step S32, in new file 1, then reading the data (these data are the file encrypted message) of this data value length, and storage, enter step S34;
Whether S34, file master remember the file decryption password, if forget, then the file instigator is decrypted the file encrypted message by RSA Algorithm with the private key of oneself, obtains the file decryption password, and enters step S35; If the file master remembers the file decryption password, then enter step S35;
S35, file master read ensuing 4 byte datas in the new file 1, according to this data value, then read the data of this data value length in new file 1, and enter step S36;
S36, file master judge whether to read n+1 file encrypted message, if then enter step S37; If not, then return step S35;
S37, file master read ensuing 4 byte datas in the new file 1, and step S38 is stored and entered to the residue figure place of last group when this data representation source file carried out block encryption;
S38, file master then read the remaining data in the new file 1, are one group with 16 bytes in order, and remaining data is divided into groups, and use the file decryption password that obtains among the step S34 successively grouped data to be decrypted by aes algorithm, and preserve; Wherein behind last component group data decryption,, preserve the data of corresponding data length, finally obtain the source file content, end operation according to the residue figure place among the step S37.
Embodiment two
A kind of file encryption and distribution method based on digital certificate may further comprise the steps:
S1, file master initialization operational factor, file encryption password that uses when comprising encrypt file and file recipient's PKI enter step S2;
The number that S2, file master add up the encrypt file recipient is written to this numerical value in preceding 4 bytes of new files 2, and (for example user A wishes to send to user B, C after encrypting a file, and then the value at this place is 2) enters step S3;
S3, file instigator use file recipient's PKI, pass through RSA cryptographic algorithms, the file encryption password string is encrypted, obtain file recipient's file encrypted message, obtain this document encrypted message string length, length value is appended in new file 2 ensuing 4 bytes, enters step S4;
S4, file chief commander file encrypted message are appended in the new file 2, enter step S5;
S5, file master judge whether to generate all files recipient's file encrypted message, if then enter step S6; If not, return step S3;
S6, file master are the length value that unit obtains source file with the byte, calculate the mould of source file length value and 7, and the result is appended in new file 2 ensuing 4 bytes, enter step S7;
S7, file master judge that whether source file length is 0, if be not 0, then enters step S8; If be 0, then jump to step S11;
S8, file master read preceding 7 byte datas of source file, when not enough 7 bytes of data, replenish specific data, the file encryption password that provides among the step S1 is provided, by the des encryption algorithm this 7 byte data is encrypted, the result after encrypting is appended in the new file 2, enter step S9;
S9, file master judge whether untreated residue file size is 0 in the source file, if be not 0, then enters step S10; If be 0, then jump to step S11;
S10, read ensuing 7 byte datas, when not enough 7 bytes of data, replenish specific data, the file encryption password that provides among the step S1 is provided, by the des encryption algorithm this 7 byte data is encrypted, the result after encrypting is appended in the new file 2, be back to step S9;
S11, file master ends file are encrypted, and new file 2 is sent to each file recipient.
Among above-mentioned steps S8 and the step S10, described additional specific data, be meant that specifically making its length in the terminal zero padding of data just in time is 7 bytes, because in S6, write down the physical length of last group of source file, be decrypted when operation algorithm can add according to the physical length deletion of last group of source file those zero.
The form of encrypt file in the present embodiment two is shown in Table 2:
● encrypt file recipient number: length is 4 bytes, is used for encrypted file recipient's number, and for example user A wishes to send to user B, C after encrypting a file, and then the value at this place is 2.
● recipient 1 file encrypted message length: length is 4 bytes, be used to preserve file recipient 1 file encrypted message string length, above-mentioned said file recipient's 1 file encrypted message is that the PKI by file recipient 1 carries out obtaining after RSA cryptographic algorithms is encrypted to the file encryption password.
● recipient 1 file encrypted message: length is determined by the value that last item provides, is used to preserve file recipient 1 file encrypted message.
