[go: up one dir, main page]

CN106411653B - The method and device that a kind of pair of intelligent cipher key equipment is tested - Google Patents

The method and device that a kind of pair of intelligent cipher key equipment is tested Download PDF

Info

Publication number
CN106411653B
CN106411653B CN201610949255.1A CN201610949255A CN106411653B CN 106411653 B CN106411653 B CN 106411653B CN 201610949255 A CN201610949255 A CN 201610949255A CN 106411653 B CN106411653 B CN 106411653B
Authority
CN
China
Prior art keywords
key
intelligent cipher
tested
session key
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610949255.1A
Other languages
Chinese (zh)
Other versions
CN106411653A (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201610949255.1A priority Critical patent/CN106411653B/en
Publication of CN106411653A publication Critical patent/CN106411653A/en
Application granted granted Critical
Publication of CN106411653B publication Critical patent/CN106411653B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Environmental & Geological Engineering (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention discloses the method and device that a kind of pair of intelligent cipher key equipment is tested, this method comprises: exporting the first public key from tested intelligent cipher key equipment according to parameter preset;Preset first session key is encrypted using the first public key to obtain the first session key ciphertext;The first session key ciphertext is imported in tested intelligent cipher key equipment according to parameter preset, receive the first session key ID that tested intelligent cipher key equipment returns, use the second public key and the first session key ID, the second session key ciphertext is exported from tested intelligent cipher key equipment, the second session key ciphertext is decrypted using the second private key, decrypted result is compared with the first session key, tests and passes through if the two is consistent, otherwise it tests and does not pass through, terminate.Technical solution of the present invention can accurately and efficiently determine whether intelligent cipher key equipment sample has session key agreement function and can interoperate.

Description

The method and device that a kind of pair of intelligent cipher key equipment is tested
Technical field
The method and dress tested the present invention relates to electronics field more particularly to a kind of pair of intelligent cipher key equipment It sets.
Background technique
In the past 10 years, with China's computer technology and the rapid development of informatization, intelligent cipher key equipment is each The application range and quantity sharp increase of industry.In application fields such as finance, traffic, municipal administration, telecommunications and government departments, intelligence is close Key equipment all plays important role, for these industrial applications security developments play the role of it is immeasurable.
Currently, intelligent cipher key equipment product multiplicity, implementation is different, and the various aspects such as product function consider also phase not to the utmost Together.Consult session key is one of intelligent cipher key equipment major function needed for application field.Session key agreement is by extremely Few two intelligent cipher key equipments are completed, and in order to guarantee key safety, session key is generated inside intelligent cipher key equipment, deposited Storage and use, are not exposed to except intelligent cipher key equipment.This brings difficulty to the validity test of the function.
In order to accurately and effectively judge whether intelligent cipher key equipment product has the function using required consult session key Can, it needs targetedly to be tested.
Summary of the invention
It is tested the purpose of the invention is to overcome the deficiencies of the prior art and provide a kind of pair of intelligent cipher key equipment Method and device.
The present invention provides the methods that a kind of pair of intelligent cipher key equipment is tested, comprising:
1, the method that a kind of pair of intelligent cipher key equipment is tested characterized by comprising
Step A1: the first public key is exported from tested intelligent cipher key equipment according to parameter preset, if not exporting in test Only, terminate;
Step A2: preset first session key is encrypted to obtain the first session key using first public key close Text;
Step A3: the first session key ciphertext is imported by the tested intelligent key according to the parameter preset and is set In standby, it is tested the first session key ID that intelligent cipher key equipment returns as described in receiving, thens follow the steps A4, does not receive such as The the first session key ID returned to the tested intelligent cipher key equipment, then test suspension, terminate;
Step A4: the second public key and the first session key ID are used, is led from the tested intelligent cipher key equipment Second session key ciphertext out, such as tested intelligent cipher key equipment do not export data, then test suspension, terminate;
Step A5: being decrypted the second session key ciphertext using the second private key, by decrypted result and described the One session key is compared, and tests and passes through if the two is consistent, otherwise test and do not pass through, terminates.
Wherein, the step A1 includes: to generate the according to preset application ID, preset Container ID, the first public key length One instruction, and the tested intelligent cipher key equipment is sent it to, receive the institute that the tested intelligent cipher key equipment returns State the first public key.
