[go: up one dir, main page]

CN102355350B - A kind of file encrypting method for mobile intelligent terminal and system - Google Patents

A kind of file encrypting method for mobile intelligent terminal and system Download PDF

Info

Publication number
CN102355350B
CN102355350B CN201110182211.8A CN201110182211A CN102355350B CN 102355350 B CN102355350 B CN 102355350B CN 201110182211 A CN201110182211 A CN 201110182211A CN 102355350 B CN102355350 B CN 102355350B
Authority
CN
China
Prior art keywords
file
encryption
encrypted
key
transformation matrix
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201110182211.8A
Other languages
Chinese (zh)
Other versions
CN102355350A (en
Inventor
卞佳丽
张峻明
邝坚
鲁琲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN201110182211.8A priority Critical patent/CN102355350B/en
Publication of CN102355350A publication Critical patent/CN102355350A/en
Application granted granted Critical
Publication of CN102355350B publication Critical patent/CN102355350B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明公开了一种应用于移动终端领域的文件加密方法和系统,所述方法包括以下步骤:密钥生成步骤,生成对应所述保护等级的加密密钥;文件加密步骤,根据所述加密密钥对所述待加密文件进行加密得到已加密文件;密钥加密步骤,根据所述用户口令对所述加密密钥进行加密;写入步骤,将加密后的加密密钥写入所述已加密文件的指定位置。根据本发明的方法,可以省去用户读取文件时需要查询密钥的时间,很好的保证了加密密钥的安全,使文件的安全性得到了提高。

The invention discloses a file encryption method and system applied in the field of mobile terminals. The method includes the following steps: a key generation step, generating an encryption key corresponding to the protection level; a file encryption step, according to the encryption key The encrypted file is obtained by encrypting the file to be encrypted with the key; the key encryption step is to encrypt the encryption key according to the user password; the writing step is to write the encrypted encryption key into the encrypted file. The specified location of the file. According to the method of the invention, the time for users to inquire about the key when reading the file can be saved, the security of the encryption key is well guaranteed, and the security of the file is improved.

Description

一种用于移动智能终端的文件加密方法和系统A file encryption method and system for mobile intelligent terminal

技术领域 technical field

本发明涉及一种文件加密技术,尤其涉及一种用于移动智能终端的分等级的文件加密方法和系统。The invention relates to a file encryption technology, in particular to a hierarchical file encryption method and system for mobile smart terminals.

背景技术 Background technique

文件加密是一种根据要求在操作系统层自动地对写入存储介质的数据进行加密的技术,通过对文件进行加密以防止文件信息被窃取。随着移动智能终端的广泛应用,越来越多的黑客瞄准了移动智能终端用户,用户的文件信息被窃取的现象越来越多,因此,对移动智能终端中用户的文件信息进行有效的加密便显得尤为重要。File encryption is a technology that automatically encrypts data written to storage media at the operating system layer according to requirements, and encrypts files to prevent file information from being stolen. With the widespread application of mobile smart terminals, more and more hackers are targeting mobile smart terminal users, and more and more user file information is being stolen. Therefore, it is necessary to effectively encrypt user file information in mobile smart terminals becomes particularly important.

Android(商标)操作系统是Google公司于2007年11月5日发布的基于Linux平台的开源移动智能终端操作系统的名称,该平台由操作系统、中间件、用户界面和应用软件组成,号称是首个为移动终端打造的真正开放和完整的移动软件。The Android (trademark) operating system is the name of an open source mobile smart terminal operating system based on the Linux platform released by Google on November 5, 2007. The platform consists of an operating system, middleware, user interface and application software. A truly open and complete mobile software for mobile terminals.

现有的Android操作系统上的加密方法都是采用应用层JAVA语言所提供的加密接口,使用DES或者AES算法,DES算法不仅效率低而且不能抵御差分攻击,而且密钥长度也只有56位,AES算法虽然有128位的密钥长度,但是运算速度却很缓慢。The encryption methods on the existing Android operating system all use the encryption interface provided by the application layer JAVA language, using the DES or AES algorithm. The DES algorithm is not only inefficient but also unable to resist differential attacks, and the key length is only 56 bits. AES Although the algorithm has a key length of 128 bits, the operation speed is very slow.

现有的Android操作系统上存储密钥的主要方式是直接把密钥存储在数据库里,但是Android自身的数据库却没有良好的保护措施,这使得一旦数据库泄露,大量密钥将被攻击者获取,造成用户重要数据大量泄漏。The main way of storing keys on the existing Android operating system is to directly store the keys in the database, but the database of Android itself does not have good protection measures, which makes once the database leaks, a large number of keys will be obtained by attackers, It caused a large amount of leakage of important user data.

BLOWFISH加密算法是由Bruce Schneier设计的一种对称分组密码,具有很强的抗差分分析攻击的能力,具有高效,安全性、密钥长度可变等特点,具有32到448位可选择的密钥长度。但是该算法也存在一种安全隐患,即在产生子密钥后为了提高加密速度,而将子密钥保存在Cache中,这样使得如果Cache内容被攻击者窃取,便会造成全部加密子密钥泄露。The BLOWFISH encryption algorithm is a symmetric block cipher designed by Bruce Schneier. It has a strong ability to resist differential analysis attacks. It has the characteristics of high efficiency, security, and variable key length. It has optional keys from 32 to 448 bits. length. However, this algorithm also has a security risk, that is, in order to increase the encryption speed after the subkey is generated, the subkey is stored in the Cache, so that if the Cache content is stolen by an attacker, all encrypted subkeys will be destroyed. Give way.