● recipient 2 file encrypted message length: length is 4 bytes, be used to preserve file recipient 2 file encrypted message string length, above-mentioned said file recipient's 2 file encrypted message is that the PKI by file recipient 2 carries out obtaining after RSA cryptographic algorithms is encrypted to the file encryption password.
● recipient 2 file encrypted message: length is determined by the value that last item provides, is used to preserve file recipient 2 file encrypted message.
●……
●……
● the file encrypted message length of recipient n: length is 4 bytes, be used to preserve the file encrypted message string length of file recipient n, the file encrypted message of above-mentioned said file recipient n is that the PKI by file recipient n carries out obtaining after RSA cryptographic algorithms is encrypted to the file encryption password.
● the file encrypted message of recipient n: length is determined by the value that last item provides, is used to preserve the file encrypted message of file recipient n.
● last group figure place of block encryption: length is 4 bytes, is used to write down the residue figure place (for the mould of source file length value and 7) of last group when source file carried out block encryption, if source file length just is the integral multiple of 7 bytes, should place's value be 0 then.
Body part: when the source file content was empty, this part was empty; When source file was not empty, this part was used to preserve the file content after the encryption, is meant that specifically with 7 bytes be one group, uses the file encryption password by the des encryption algorithm each group to be encrypted, and successively the content after encrypting is written to here and preserves.If last organizes not enough 7 bytes, it just in time is to encrypt after 7 bytes that then terminal zero padding makes its length again.
Based on the file encryption and the distribution method of above-mentioned digital certificate, the file recipient receives new file 2 and is decrypted, and reads file content, specifically may further comprise the steps:
S20, file recipient receive new file 2, are required input file recipient's private key and file decryption password, enter step S21;
S21, file recipient read preceding 4 bytes in the new file 2, learn that total n people can read this document, and promptly this document head includes n file encrypted message, enters step S22;
S22, read new file 2 ensuing 4 byte datas, this data value is represented the string length of ensuing file encrypted message, enters step S23;
S23, according to the data value of reading among the step S22, in new file 2, then reading the data (these data are the file encrypted message) of this data value length, and storage; Enter step S24;
S24, file recipient use the private key of oneself to attempt by RSA Algorithm file encryption information being decrypted, if decrypted result is consistent with the file decryption password of file recipient input, then this document recipient obtains the file decryption password, enters step S25; If deciphering is unsuccessful, then the file recipient further judges whether to have read n file encrypted message, if then jump to step S29; If not, then return step S22;
S25, file recipient judge whether to read n file encrypted message, if then enter step S27; If not, then enter step S26;
S26, file recipient read ensuing 4 byte datas in the new file 2, according to this data value, then read the data of this data value length in new file 2, and return step S25;
S27, file recipient read ensuing 4 byte datas in the new file 2, and step S28 is stored and entered to the residue figure place of last group when this data representation source file carried out block encryption;
S28, file recipient then read the remaining data in the new file 2, are one group with 7 bytes in order, and remaining data is divided into groups, and use the file decryption password that obtains among the step S24 successively grouped data to be decrypted by the DES algorithm, and preserve; Wherein behind last component group data decryption,, preserve the data of corresponding data length, finally obtain the source file content, enter step S29 according to the residue figure place among the step S27;
S29, end operation.
Aes algorithm can use DES, 3DES, RC4, RC5, Blowfish or other symmetric encipherment algorithm to substitute in the above process, and RSA Algorithm can substitute with ECC or other rivest, shamir, adelman.
The foregoing description is a preferred implementation of the present invention; but embodiments of the present invention are not limited by the examples; other any do not deviate from change, the modification done under spirit of the present invention and the principle, substitutes, combination, simplify; all should be the substitute mode of equivalence, be included within protection scope of the present invention.