Wherein, the step A3 include: according to preset application ID, preset Container ID, preset first algorithm mark, First session key ciphertext length, the first session key ciphertext generate the second instruction, and send it to the tested intelligence Key devices are tested the first session key ID that intelligent cipher key equipment returns as described in receiving, then follow the steps A4, such as not The first session key ID that the tested intelligent cipher key equipment returns is received, then importing secret key fails, and terminates.
Wherein, the step A4 includes: described device according to preset application ID, preset Container ID, first meeting It talks about key ID, the secret key bits length of the second key pair, second public key and generates third instruction, and send it to described tested Intelligent cipher key equipment is tried, the second session key ciphertext that the tested intelligent cipher key equipment returns is received.
Wherein, before the step A4 further include: described device by second public key from passed through test auxiliary It is exported in intelligent cipher key equipment.
Wherein, the step A5 specifically: the second session key ciphertext is issued into the auxiliary intelligent cipher key equipment Decryption, by decrypted result and first session key if the decrypted result for assisting intelligent cipher key equipment to return as described in receiving It is compared, tests and pass through if the two is consistent, otherwise test and do not pass through, terminate, intelligent key is assisted as described in not receiving The decrypted result that equipment returns, then test and do not pass through, terminates.
Wherein, after the test stops or test does not pass through further include: destroyed using the first session key ID The first session key in the tested intelligent cipher key equipment.
Wherein, first session destroyed using the first session key ID in the tested intelligent cipher key equipment Key, specifically: the 4th instruction is generated according to preset application ID, preset Container ID, the first session key ID and is incited somebody to action It is sent to the tested intelligent cipher key equipment.
Invention further provides the methods that a kind of pair of intelligent cipher key equipment is tested, comprising:
Step B1: third public key is issued into tested intelligent cipher key equipment, is controlled in the tested intelligent cipher key equipment It generates and exports third session key ciphertext and obtain third session key ID, such as tested intelligent cipher key equipment does not export Third session key ciphertext or third session key ID, then test suspension, terminates;
Step B2: according to the third session key ID, control the tested intelligent cipher key equipment to preset data into Row encryption obtains the preset data ciphertext of the tested intelligent cipher key equipment output, such as tested intelligent cipher key equipment Non- output data then tests suspension, terminates;
Step B3: the third session key ciphertext is decrypted using third private key, using decrypted result to described Preset data ciphertext is decrypted, and obtains data clear text;
Step B4: judging whether the preset data is consistent with the data clear text, is, test passes through, and otherwise tests not Pass through, terminates.
It wherein, include: by the third public key before the step B1 from having tested the auxiliary intelligent cipher key equipment passed through Middle export.
Wherein, the step B1 specifically: according to preset application ID, preset Container ID, preset second algorithm mark Knowledge, the secret key bits length of third key pair, the third public key generate the 5th and instruct and send it to the tested intelligence Key devices obtain the third session key ciphertext and third session key ID of the tested intelligent cipher key equipment output, such as The tested intelligent cipher key equipment does not export third session key ciphertext or third session key ID, then tests suspension, terminates.
Wherein, the step B2 include: according to preset application ID, preset Container ID, the third session key ID, Preset data generates the 6th and instructs and send it to the tested intelligent cipher key equipment, obtains the tested intelligent key The preset data ciphertext of equipment output, the data of intelligent cipher key equipment output are tested as described in not receiving, then are tested Stop, terminates.
Wherein, the use third private key in the step B3 third session key ciphertext is decrypted include: by The third session key ciphertext is sent to the auxiliary intelligent cipher key equipment and is decrypted, and obtains the ancillary equipment output Decrypted result, test suspension if the auxiliary intelligent cipher key equipment does not return to decrypted result, terminate.
Wherein, after the test stops or test does not pass through further include: destroyed using the third session key ID Third session key in the tested intelligent cipher key equipment.
Wherein, the third session destroyed using the third session key ID in the tested intelligent cipher key equipment Key, specifically: the 4th instruction is generated according to preset application ID, preset Container ID, the third session key ID and is incited somebody to action It is sent to the tested intelligent cipher key equipment.