消息摘要算法第五版(MD5)是由Ronal L.Rivest开发的,由MD2、MD3和MD4发展而来,它的作用是对消息生成消息摘要信息,如果消息在传播中被修改,那么在接收端重新计算该消息摘要值与原摘要值作对比时,就可以看出摘要值的不同,从而得出消息发生了修改。The fifth edition of the message digest algorithm (MD5) was developed by Ronal L. Rivest and developed from MD2, MD3 and MD4. Its function is to generate message digest information for messages. If the message is modified during transmission, then When the terminal recalculates the digest value of the message and compares it with the original digest value, it can be seen that the digest value is different, and thus it can be concluded that the message has been modified.

发明内容 Contents of the invention

本发明目的在于提供一种用于移动智能终端的文件加密方法和文件加密系统,旨在解决现有技术中,由于对安全性的忽略或对效率的忽略,而造成的移动终端文件不安全的存储或者加密效率过慢的问题。The purpose of the present invention is to provide a file encryption method and file encryption system for mobile smart terminals, aiming to solve the problem of insecure mobile terminal files caused by ignoring security or ignoring efficiency in the prior art Storage or encryption efficiency is too slow.

为了解决上述技术问题,本发明提供了一种用于移动智能终端的文件加密方法,其特征在于,包括:密钥生成步骤,生成对应所述保护等级的加密密钥;文件加密步骤,根据所述加密密钥对所述待加密文件进行加密得到已加密文件;密钥加密步骤,根据所述用户口令对所述加密密钥进行加密;写入步骤,将加密后的加密密钥写入所述已加密文件的指定位置。In order to solve the above technical problems, the present invention provides a file encryption method for mobile intelligent terminals, which is characterized in that it includes: a key generation step, generating an encryption key corresponding to the protection level; a file encryption step, according to the The encryption key encrypts the file to be encrypted to obtain an encrypted file; the key encryption step encrypts the encryption key according to the user password; the writing step writes the encrypted encryption key into the Specify the location of the encrypted file described above.

进一步,该方法还包括:在所述密钥生成步骤中,选择待加密文件的保护等级,根据所述保护等级不同,对应的所述加密密钥的长度不同。Further, the method further includes: in the key generating step, selecting a protection level of the file to be encrypted, and according to the different protection levels, the length of the corresponding encryption key is different.

进一步,该方法还包括:所述密钥加密步骤中,使用摘要消息算法MD5处理所述用户口令得到所述用户口令的摘要信息,使用所述摘要信息来加密所述加密密钥。Further, the method further includes: in the key encryption step, processing the user password with digest message algorithm MD5 to obtain digest information of the user password, and using the digest information to encrypt the encryption key.

进一步,该方法还包括:在所述文件加密步骤之前,先将所述待加密文件与一个变换矩阵进行异或运算,在所述文件加密步骤中将异或后的待加密数据进行加密;将所述变化矩阵根据所述用户口令进行加密,在所述写入步骤中将加密后的变换矩阵与加密后的加密密钥一并写入所述已加密文件的指定位置。Further, the method also includes: before the file encryption step, performing an XOR operation on the file to be encrypted and a transformation matrix, and encrypting the XORed data to be encrypted in the file encryption step; The transformation matrix is encrypted according to the user password, and in the writing step, the encrypted transformation matrix and the encrypted encryption key are written into the specified position of the encrypted file.

进一步,该方法还包括:所述变换矩阵为一个由随机数组成的矩阵,通过系统时间和一个随机值来生成。Further, the method further includes: the transformation matrix is a matrix composed of random numbers, which is generated by system time and a random value.

进一步,该方法还包括:所述变换矩阵为64位随机数组成的矩阵,所述待加密文件中读出的各个64位数据分别与所述64位随机数进行异或运算。Further, the method further includes: the transformation matrix is a matrix composed of 64-bit random numbers, and each 64-bit data read from the file to be encrypted is subjected to an XOR operation with the 64-bit random numbers respectively.

本发明还提供了一种文件加密系统,其特征在于,包括以下单元:密钥生成单元,其生成对应所述保护等级的加密密钥;文件加密单元,其根据所述加密密钥对所述待加密文件进行加密得到已加密文件;密钥加密单元,其根据所述用户口令对所述加密密钥进行加密;写入单元,其将加密后的加密密钥写入所述已加密文件的指定位置。The present invention also provides a file encryption system, which is characterized in that it includes the following units: a key generation unit, which generates an encryption key corresponding to the protection level; a file encryption unit, which encrypts the Encrypting the file to be encrypted to obtain an encrypted file; a key encryption unit, which encrypts the encryption key according to the user password; a writing unit, which writes the encrypted encryption key into the encrypted file specify the location.

进一步,本系统还包括:所述密钥生成单元选择待加密文件的保护等级,根据所述保护等级不同,对应的所述加密密钥的长度不同Further, the system also includes: the key generation unit selects the protection level of the file to be encrypted, and the length of the corresponding encryption key is different according to the protection level.

进一步,本系统还包括:异或运算单元,其生成变换矩阵,将所述待加密文件与该变换矩阵进行异或运算。变换矩阵加密单元,其根据所述用户口令对所述变换矩阵进行加密;所述写入单元被配置为用于将加密后的变化矩阵与加密后的加密密钥一并写入已加密文件的指定位置。Further, the system also includes: an XOR operation unit, which generates a transformation matrix, and performs an XOR operation on the file to be encrypted and the transformation matrix. A transformation matrix encryption unit, which encrypts the transformation matrix according to the user password; the writing unit is configured to write the encrypted transformation matrix together with the encrypted encryption key into the encrypted file specify the location.