Claims (10)

1.一种基于数字证书的文件加密和分发方法,其特征在于,包括以下步骤:1. A file encryption and distribution method based on digital certificates, characterized in that, comprising the following steps: S1、文件主初始化运行参数,设置加密文件时使用的文件加密密码,获取文件接收者的公钥,新建一个文件,进入步骤S2;S1, the file master initializes the operating parameters, sets the file encryption password used when encrypting the file, obtains the public key of the file receiver, creates a new file, and enters step S2; S2、将文件接收者的个数写入新文件中,进入步骤S3;S2. Write the number of file recipients into the new file, and enter step S3; S3、将各文件接收者的加密验证信息依次写入新文件中,进入步骤S4;S3. Write the encrypted verification information of each file receiver into the new file in turn, and enter step S4; S4、对需要加密的源文件进行分组加密后依次写入到新文件中,进入步骤S5;S4. Carry out group encryption to the source files that need to be encrypted and then write them into new files in turn, and enter step S5; S5、将新文件发送给各文件接收者。S5. Send the new file to each file receiver. 2.根据权利要求1所述一种基于数字证书的文件加密和分发方法,其特征在于,所述文件接收者包括文件主自身。2. A method for encrypting and distributing files based on digital certificates according to claim 1, wherein said file recipients include file owners themselves. 3.根据权利要求1所述一种基于数字证书的文件加密和分发方法,其特征在于,步骤S3中,所述文件接收者的加密验证信息,具体包括:3. A method for encrypting and distributing files based on digital certificates according to claim 1, characterized in that, in step S3, the encrypted verification information of the file recipient specifically includes: (1)使用文件接收者的公钥,通过非对称加密算法,将步骤S1中的文件加密密码字符串加密,得到文件接收者的文件密码信息;(1) Use the public key of the file receiver to encrypt the file encryption password string in step S1 through an asymmetric encryption algorithm to obtain the file password information of the file receiver; (2)上述文件密码信息的长度值。(2) The length value of the above file password information. 4.根据权利要求3所述一种基于数字证书的文件加密和分发方法,其特征在于,所述步骤S3、将各文件接收者的加密验证信息依次写入新文件中,具体包括以下步骤:4. A method for encrypting and distributing files based on digital certificates according to claim 3, wherein said step S3, writing the encrypted verification information of each file receiver into the new file in turn, specifically comprises the following steps: S3.1、文件主使用文件接收者的公钥,通过非对称加密算法,将文件加密密码字符串加密,得到文件接收者的文件密码信息,获取该文件密码信息字符串长度,将长度值追加到新文件中,进入步骤S3.2;S3.1. The file owner uses the public key of the file receiver to encrypt the file encryption password string through an asymmetric encryption algorithm to obtain the file password information of the file receiver, obtain the length of the file password information string, and append the length value into the new file, enter step S3.2; S3.2、文件主将文件密码信息追加到新文件中,进入步骤S3.3;S3.2. The file owner appends the file password information to the new file, and proceeds to step S3.3; S3.3、文件主判断是否已生成全部文件接收者的文件密码信息,若是,则进入步骤S4;若否,返回步骤S3.1。S3.3. The file owner judges whether the file password information of all file recipients has been generated, if yes, proceed to step S4; if not, return to step S3.1. 5.根据权利要求3或4所述一种基于数字证书的文件加密和分发方法,其特征在于,所述非对称加密算法为RSA加密算法或ECC加密算法。5. A digital certificate-based file encryption and distribution method according to claim 3 or 4, wherein the asymmetric encryption algorithm is an RSA encryption algorithm or an ECC encryption algorithm. 6.根据权利要求1所述一种基于数字证书的文件加密和分发方法,其特征在于,所述步骤S4、对需要加密的源文件进行分组加密后依次写入到新文件中,具体是指:6. A method for encrypting and distributing files based on digital certificates according to claim 1, characterized in that, said step S4, performing group encryption on the source files to be encrypted, and then sequentially writing them into new files, specifically refers to : 文件主根据要使用的对称加密算法,对源文件进行分组,若源文件的最后一个分组数据不够组成一分组时,则在数据末端补零使最后一个分组与其它的分组数据长度一致,文件主通过对称加密算法加密各分组;The file master groups the source files according to the symmetric encryption algorithm to be used. If the last group data of the source file is not enough to form a group, then pad zero at the end of the data to make the last group consistent with other group data lengths. The file master Encrypt each packet by a symmetric encryption algorithm; 文件主把源文件最后一组的实际长度值追加到新文件中,并把加密后的各分组依次写入新文件中。