The present invention also provides the device that a kind of pair of intelligent cipher key equipment is tested, described device is set in terminal, The tested intelligent cipher key equipment is connect with the terminal, and described device includes:
First export module, for exporting the first public key from tested intelligent cipher key equipment according to parameter preset;
First encrypting module, for being encrypted to obtain first to preset first session key using first public key Session key ciphertext;
Import modul, for the first session key ciphertext to be imported the tested intelligence according to the parameter preset In key devices, and receive the first session key ID that the tested intelligent cipher key equipment returns;
Second export module, it is close from the tested intelligence for using the second public key and the first session key ID The second session key ciphertext is exported in key equipment;
Comparison module is decrypted, for the second session key ciphertext to be decrypted using the second private key, decryption is tied Fruit is compared with first session key, tests and passes through if the two is consistent, otherwise test and do not pass through, terminates.
Wherein, first export module is specifically used for long according to preset application ID, preset Container ID, the first public key Degree generates the first instruction, and sends it to the tested intelligent cipher key equipment, receives the tested intelligent cipher key equipment First public key returned.
Wherein, the import modul is specifically used for according to preset application ID, preset Container ID, preset first algorithm Mark, the first session key ciphertext length, the first session key ciphertext generate the second instruction, and send it to described tested Intelligent cipher key equipment, if being tested the first session key ID that intelligent cipher key equipment returns as described in receiving second as described in triggering Export module, otherwise importing secret key fails.
Wherein, second export module is specifically used for according to preset application ID, preset Container ID, first meeting It talks about key ID, the secret key bits length of the second key pair, second public key and generates third instruction, and send it to described tested Intelligent cipher key equipment is tried, the second session key ciphertext that the tested intelligent cipher key equipment returns is received.
Wherein, described device further includes third export module, for by second public key from passed through test auxiliary It is exported in intelligent cipher key equipment.
Wherein, the decryption comparison module is close specifically for the second session key ciphertext is issued the auxiliary intelligence Key equipment decryption, by decrypted result and first meeting if the decrypted result for assisting intelligent cipher key equipment to return as described in receiving Words key is compared, and tests and passes through if the two is consistent, otherwise test and do not pass through, intelligent key is assisted as described in not receiving The decrypted result that equipment returns, then test and do not pass through.
Wherein, described device further includes destroying module, for only or testing in testing and utilizing described the after One session key ID destroys the first session key in the tested intelligent cipher key equipment.
Wherein, the destruction module is specifically used for close according to preset application ID, preset Container ID, first session Key ID generates the 4th and instructs and send it to the tested intelligent cipher key equipment.
Another device for being tested intelligent cipher key equipment of the present invention, described device are set in terminal, the quilt Test intelligent cipher key equipment is connect with the terminal, and described device includes:
First export module controls the tested intelligence for third public key to be issued tested intelligent cipher key equipment It is generated in key devices and exports third session key ciphertext and obtain third session key ID;
First encrypting module, for controlling the tested intelligent key and setting according to the third session key ID It is standby that preset data is encrypted, obtain the preset data ciphertext of the tested intelligent cipher key equipment output;
First deciphering module, for the third session key ciphertext to be decrypted using third private key;
Second deciphering module, the decrypted result for being obtained using first deciphering module is to the preset data ciphertext It is decrypted, obtains data clear text;
The first judgment module, for judging whether the preset data is consistent with the data clear text, is, tests Pass through, otherwise test and do not pass through, terminates.
Wherein, described device further includes the second export module, for by the third public key from having tested the auxiliary passed through It is exported in intelligent cipher key equipment.
Wherein, first export module is specifically used for according to preset application ID, preset Container ID, preset second Algorithm mark, the secret key bits length of third key pair, the third public key generate the 5th and instruct and send it to described tested Intelligent cipher key equipment is tried, the third session key ciphertext and third session key of the tested intelligent cipher key equipment output are obtained ID。
Wherein, first encrypting module is specifically used for according to preset application ID, preset Container ID, the third meeting Words key ID, preset data generate the 6th and instruct and send it to the tested intelligent cipher key equipment, obtain described tested Try the preset data ciphertext of intelligent cipher key equipment output.
Wherein, first deciphering module is specifically used for for the third session key ciphertext being sent to the auxiliary intelligence Key devices are decrypted, and obtain the decrypted result of the auxiliary intelligent cipher key equipment output.
Wherein, described device further includes destroying module, for only or testing in testing and utilizing described the after Three session key ID destroy the third session key in the tested intelligent cipher key equipment.