进一步,本系统还包括:使用摘要消息算法MD5处理所述用户口令得到所述用户口令的摘要信息,在所述密钥加密单元使用所述摘要信息来加密所述加密密钥,在所述变换矩阵加密单元中使用所述摘要信息来加密所述变换矩阵。Further, the system also includes: using digest message algorithm MD5 to process the user password to obtain digest information of the user password, using the digest information to encrypt the encryption key in the key encryption unit, and converting The summary information is used in the matrix encryption unit to encrypt the transformation matrix.

与现有技术相比,本发明具有以下优点:Compared with the prior art, the present invention has the following advantages:

本发明文件加密方法和文件加密系统,把用户口令用MD5获得摘要后加密文件加密密钥,并把加密后的密钥存入源文件的指定位置。这样用户需要读取密钥时可以直接从文件的指定位置读出固定位数,不仅可以省去用户读取文件时需要查询密钥的时间,而且很好的保证了加密密钥的安全,即如果用户的口令不丢失,那么窃取文件加密密钥是十分困难的。The file encryption method and the file encryption system of the present invention use MD5 to obtain the encrypted file encryption key after the abstract of the user password, and store the encrypted key in the designated position of the source file. In this way, when the user needs to read the key, he can directly read the fixed number of digits from the specified position of the file, which not only saves the time for the user to query the key when reading the file, but also ensures the security of the encryption key, that is, Stealing file encryption keys is very difficult if the user's password is not lost.

进一步,用户可以根据自己对文件安全性的定义选择不同的保护等级,对于低安全等级的文件可以使用低等级的保护,这样有利于得到很快的加密速度,对于高安全等级的文件可以选择高等级的保护,虽然说在时间上会相对慢一些,但是对于文件的重要性来说时间上的牺牲是可以接受的。文件分级保护的方法避免了对所有文件按统一保护方式处理的情况,对一些安全性不高的文件就采取低等级的保护,使用户不会因为需要保护一个重要性一般的文件而花费和保护重要性较高文件一样的时间,也不会使安全性较高的文件得不到高安全等级的保护,从而在保证安全等级的同时,提高了运行效率。Furthermore, users can choose different protection levels according to their own definition of file security. For files with low security levels, low-level protection can be used, which is conducive to obtaining a fast encryption speed. For files with high security levels, high-level protection can be selected. Although the level of protection is relatively slow in time, the time sacrifice is acceptable for the importance of files. The method of hierarchical protection of files avoids the situation that all files are treated in a unified protection manner, and low-level protection is adopted for some files with low security, so that users will not spend and protect because they need to protect a file of general importance. The same time as files with higher importance will not prevent files with higher security from being protected with a high security level, thereby improving operating efficiency while ensuring the security level.

进一步,本发明还提供了一种可应用于BLOWFISH算法中的文件加密方法,即在对数据加密前先将数据进行一个异或变换,然后将这个参与变换的矩阵与文件加密密钥一起加密后存入文件的指定位置,在这种方法下,即使攻击者盗取了全部加密子密钥,在攻击者没有获得变换矩阵的情况下,仍然无法获取用户文件的内容。这种方法能够有效地改进BLOWFISH的安全性。Further, the present invention also provides a file encryption method applicable to the BLOWFISH algorithm, that is, before encrypting the data, an XOR transformation is performed on the data, and then the matrix participating in the transformation is encrypted together with the file encryption key. In this method, even if the attacker steals all the encryption sub-keys, the content of the user file cannot be obtained if the attacker does not obtain the transformation matrix. This method can effectively improve the security of BLOWFISH.

进一步,通过以系统时间和随机值作为种子来生成随机数,用于与待加密文件进行异或运算,可以保证在快速运算时生成的随机数均不相同,进一步增强了加密方法的安全性。Further, by using the system time and the random value as a seed to generate random numbers for XOR operation with the file to be encrypted, it can be ensured that the random numbers generated during fast operation are all different, further enhancing the security of the encryption method.

本发明的其它特征和优点将在随后的说明书中阐述,并且,部分地从说明书中变得显而易见,或者通过实施本发明而了解。本发明的目的和其他优点可通过在说明书、权利要求书以及附图中所特别指出的结构来实现和获得。Additional features and advantages of the invention will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.

附图说明 Description of drawings

附图用来提供对本发明的进一步理解,并且构成说明书的一部分,与本发明的实施例一起用于解释本发明,并不构成对本发明的限制。在附图中:The accompanying drawings are used to provide a further understanding of the present invention, and constitute a part of the description, and are used together with the embodiments of the present invention to explain the present invention, and do not constitute a limitation to the present invention. In the attached picture:

图1是根据本发明实施例一的文件加密方法的流程图;Fig. 1 is a flowchart of a file encryption method according to Embodiment 1 of the present invention;

图2是根据本发明实施例二的文件加密方法的流程图;Fig. 2 is a flowchart of a file encryption method according to Embodiment 2 of the present invention;

图3是根据本发明实施例三的文件加密系统的结构图;3 is a structural diagram of a file encryption system according to Embodiment 3 of the present invention;

图4是根据本发明实施例四的文件加密系统的结构图。FIG. 4 is a structural diagram of a file encryption system according to Embodiment 4 of the present invention.