The file master appends the actual length value of the last group of the source file to the new file, and writes each encrypted group into the new file in turn. 7.根据权利要求6所述一种基于数字证书的文件加密和分发方法,其特征在于,所述步骤S4、对需要加密的源文件进行分组加密后依次写入到新文件中,具体包括以下步骤:7. A method for encrypting and distributing files based on digital certificates according to claim 6, characterized in that, said step S4, performing packet encryption on source files to be encrypted, and then sequentially writing them into new files, specifically comprising the following step: S4.1、文件主以字节为单位获取源文件的长度值,计算源文件长度值与m的模,并把结果追加到新文件接中,进入步骤S4.2;S4.1, the file master obtains the length value of the source file in units of bytes, calculates the modulus between the length value of the source file and m, and appends the result to the new file connection, and enters step S4.2; S4.2、文件主判断源文件长度是否为0,如果不为0,则进入步骤S4.3;如果为0,则跳转至步骤S5;S4.2, the file master judges whether the length of the source file is 0, if not 0, then enter step S4.3; if it is 0, then jump to step S5; S4.3、文件主读出源文件的前m字节数据,当数据不够m字节时,末端补零使其长度正好为m字节,使用步骤S1中的文件加密密码,通过对称加密算法对该m字节数据加密,将加密后的结果追加到新文件中,进入步骤S4.4;S4.3. The file master reads out the first m bytes of data of the source file. When the data is not enough for m bytes, the end is filled with zeros to make the length exactly m bytes, and the file encryption password in step S1 is used to pass the symmetric encryption algorithm. Encrypt the m-byte data, append the encrypted result to the new file, and enter step S4.4; S4.4、文件主判断源文件中未处理的剩余文件长度是否为0,如果不为0,则进入步骤S4.5;如果为0,则跳转至步骤S5;S4.4, the file master judges whether the unprocessed remaining file length in the source file is 0, if not 0, then enter step S4.5; if it is 0, then jump to step S5; S4.5、文件主读出接下来的m字节数据,当数据不够m字节时,在数据末端补零使其长度正好为m字节,使用步骤S1中的文件加密密码,通过对称加密算法对该m字节数据加密,将加密后的结果追加到新文件中,返回至步骤S4.4。S4.5. The file master reads out the next m bytes of data. When the data is not enough for m bytes, fill in zeros at the end of the data to make the length exactly m bytes, and use the file encryption password in step S1 to perform symmetric encryption The algorithm encrypts the m-byte data, appends the encrypted result to the new file, and returns to step S4.4. 8.根据权利要求7所述一种基于数字证书的文件加密和分发方法,其特征在于,所述m表示分组加密时各分组的原始长度,m值由所采用的对称加密算法决定。8. A method for encrypting and distributing files based on digital certificates according to claim 7, wherein said m represents the original length of each packet when the packet is encrypted, and the value of m is determined by the adopted symmetric encryption algorithm. 9.根据权利要求8所述一种基于数字证书的文件加密和分发方法,其特征在于,若采用AES加密算法,则m取值为16。9. A method for encrypting and distributing files based on digital certificates according to claim 8, characterized in that, if the AES encryption algorithm is adopted, m is 16. 10.根据权利要求6或7或8所述一种基于数字证书的文件加密和分发方法,其特征在于,所述对称加密算法为DES、3DES、RC4、RC5和Blowfish中的一种或多种。10. A digital certificate-based file encryption and distribution method according to claim 6, 7 or 8, wherein the symmetric encryption algorithm is one or more of DES, 3DES, RC4, RC5 and Blowfish .
CN2010102758171A 2010-09-06 2010-09-06 File Encryption and Distribution Method Based on Digital Certificate Pending CN101938481A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2010102758171A CN101938481A (en) 2010-09-06 2010-09-06 File Encryption and Distribution Method Based on Digital Certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010102758171A CN101938481A (en) 2010-09-06 2010-09-06 File Encryption and Distribution Method Based on Digital Certificate