Wherein, the destruction module is specifically used for close according to preset application ID, preset Container ID, the third session Key ID generates the 4th and instructs and send it to the tested intelligent cipher key equipment.
Compared with prior art, the present invention having the advantage that
Technical solution of the present invention can accurately and efficiently determine whether intelligent cipher key equipment has session key agreement function And it can interoperate, solve the problems, such as the functional test.
Detailed description of the invention
Fig. 1 is the method flow diagram that a kind of pair of intelligent cipher key equipment that the embodiment of the present invention one provides is tested;
Fig. 2 is the method flow diagram that a kind of pair of intelligent cipher key equipment provided by Embodiment 2 of the present invention is tested;
Fig. 3 is the method flow diagram that a kind of pair of intelligent cipher key equipment that the embodiment of the present invention three provides is tested;
Fig. 4 is the device block diagram that a kind of pair of intelligent cipher key equipment that the embodiment of the present invention four provides is tested;
Fig. 5 is the device block diagram that a kind of pair of intelligent cipher key equipment that the embodiment of the present invention five provides is tested.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, those skilled in the art's every other implementation obtained without making creative work Example, shall fall within the protection scope of the present invention.
Embodiment one
The embodiment of the present invention one provides the method that a kind of pair of intelligent cipher key equipment is tested, specifically with importing secret key process For be illustrated, as shown in Figure 1, comprising:
Step 100: device exports the first public key from tested intelligent cipher key equipment according to parameter preset and surveys as do not exported Examination stops, and terminates;
Specifically, in the present embodiment, device is by sending the first instruction (i.e. to tested intelligent cipher key equipment ExportPublicKey instruction) the first public key of export, the data field of the first instruction (ExportPublicKey) instruction includes: to answer With the secret key bits length of ID, Container ID, the first public key;Step 100 specifically: according to preset application ID, preset Container ID, First public key length generates the first instruction, and sends it to tested intelligent cipher key equipment, and tested intelligent cipher key equipment connects It is parsed after receiving the first instruction, is opened according to the application ID in parsing result, Container ID specified in specified application Container obtains the concurrent feed apparatus of the first public key according to the secret key bits length of the first public key from the container, and device receives tested Try the first public key that intelligent cipher key equipment returns;
Step 101: device is encrypted to obtain the first session key using the first public key to preset first session key Ciphertext;
In the present embodiment, the first public key used in step 101 is corresponding with the first private key in intelligent cipher key equipment, excellent Choosing, the first public key is RSA public key or SM2 public key;
In the present embodiment, using the first public key and preset first session key as parameter value, first function is called (i.e. PubKeyEncrypt function), first function returns to the first session key ciphertext if encrypting successfully, first if failed encryption Function returns to error value;
Step 102: the first session key ciphertext being imported in tested intelligent cipher key equipment according to parameter preset, is such as received The the first session key ID returned to tested intelligent cipher key equipment, thens follow the steps 103, and it is close not receive tested intelligence such as The first session key ID that key equipment returns, then test suspension, terminates;
Specifically, in the present embodiment, device is according to preset application ID, preset Container ID, preset first algorithm Mark, the first session key ciphertext length, the first session key ciphertext generate the second instruction, and (i.e. ImportSessionKey refers to Enable), and second instruction is sent to intelligent cipher key equipment, it realizes the tested intelligence of the first session key ciphertext importing is close In key equipment;
After tested intelligent cipher key equipment receives the second instruction, instructed according to the first session key ciphertext length from second The first session key ciphertext is parsed in the data field of (ImportSessionKey instruction), preset is answered further according to what is parsed Specified application and container are opened with ID, preset Container ID, parsing is obtained using the first private key in specified application and container The first session key ciphertext be decrypted, will be decrypted if successful decryption according to preset application ID, preset Container ID To the first session key be saved in corresponding position, distribute corresponding first session key ID and simultaneously send it to device, such as fill It sets and receives the first session key ID that tested intelligent cipher key equipment returns, then follow the steps 103, do not receive such as tested The first session key ID that intelligent cipher key equipment returns, then importing secret key fails, and terminates;In first encryption key and step 101 The first public key it is corresponding;
For example, in the present embodiment, ImportSessionKey instruction are as follows: 00 00 00008C 0,001 0001 of 80A0 00000401 00000080 5EC055642CDE8EE941C273E61AB81A60A71A9F884F72EEAE4B0B2C0EA5 26A0044F4717DD153919314A4C267CABD263897A4131597D0006BD07603CA10C03F0812AE72F 497CD23F6C31C98BDFB69B9D8CB22DBDBC800452628243BEB292D148682EB32ED74ED27CFF4F C05B95CE5330A2C8689CEA857B215BB888FB9751CCEC740002;The the first session key ID returned are as follows: 0001;
Step 103: using the second public key and the first session key ID, the second meeting is exported from tested intelligent cipher key equipment Key ciphertext is talked about, such as tested intelligent cipher key equipment does not export data, then tests suspension, terminate;
In the present embodiment, before step 103 further include: device is intelligently close from the auxiliary that passes through has been tested by the second public key It is exported in key equipment.