具体实施方式 Detailed ways

以下将结合附图及实施例来详细说明本发明的实施方式,借此对本发明如何应用技术手段来解决技术问题,并达成技术效果的实现过程能充分理解并据以实施。需要说明的是,只要不构成冲突,本发明中的各个实施例以及各实施例中的各个特征可以相互结合,所形成的技术方案均在本发明的保护范围之内。The implementation of the present invention will be described in detail below in conjunction with the accompanying drawings and examples, so as to fully understand and implement the process of how to apply technical means to solve technical problems and achieve technical effects in the present invention. It should be noted that, as long as there is no conflict, each embodiment and each feature in each embodiment of the present invention can be combined with each other, and the formed technical solutions are all within the protection scope of the present invention.

另外,在附图的流程图示出的步骤可以在诸如一组计算机可执行指令的计算机系统中执行,并且,虽然在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。In addition, the steps shown in the flow diagrams of the figures may be performed in a computer system, such as a set of computer-executable instructions, and, although a logical order is shown in the flow diagrams, in some cases, the sequence may be different. The steps shown or described are performed in the order herein.

实施例一Embodiment one

图1是根据本发明实施例一的文件加密方法的流程图,下面结合图1详细说明该方法的各步骤:Fig. 1 is the flow chart of the file encryption method according to embodiment one of the present invention, each step of this method is described in detail below in conjunction with Fig. 1:

步骤S110(以下省略“步骤”二字),生成对应保护等级的加密密钥。In step S110 (the word "step" is omitted below), an encryption key corresponding to the protection level is generated.

在本步骤中,首先选择所需加密的文件(称为待加密文件),然后用户根据所选择文件的重要程度,对其加密的保护等级进行选择。In this step, the file to be encrypted is first selected (called the file to be encrypted), and then the user selects the protection level for encryption according to the importance of the selected file.

优选的,在提示用户选择文件保护等级的时候,本步骤可以根据用户实际所需的保护等级,选择待加密文件的保护等级,生成不同长度的文件加密密钥,由于加密系统的安全性很大一部分是由密钥长度决定的,但是长密钥必然导致在加密过程中文件加密缓慢的结果。所以本步骤给用户提供一个定性的可供选择保护等级的保护接口,用户可以根据自己对文件的要求来选择保护的等级。Preferably, when prompting the user to select the file protection level, this step can select the protection level of the file to be encrypted according to the actual protection level required by the user, and generate file encryption keys of different lengths, because the security of the encryption system is very large Part of it is determined by the key length, but a long key will inevitably lead to slow file encryption during the encryption process. Therefore, this step provides the user with a qualitative protection interface for selecting the protection level, and the user can select the protection level according to his own requirements for the file.

S120,根据加密密钥对待加密文件进行加密得到已加密文件。S120. Encrypt the file to be encrypted according to the encryption key to obtain an encrypted file.

在本步骤中,通过加密密钥对待加密文件通过预先设定的加密算法进行加密,得到已加密文件。In this step, the file to be encrypted is encrypted with a preset encryption algorithm using the encryption key to obtain the encrypted file.

S130,根据用户口令对加密密钥进行加密。S130. Encrypt the encryption key according to the user password.

本步骤的目的是为了增强加密密钥的安全性,使其不易被窃取。通过用户口令对加密密钥进行加密,能够保证在用户口令不丢失或泄漏的情况下,加密密钥是较为安全的。The purpose of this step is to enhance the security of the encryption key so that it is not easy to be stolen. Encrypting the encryption key through the user password can ensure that the encryption key is relatively safe under the condition that the user password is not lost or leaked.

优选的,使用MD5散列函数处理用户口令,得到用户口令的摘要信息。该摘要信息为128位的摘要信息,使用这128位摘要信息作为新的密钥加密密钥进行加密。Preferably, the MD5 hash function is used to process the user password to obtain summary information of the user password. The summary information is 128-bit summary information, and the 128-bit summary information is used as a new key encryption key for encryption.

S140,将加密后的加密密钥写入已加密文件的指定位置。S140. Write the encrypted encryption key into a designated location of the encrypted file.

将在S130中得到的加密后的密钥写入文件的指定位置,该指定位置是预先设定的。由于写入的经过加密的加密密钥的位数一定,这样就可以保证需要读取文件的加密密钥时,根据预先设定的指定位置和加密密钥的位数正确定位经过加密的加密密钥的位置,从而得出加密密钥。优选的,该指定位置为已加密文件的末尾或距离末尾指定位数的位置。Write the encrypted key obtained in S130 into a specified location of the file, and the specified location is preset. Since the number of bits of the encrypted encryption key to be written is fixed, it can be ensured that when the encryption key of the file needs to be read, the encrypted encryption key can be correctly positioned according to the preset specified position and the number of bits of the encryption key. The location of the key, resulting in the encryption key. Preferably, the specified position is at the end of the encrypted file or at a position with a specified number of digits away from the end.

实施例二Embodiment two

图2是根据本发明实施例二的文件加密方法的流程图,实施例二是在实施例一的基础上,进一步改进的加密方法,下面结合图2详细说明该方法的各步骤:Fig. 2 is the flow chart of the file encryption method according to embodiment two of the present invention, embodiment two is on the basis of embodiment one, further improved encryption method, each step of this method is described in detail below in conjunction with Fig. 2:

S210,生成对应保护等级的加密密钥。S210. Generate an encryption key corresponding to the protection level.

此步骤与实施例一S110相同。在此不作详述。This step is the same as S110 in the first embodiment. It will not be described in detail here.

S215,生成变换矩阵,将待加密文件与该变换矩阵进行异或运算。S215. Generate a transformation matrix, and perform an XOR operation on the file to be encrypted and the transformation matrix.