Publications (1)

Publication Number Publication Date
CN101938481A true CN101938481A (en) 2011-01-05

Family

ID=43391611

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010102758171A Pending CN101938481A (en) 2010-09-06 2010-09-06 File Encryption and Distribution Method Based on Digital Certificate

Country Status (1)

Country Link
CN (1) CN101938481A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103324891A (en) * 2013-05-10 2013-09-25 四川省林业调查规划院 Stand growth and yield model dynamic management method based on encryption technique
CN106487761A (en) * 2015-08-28 2017-03-08 华为终端(东莞)有限公司 A kind of method for message transmission and the network equipment
CN108718312A (en) * 2018-05-22 2018-10-30 朱小军 A kind of online encryption method of file

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1558594A (en) * 2004-01-14 2004-12-29 哈尔滨工业大学 A Processing Method for Confidentiality, Authentication, Rights Management and Diffusion Control of Electronic Documents
WO2008087734A1 (en) * 2007-01-19 2008-07-24 Mitsubishi Electric Corporation Cryptogram generating device, cryptogram communication system, and group parameter generating device
CN101594228A (en) * 2009-07-02 2009-12-02 西安电子科技大学 Authentication encryption method between certificate public key system and identity public key system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1558594A (en) * 2004-01-14 2004-12-29 哈尔滨工业大学 A Processing Method for Confidentiality, Authentication, Rights Management and Diffusion Control of Electronic Documents
WO2008087734A1 (en) * 2007-01-19 2008-07-24 Mitsubishi Electric Corporation Cryptogram generating device, cryptogram communication system, and group parameter generating device
CN101594228A (en) * 2009-07-02 2009-12-02 西安电子科技大学 Authentication encryption method between certificate public key system and identity public key system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103324891A (en) * 2013-05-10 2013-09-25 四川省林业调查规划院 Stand growth and yield model dynamic management method based on encryption technique
CN106487761A (en) * 2015-08-28 2017-03-08 华为终端(东莞)有限公司 A kind of method for message transmission and the network equipment
CN108718312A (en) * 2018-05-22 2018-10-30 朱小军 A kind of online encryption method of file

Similar Documents

Publication Publication Date Title
KR101656434B1 (en) Secure data cache
US10419416B2 (en) Encryption and decryption techniques using shuffle function
KR101999188B1 (en) Secure personal devices using elliptic curve cryptography for secret sharing
US9977918B2 (en) Method and system for verifiable searchable symmetric encryption
EP2348447B1 (en) A computer implemented method for generating a set of identifiers from a private key, computer implemented method and computing device
US8619982B2 (en) Method and system for secure distribution of selected content to be protected on an appliance specific basis
US7861096B2 (en) Method, apparatus, and program product for revealing redacted information
JP4256415B2 (en) ENCRYPTION DEVICE, DECRYPTION DEVICE, INFORMATION SYSTEM, ENCRYPTION METHOD, DECRYPTION METHOD, AND PROGRAM
US20110145576A1 (en) Secure method of data transmission and encryption and decryption system allowing such transmission
US20100005318A1 (en) Process for securing data in a storage unit
JP2010050760A (en) Content protection apparatus, and content utilization apparatus
CN106776904A (en) The fuzzy query encryption method of dynamic authentication is supported in a kind of insincere cloud computing environment
Purnama An analysis of encryption and decryption application by using one time pad algorithm
JP7325396B2 (en) Data file encryption transmission/reception system and data file encryption transmission/reception method
CN110233729B (en) Encrypted solid-state disk key management method based on PUF
CN101859306B (en) Method and equipment for generating blind index table, and united keyword search method and equipment
CN103139143B (en) The method of digital copyright management, system and server
CN103729603B (en) A kind of secure file management system and method for supporting that read-write separates
TW201426395A (en) Data security system and method
CN111541652A (en) A system for improving the security of secret information storage and transmission
CN101938481A (en) File Encryption and Distribution Method Based on Digital Certificate
CN105553661B (en) Key management method and device
JP4569593B2 (en) Encryption communication system, encryption communication method, encryption device, and decryption device
CN108737443B (en) A Method of Hiding Email Address Based on Cryptographic Algorithm
CN109302400B (en) Asset password exporting method for operation and maintenance auditing system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20110105