Preferably, the second public key that step 103 uses in the present embodiment is corresponding with the second private key, it is preferred that the second public key For RSA public key or SM2 public key;
In the present embodiment, device is by sending third instruction (i.e. to tested intelligent cipher key equipment ExportSessionKeyEx instruction) realize the second session key ciphertext is exported from tested intelligent cipher key equipment, wherein should Third instruction data field include: preset application ID, preset Container ID, the first session key ID, encryption key pair it is close Key bit length, the second public key;Step 103 specifically: device is close according to preset application ID, preset Container ID, the first session Key ID, the secret key bits length of the second key pair, the second public key generate third instruction, and send it to tested intelligent key and set Standby, tested intelligent cipher key equipment parses it after receiving third instruction (ExportSessionKeyEx instruction), root The second public key in the data field of third instruction is obtained according to the secret key bits length of the encryption key pair in parsing result, according to parsing As a result application ID, Container ID, the first session key ID in obtain corresponding internal the first session key saved, use second Public key encrypts the first session key to obtain the second session key ciphertext, and the second session key ciphertext is returned to dress It sets, device receives the second session key ciphertext that tested intelligent cipher key equipment returns;
For example, the ExportSessionKeyEx in the present embodiment is instructed are as follows: 80 5C, 00 00 00008E 0001 0001 0001 00000400D59AA16C2E98094E412F56ADD17F45C5F514C51C13
1C11422B8DC9CC507AD37F25F0A4692CC0B40A7BCC77EABFC7A65E0923711DC0F2BA C384757350D5CFFFF7B74C8B6F02507A031566A6DEBB47CB04BAA2D302584EE42F5C4AA64BBD 54E2AE185DEE318C20D38DCD563D0411B377CD367EC1A66C3EAFAB8D966C70E5627C01 00010001;The first obtained session key ciphertext are as follows: B7E22DB7B0A9BD54B2667A53B1D4D38C0F84F3CA88 12F316DD4D122
99F4CCBD93F231B26A566BA5289F53BF11989660777C503B791C945701B22A6A9E72 B552C254B55CBF04BB310968DB8FF51B522C112E1C0FA6D0A8679895E0A8337C7319BEA8B461 C3894A8E29A7146EF42124B28B5CD91D459384B1B2507E5416FC26EA5;
Step 104: the second session key ciphertext is decrypted using the second private key, decrypted result and the first session is close Key is compared, and tests and passes through if the two is consistent, otherwise test and do not pass through, terminates;
Specifically, in the present embodiment, step 104 specifically: the second session key ciphertext is issued into auxiliary intelligent key Equipment decryption carries out decrypted result and the first session key if receiving the decrypted result that auxiliary intelligent cipher key equipment returns It compares, tests and pass through if the two is consistent, otherwise test and do not pass through, terminate, do not receive auxiliary intelligent cipher key equipment return such as Decrypted result, then test and do not pass through, terminate;The second public key pair in the second private key and step 103 that the step 104 uses It answers;
In the present embodiment, test stops or test can also not include: after
Step D: device destroys the first session key in tested intelligent cipher key equipment using the first session key ID;
Specifically, in the present embodiment, device is by sending the 4th instruction (i.e. to intelligent cipher key equipment DestroySessionKey is instructed) the first session key is destroyed to realize, (i.e. DestroySessionKey refers to for the 4th instruction Enable) data field include application ID, Container ID, the first session key ID, step D specifically: according to preset application ID, default Container ID, the first session key ID generate the 4th and instruct and send it to tested intelligent cipher key equipment, be tested intelligence Key devices parse it when receiving DestroySessionKey instruction, according to the application ID in parsing result, container ID, the first session key ID obtain corresponding first session key and are destroyed;
For example, DestroySessionKey instruction in the present embodiment are as follows: 8,0C4 00 00 000006 000100010001。
Embodiment two
Second embodiment of the present invention provides the methods that a kind of pair of intelligent cipher key equipment is tested, specifically to export cipher key processes For be illustrated, as shown in Figure 2, comprising:
Step 201: third public key being issued into tested intelligent cipher key equipment, controls and is generated in tested intelligent cipher key equipment And export third session key ciphertext and obtain third session key ID, the third meeting that such as tested intelligent cipher key equipment does not export Key ciphertext or third session key ID are talked about, then tests suspension, is terminated;
In the present embodiment, before step 201 further include: device is intelligently close from the auxiliary that passes through has been tested by third public key It is exported in key equipment;
Preferably, in the present embodiment, third public key used in step 201 is corresponding with third private key, it is preferred that third Public key is RSA public key or SM2 public key;
Specifically, in the present embodiment, device is by sending the 5th instruction (i.e. to tested intelligent cipher key equipment ExportSessionKey instruction) it controls and generates and export third session key ciphertext in tested intelligent cipher key equipment and obtain Third session key ID, the data field of the 5th instruction (ExportSessionKey instruction) includes: preset application ID, preset Container ID, preset second session key algorithm mark, the secret key bits length of third key pair, third public key;Step 201 is specific Are as follows: according to preset application ID, preset Container ID, preset second algorithm mark, the secret key bits length of third key pair, the Three public keys generate the 5th and instruct and send it to tested intelligent cipher key equipment, are tested intelligent cipher key equipment and instruct to the 5th It is parsed, corresponding third public key is obtained from data field according to the secret key bits length of the third key pair in parsing result, Specified application and container are opened according to the application ID in parsing result, Container ID, generate 16 in specified application and container The third session key of byte carries out third session key using third public key according to algorithm corresponding with the second algorithm mark Encryption obtains third session key ciphertext, and exports by third session key ciphertext and for the second session key ID of its distribution, Device obtains the third session key ciphertext and third session key ID of tested intelligent cipher key equipment output, such as tested intelligence The third session key ciphertext or third session key ID that key devices do not export, then test suspension, terminates;
For example, in the present embodiment, the second session key algorithm is identified as SM4 algorithm mark, ExportSessionKey Instruction are as follows: 80 5A, 00 00 000,090 0,001 0,001 00000401 00000400C2ACEFAD38B5A489C3EA2B7 9324E31C9696EAD796451232FC6C5CA7DB8F0B5DE82818DD3C1B483D6E2D1909DB0787B4B3DA A15C0C9CEBC8D2BE4F12CA99EF5B8081F848A8DB79007CC663287A161C80E65223BE9367DD4B 2524049A1334DB657A158304E04BB44DA4700F49919D939D67403A7F3FBCEB99DE535EDA2147 6CA01 00010001;It obtains third session key ciphertext and third session key ID is respectively as follows: 5EC055642CDE8EE941 C273E61AB81A60A71A9F884F72EEAE4B0B2C0EA
526A0044F4717DD153919314A4C267CABD263897A4131597D0006BD07603CA10C03F 0812AE72F497CD23F6C31C98BDFB69B9D8CB22DBDBC800452628243BEB292D148682EB32ED74 ED27CFF4FC05B95CE5330A2C8689CEA857B215BB888FB9751CCEC74 and 0001;
Step 202: according to third session key ID, controls tested intelligent cipher key equipment and preset data is encrypted, The preset data ciphertext of tested intelligent cipher key equipment output is obtained, such as tested non-output data of intelligent cipher key equipment is then surveyed Examination stops, and terminates;
Specifically, in the present embodiment, device is by sending the 6th instruction (i.e. Encrypt instruction) to intelligent cipher key equipment Realization encrypts preset data, and wherein the data field of the 6th instruction includes: application ID, Container ID, third session key ID, preset data;Step 202 specifically: according to preset application ID, preset Container ID, third session key ID, present count Tested intelligent cipher key equipment is instructed and sends it to according to generating the 6th, tested intelligent cipher key equipment receives the 6th instruction It is parsed after (Encrypt instruction), is obtained according to the application ID in parsing result, Container ID, third session key ID Corresponding third session key and the second session key algorithm mark, according to algorithm corresponding with the second session key algorithm mark Preset data is encrypted to obtain preset data ciphertext using the third session key of acquisition and returns to device;Device obtains The preset data ciphertext of tested intelligent cipher key equipment output does not receive the data of tested intelligent cipher key equipment output such as, Suspension is then tested, is terminated.