在对待加密文件进行加密前,先将其与一个变换矩阵进行异或运算,能够在加密密钥泄漏的情况下,仍能够保证文件的安全。优选的,该变换矩阵可以为由系统生成的随机数组成的矩阵,该矩阵是以系统时间加上一个随机值作为种子来生成的,可以保证在快速运算时生成的种子均不相同。优选的,该随机数为64位随机数,与从待加密文件中依次读出的64位数据进行异或运算。Before encrypting the file to be encrypted, XOR operation is performed on it and a transformation matrix, so that the security of the file can still be guaranteed even if the encryption key is leaked. Preferably, the transformation matrix may be a matrix composed of random numbers generated by the system. The matrix is generated using the system time plus a random value as a seed, which can ensure that the generated seeds are not the same during fast operations. Preferably, the random number is a 64-bit random number, and an XOR operation is performed with the 64-bit data sequentially read from the file to be encrypted.

S220,根据加密密钥对经过异或运算的待加密文件进行加密得到已加密文件。S220. Encrypt the file to be encrypted after the XOR operation according to the encryption key to obtain an encrypted file.

此步骤与实施例一S120相同。在此不作详述。This step is the same as S120 in the first embodiment. It will not be described in detail here.

S230,根据用户口令对变换矩阵和加密密钥进行加密。S230. Encrypt the transformation matrix and the encryption key according to the user password.

本步骤根据用户口令对变换矩阵进行加密与实施例一中步骤S130对加密密钥进行加密相同,优选的,使用MD5散列函数处理用户口令,得到用户口令的摘要信息,通过该摘要信息(128位)对变换矩阵和加密密钥进行加密。This step encrypts the transformation matrix according to the user password and is the same as step S130 in the first embodiment to encrypt the encryption key. Preferably, use the MD5 hash function to process the user password to obtain the summary information of the user password, and pass the summary information (128 bits) to encrypt the transformation matrix and encryption key.

S240,将加密后的变化矩阵与加密后的加密密钥一起写入已加密文件的指定位置。S240. Write the encrypted change matrix together with the encrypted encryption key to a designated location of the encrypted file.

本步骤与实施例一步骤S140类似,该指定位置是预先设定的。优选的,该指定位置为已加密文件的末尾或距离末尾指定位数的位置。This step is similar to step S140 in the first embodiment, and the specified location is preset. Preferably, the specified position is at the end of the encrypted file or at a position with a specified number of digits away from the end.

本实施例的方法可以用于BLOWFISH算法中,用于改进其安全性。The method of this embodiment can be used in the BLOWFISH algorithm to improve its security.

实施例三Embodiment three

图3是根据本发明实施例三的文件加密系统的结构框图,下面结合图3详细说明该文件加密系统的组成。FIG. 3 is a structural block diagram of a file encryption system according to Embodiment 3 of the present invention. The composition of the file encryption system will be described in detail below in conjunction with FIG. 3 .

该文件加密系统与实施例一的文件加密方法相对应,包括以下单元:The file encryption system corresponds to the file encryption method of Embodiment 1, and includes the following units:

密钥生成单元,其生成对应保护等级的加密密钥。A key generating unit, which generates an encryption key corresponding to the protection level.

在本单元中,首先选择所需加密的文件(称为待加密文件),然后用户根据所选择文件的重要程度,对其加密的保护等级进行选择。In this unit, first select the file to be encrypted (called the file to be encrypted), and then the user selects the protection level of encryption according to the importance of the selected file.

优选的,在提示用户选择文件保护等级的时候,本单元可以根据用户实际所需的保护等级,选择待加密文件的保护等级,生成不同长度的文件加密密钥,由于加密系统的安全性很大一部分是由密钥长度决定的,但是长密钥必然导致在加密过程中文件加密缓慢的结果。所以本单元给用户提供一个定性的可供选择保护等级的保护接口,用户可以根据自己对文件的要求来选择保护的等级。Preferably, when prompting the user to select the file protection level, this unit can select the protection level of the file to be encrypted according to the actual protection level required by the user, and generate file encryption keys of different lengths, because the security of the encryption system is very large Part of it is determined by the key length, but a long key will inevitably lead to slow file encryption during the encryption process. Therefore, this unit provides a qualitative protection interface for users to choose the protection level, and users can choose the protection level according to their own requirements for files.

文件加密单元,其根据该加密密钥对该待加密文件进行加密得到已加密文件。A file encryption unit, which encrypts the file to be encrypted according to the encryption key to obtain an encrypted file.

在本单元中,通过加密密钥对待加密文件通过预先设定的加密算法进行加密,得到已加密文件。In this unit, the encryption key is used to encrypt the file to be encrypted by the preset encryption algorithm to obtain the encrypted file.

密钥加密单元,其根据用户口令对加密密钥进行加密。The key encryption unit encrypts the encryption key according to the user password.

本单元的作用是为了增强加密密钥的安全性,使其不易被窃取。通过用户口令对加密密钥进行加密,能够保证在用户口令不丢失或泄漏的情况下,加密密钥是较为安全的。The function of this unit is to enhance the security of the encryption key so that it is not easy to be stolen. Encrypting the encryption key through the user password can ensure that the encryption key is relatively safe under the condition that the user password is not lost or leaked.

优选的,使用MD5散列函数处理用户口令,得到用户口令的摘要信息。该摘要信息为128位的摘要信息,使用这128位摘要信息作为新的密钥对加密密钥进行加密。Preferably, the MD5 hash function is used to process the user password to obtain summary information of the user password. The digest information is 128-bit digest information, and the encryption key is encrypted using the 128-bit digest information as a new key.

写入单元,其将加密后的加密密钥写入已加密文件的指定位置。Write unit, which writes the encrypted encryption key into the specified location of the encrypted file.

将在密钥加密单元中得到的加密后的密钥写入文件的指定位置,该指定位置是预先设定的。由于写入的经过加密的加密密钥的位数一定,这样就可以保证需要读取文件的加密密钥时,根据预先设定的指定位置和加密密钥的位数正确定位经过加密的加密密钥的位置,从而得出加密密钥。优选的,该指定位置为已加密文件的末尾或距离末尾指定位数的位置。Write the encrypted key obtained in the key encryption unit into a specified location of the file, and the specified location is preset. Since the number of bits of the encrypted encryption key to be written is fixed, it can be ensured that when the encryption key of the file needs to be read, the encrypted encryption key can be correctly positioned according to the preset specified position and the number of bits of the encryption key. The location of the key, resulting in the encryption key. Preferably, the specified position is at the end of the encrypted file or at a position with a specified number of digits away from the end.

实施例四Embodiment four

图4是根据本发明实施例四的文件加密方法的流程图,实施例四是在实施例三的基础上,进一步改进的加密系统,与实施例三的文件加密方法相对应,下面结合图2详细说明该方法的各单元。Fig. 4 is a flow chart of the file encryption method according to Embodiment 4 of the present invention. Embodiment 4 is a further improved encryption system on the basis of Embodiment 3, which corresponds to the file encryption method of Embodiment 3. Below in conjunction with Fig. 2 Each unit of the method is described in detail.

该文件机密系统包括以下单元:This file confidentiality system consists of the following units:

密钥生成单元,其生成对应保护等级的加密密钥。A key generating unit, which generates an encryption key corresponding to the protection level.

此单元与实施例二相同。在此不作详述。This unit is the same as the second embodiment. It will not be described in detail here.

异或运算单元,其生成变换矩阵,将待加密文件与该变换矩阵进行异或运算。An XOR operation unit, which generates a transformation matrix, and performs an XOR operation on the file to be encrypted and the transformation matrix.

在对待加密文件进行加密前,先将其与一个变换矩阵进行异或运算,能够在加密密钥泄漏的情况下,仍能够保证文件的安全。优选的,该变换矩阵可以为由系统生成的随机数组成的矩阵,该随机数是以系统时间加上一个随机值作为种子来生成的,可以保证在快速运算时生成的种子均不相同。优选的,该矩阵由为64位随机数组成的矩阵,与从待加密文件中依次读出的64位数据进行异或运算。Before encrypting the file to be encrypted, XOR operation is performed on it and a transformation matrix, so that the security of the file can still be guaranteed even if the encryption key is leaked. Preferably, the transformation matrix may be a matrix composed of random numbers generated by the system. The random numbers are generated by using the system time plus a random value as a seed, which can ensure that the generated seeds are not the same during fast operations. Preferably, the matrix is composed of 64-bit random numbers, and XOR operation is performed with the 64-bit data sequentially read from the file to be encrypted.

文件加密单元,其根据加密密钥对经过异或运算的待加密文件进行加密得到已加密文件。The file encryption unit encrypts the file to be encrypted after XOR operation according to the encryption key to obtain the encrypted file.

此单元与实施例三相同。在此不作详述。This unit is the same as the third embodiment. It will not be described in detail here.

变换矩阵加密单元,其根据用户口令对变换矩阵和加密密钥进行加密。The transformation matrix encryption unit encrypts the transformation matrix and the encryption key according to the user password.

本单元根据用户口令对变换矩阵进行加密与实施例一中单元S130对加密密钥进行加密相同,优选的,使用MD5散列函数处理用户口令,得到用户口令的摘要信息,通过该摘要信息(128位)对变换矩阵和加密密钥进行加密。This unit encrypts the transformation matrix according to the user password, which is the same as that unit S130 encrypts the encryption key in the first embodiment. Preferably, the MD5 hash function is used to process the user password to obtain the summary information of the user password. Through the summary information (128 bits) to encrypt the transformation matrix and encryption key.

写入单元,其将加密后的变化矩阵与加密后的加密密钥一起写入已加密文件的指定位置。A writing unit, which writes the encrypted change matrix and the encrypted encryption key into a specified position of the encrypted file.

本单元与实施例三的写入单元相类似,该指定位置是预先设定的。优选的,该指定位置为已加密文件的末尾或距离末尾指定位数的位置。This unit is similar to the writing unit in the third embodiment, and the designated position is preset. Preferably, the specified position is at the end of the encrypted file or at a position with a specified number of digits away from the end.

优选的,与加密后的变换矩阵一起写入指定位置的是通过用户口令进行加密后的加密密钥(通过密钥加密单元实现,未在图4中示出),其加密方式与变换矩阵相同。Preferably, what is written into the designated position together with the encrypted transformation matrix is the encrypted encryption key (realized by the key encryption unit, not shown in Fig. 4 ) encrypted by the user password, and its encryption method is the same as the transformation matrix .

本发明的文件加密方法和文件加密系统具有较高的效率。使在32bit微处理器,可以达到每18个时钟周期加密1Byte数据的速度,时间约是DES及AES的十分之一,很大程度上提高了加密的效率。The file encryption method and the file encryption system of the present invention have higher efficiency. With a 32bit microprocessor, the speed of encrypting 1Byte data can be achieved every 18 clock cycles, and the time is about one-tenth of DES and AES, which greatly improves the encryption efficiency.

本发明提供的文件加密方法和文件加密系统可以应用于计算机装置和移动智能终端中,能够根据用户选择安全等级来配置密钥,在保证安全性的同时,提高了加密效率。通过用户口令对文件的加密密钥进行加密,进一步提高文件加密的可靠性和安全性。通过在加密前对文件进行异或运算,为文件提供了进一步的安全保障,避免了由于密钥泄漏而带来的损失。The file encryption method and file encryption system provided by the present invention can be applied to computer devices and mobile smart terminals, can configure keys according to the security level selected by users, and improve encryption efficiency while ensuring security. Encrypt the encryption key of the file through the user password to further improve the reliability and security of file encryption. By performing an XOR operation on the file before encryption, further security is provided for the file, and losses caused by key leakage are avoided.

本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。Those skilled in the art should understand that each module or each step of the present invention described above can be realized by a general-purpose computing device, and they can be concentrated on a single computing device, or distributed on a network formed by a plurality of computing devices, Optionally, they can be implemented with program codes executable by computing devices, thus, they can be stored in storage devices and executed by computing devices, or they can be made into individual integrated circuit modules, or multiple of them Each module or step is realized as a single integrated circuit module. As such, the present invention is not limited to any specific combination of hardware and software.

虽然本发明所揭露的实施方式如上,但所述的内容只是为了便于理解本发明而采用的实施方式,并非用以限定本发明。任何本发明所属技术领域内的技术人员,在不脱离本发明所揭露的精神和范围的前提下,可以在实施的形式上及细节上作任何的修改与变化,但本发明的专利保护范围,仍须以所附的权利要求书所界定的范围为准。Although the embodiments disclosed in the present invention are as above, the described content is only an embodiment adopted for the convenience of understanding the present invention, and is not intended to limit the present invention. Anyone skilled in the technical field to which the present invention belongs can make any modifications and changes in the form and details of the implementation without departing from the spirit and scope disclosed by the present invention, but the patent protection scope of the present invention, The scope defined by the appended claims must still prevail.

Claims (6)

1.一种用于移动智能终端的文件加密方法,其特征在于,包括:1. A file encryption method for a mobile intelligent terminal, characterized in that, comprising: 密钥生成步骤,生成对应保护等级的加密密钥;A key generation step, generating an encryption key corresponding to the protection level; 异或运算步骤,将待加密文件与一个变换矩阵进行异或运算;XOR operation step, performing XOR operation on the file to be encrypted and a transformation matrix; 文件加密步骤,根据所述加密密钥对经过异或运算的待加密文件进行加密得到已加密文件;The file encryption step is to encrypt the file to be encrypted through XOR operation according to the encryption key to obtain the encrypted file; 密钥加密步骤,使用摘要消息算法MD5处理用户口令得到所述用户口令的摘要信息,使用所述摘要信息对所述加密密钥和所述变换矩阵进行加密;The key encryption step is to use the digest message algorithm MD5 to process the user password to obtain the summary information of the user password, and use the summary information to encrypt the encryption key and the transformation matrix; 写入步骤,将加密后的变换矩阵与加密后的加密密钥写入所述已加密文件的指定位置。The writing step is to write the encrypted transformation matrix and the encrypted encryption key into the specified location of the encrypted file. 2.根据权利要求1所述的加密方法,其特征在于,在所述密钥生成步骤中,选择待加密文件的保护等级,根据所述保护等级不同,对应的所述加密密钥的长度不同。2. The encryption method according to claim 1, characterized in that, in the key generation step, the protection level of the file to be encrypted is selected, and according to the different protection levels, the lengths of the corresponding encryption keys are different . 3.根据权利要求1所述的加密方法,其特征在于,所述变换矩阵为一个由随机数组成的矩阵,通过系统时间和一个随机值来生成。3. The encryption method according to claim 1, wherein the transformation matrix is a matrix composed of random numbers, which is generated by system time and a random value. 4.根据权利要求3所述的加密方法,其特征在于,所述变换矩阵为64位随机数组成的矩阵,所述待加密文件中依次读出的各个64位数据分别与所述64位随机数进行异或运算。4. The encryption method according to claim 3, wherein the transformation matrix is a matrix composed of 64-bit random numbers, and each 64-bit data read sequentially in the file to be encrypted is respectively related to the 64-bit random number. The number is XORed. 5.一种用于移动智能终端的文件加密系统,其特征在于,包括以下单元:5. A file encryption system for a mobile intelligent terminal, characterized in that it comprises the following units: 密钥生成单元,其生成对应保护等级的加密密钥;a key generation unit, which generates an encryption key corresponding to the protection level; 异或运算单元,其生成变换矩阵,将待加密文件与该变换矩阵进行异或运算;An XOR operation unit, which generates a transformation matrix, and performs an XOR operation on the file to be encrypted and the transformation matrix; 文件加密单元,其根据所述加密密钥对经过异或运算的待加密文件进行加密得到已加密文件;A file encryption unit, which encrypts the file to be encrypted after XOR operation according to the encryption key to obtain an encrypted file; 变换矩阵加密单元,其使用摘要消息算法MD5处理用户口令得到所述用户口令的摘要信息,使用所述摘要信息对所述变换矩阵进行加密;A transformation matrix encryption unit, which uses the digest message algorithm MD5 to process the user password to obtain summary information of the user password, and uses the summary information to encrypt the transformation matrix; 密钥加密单元,其使用所述摘要信息对所述加密密钥进行加密;a key encryption unit that encrypts the encryption key using the digest information; 写入单元,其将加密后的变换矩阵与加密后的加密密钥写入所述已加密文件的指定位置。A writing unit, which writes the encrypted transformation matrix and the encrypted encryption key into the specified location of the encrypted file. 6.根据权利要求5所述的加密系统,其特征在于,所述密钥生成单元选择待加密文件的保护等级,根据所述保护等级不同,对应的所述加密密钥的长度不同。6. The encryption system according to claim 5, wherein the key generating unit selects a protection level of the file to be encrypted, and the length of the corresponding encryption key is different according to the protection level.
CN201110182211.8A 2011-06-30 2011-06-30 A kind of file encrypting method for mobile intelligent terminal and system Expired - Fee Related CN102355350B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110182211.8A CN102355350B (en) 2011-06-30 2011-06-30 A kind of file encrypting method for mobile intelligent terminal and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110182211.8A CN102355350B (en) 2011-06-30 2011-06-30 A kind of file encrypting method for mobile intelligent terminal and system

Publications (2)

Publication Number Publication Date
CN102355350A CN102355350A (en) 2012-02-15
CN102355350B true CN102355350B (en) 2015-09-02

Family

ID=45578849

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110182211.8A Expired - Fee Related CN102355350B (en) 2011-06-30 2011-06-30 A kind of file encrypting method for mobile intelligent terminal and system

Country Status (1)

Country Link
CN (1) CN102355350B (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102968588B (en) * 2012-12-20 2015-07-29 四川长虹电器股份有限公司 Intelligent terminal system
CN103491384B (en) * 2013-09-09 2017-01-18 天脉聚源(北京)传媒科技有限公司 Encrypting method and device of video and decrypting method and device of video
CN104573490A (en) * 2013-10-29 2015-04-29 桂林电子科技大学 Method for protecting installed software on Android platform
CN104883256B (en) 2014-02-27 2019-02-01 中国科学院数据与通信保护研究教育中心 A kind of cryptographic key protection method for resisting physical attacks and system attack
CN105760764B (en) * 2014-12-18 2020-03-17 中兴通讯股份有限公司 Encryption and decryption method and device for embedded storage device file and terminal
CN106330435A (en) * 2015-07-02 2017-01-11 中兴通讯股份有限公司 Key transformation method and device, and terminal
CN108540426A (en) * 2017-03-02 2018-09-14 珠海金山办公软件有限公司 A method, device and server for realizing data processing
CN108155993B (en) * 2017-12-29 2021-12-17 北京树米网络科技有限公司 Data encryption method and device for VSIM card
CN108616537B (en) * 2018-04-28 2021-11-30 湖南麒麟信安科技股份有限公司 Low-coupling general data encryption and decryption method and system
CN108833347A (en) * 2018-05-07 2018-11-16 陕西东沃物流信息服务有限公司 A method of improving logistics information privacy
CN111147430A (en) * 2018-11-06 2020-05-12 中移(杭州)信息技术有限公司 Encryption method and device applied to intelligent home gateway
CN109948363A (en) * 2019-03-12 2019-06-28 天固信息安全系统(深圳)有限责任公司 A kind of distributed document encryption method based on credible base
CN113839780A (en) * 2020-06-24 2021-12-24 中兴通讯股份有限公司 Encryption method, decryption method, server and storage medium
CN119598480A (en) * 2024-10-23 2025-03-11 河北网新政务软件有限公司 A secure management method for software development data

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1324028A (en) * 2000-05-11 2001-11-28 松下电器产业株式会社 Document managing device
CN101192919A (en) * 2006-11-21 2008-06-04 中兴通讯股份有限公司 A method for implementing user-defined security levels

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1633070A (en) * 2004-10-29 2005-06-29 徐子杰 A data encryption/decryption method and encryption/decryption apparatus

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1324028A (en) * 2000-05-11 2001-11-28 松下电器产业株式会社 Document managing device
CN101192919A (en) * 2006-11-21 2008-06-04 中兴通讯股份有限公司 A method for implementing user-defined security levels

Also Published As

Publication number Publication date
CN102355350A (en) 2012-02-15

Similar Documents

Publication Publication Date Title
CN102355350B (en) A kind of file encrypting method for mobile intelligent terminal and system
US11269786B2 (en) Memory data protection based on authenticated encryption
US11308241B2 (en) Security data generation based upon software unreadable registers
US10904231B2 (en) Encryption using multi-level encryption key derivation
CN102138300B (en) Application of message authentication code precomputation in secure memory
US9053346B2 (en) Low-overhead cryptographic method and apparatus for providing memory confidentiality, integrity and replay protection
CN107078904A (en) Hybrid Cipher Key Derivation
CN116886356B (en) Chip-level transparent file encryption storage system, method and equipment
CN110008745A (en) Encryption method, computer equipment and computer storage medium
CN104281815B (en) The method and system of file encryption-decryption
US11783091B2 (en) Executing entity-specific cryptographic code in a cryptographic coprocessor
CN106105089A (en) The dynamic encryption key that close XTS encryption system is used together is compiled with using reduction bout
CN113094718A (en) File encryption method and related device
CN106330435A (en) Key transformation method and device, and terminal
US8751819B1 (en) Systems and methods for encoding data
US8036379B2 (en) Cryptographic processing
CN107911221B (en) Key management method for secure storage of solid-state disk data
CN116594567A (en) Information management method, device and electronic device
US9252943B1 (en) Parallelizable cipher construction
CN115442032A (en) Data processing method, system on chip and readable storage medium
CN118611961A (en) Encrypted data communication method, device, equipment, and storage medium
CN110457924A (en) Storage data protection method and device
CN103763097A (en) Security encryption method for password or secret key
CN117134914B (en) One-time-pad random key stream encryption algorithm and system based on hardware characteristics
US20210111901A1 (en) Executing entity-specific cryptographic code in a trusted execution environment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20150902

Termination date: 20210630