For example, in the present embodiment, Encrypt instruction are as follows: 8,0A6 00 00 000,016 0,001 0,001 0,001 112 23344112233441122334411223344;Preset data ciphertext are as follows: C4B7CFD3EB6BF8C44325F76EE2D216 A7;
Step 203: third session key ciphertext being decrypted using third private key, using decrypted result to preset data Ciphertext is decrypted, and obtains data clear text;
In the present embodiment, step 203 includes: and third session key ciphertext is sent to auxiliary intelligent cipher key equipment to carry out Decryption, and the decrypted result of ancillary equipment output is obtained, suspension is tested if auxiliary intelligent cipher key equipment does not return to decrypted result, Terminate;Device calls the 4th function (i.e. Decrypt function) using decrypted result and preset data ciphertext as parameter, is such as decrypted into Then in plain text, the 4th function returns to error value to the 4th function returned data to function if decrypting failure;The third private key that the step uses It is corresponding with the third public key in step 201;
Step 204: judging whether preset data is consistent with data clear text, is, test passes through, and otherwise tests and does not pass through, ties Beam;
In the present embodiment, after test suspension or test do not pass through further include:
Step C: the third session key in tested intelligent cipher key equipment is destroyed using third session key ID.
Specifically, in the present embodiment, device is by sending the 4th instruction (i.e. to intelligent cipher key equipment DestroySessionKey instruction) realize the third session key destroyed in tested intelligent cipher key equipment, the 4th instruction (DestroySessionKey) data field instructed includes application ID, Container ID, session key ID, step C specifically: according to Preset application ID, preset Container ID, third session key ID generate the 4th and instruct and send it to tested intelligent close Key equipment, tested intelligent cipher key equipment receive the 4th instruction when it is parsed, according in parsing result application ID, Container ID, session key ID obtain corresponding third session key and are destroyed;
For example, the DestroySessionKey instruction in the present embodiment is 8,0C4 00 00 000006 000100010001。
Embodiment three
The embodiment of the present invention three provides the method that a kind of pair of intelligent cipher key equipment is tested, wherein the first intelligent key is set For standby and the second intelligent cipher key equipment into mutual test, detailed process is as shown in Figure 3, comprising:
Step 300: device exports the second public key from the second intelligent cipher key equipment according to the second parameter preset, if not exporting Test stops, and terminates;
Specifically, in the present embodiment, device is by sending the first instruction (i.e. to the second intelligent cipher key equipment ExportPublicKey instruction) the second public key of export, the data field of the first instruction (ExportPublicKey) instruction includes: to answer With the secret key bits length of ID, Container ID, the second public key;Step 300 specifically: according to preset application ID, preset Container ID, Second public key length generates the first instruction, and sends it to the second intelligent cipher key equipment, and the second intelligent cipher key equipment receives It is parsed after first instruction, the specified containers in specified application are opened according to the application ID in parsing result, Container ID, The concurrent feed apparatus of the second public key is obtained from the container according to the secret key bits length of the second public key, it is close that device receives the second intelligence The second public key that key equipment returns;
Step 301: the second public key is sent to the first intelligent cipher key equipment by device, and the first intelligent cipher key equipment of control generates And export the first session key ciphertext and obtain the first session key ID, it is close not export the first session for such as the first intelligent cipher key equipment Key ciphertext or the first session key ID then test suspension, execute step 306;
Preferably, in the present embodiment, the second public key used in step 301 is RSA public key or SM2 public key;With The second private key in two intelligent cipher key equipments is corresponding;
Specifically, in the present embodiment, device is by sending the 5th instruction (i.e. to the first intelligent cipher key equipment ExportSessionKey instruction), the data field of the 5th instruction (ExportSessionKey) instruction includes: preset application ID, preset Container ID, preset first algorithm mark, the secret key bits length of the second public key, the second public key;Step 301 is specific Are as follows: according to preset application ID, preset Container ID, preset first algorithm mark, the secret key bits length of the second key pair, the Two public keys generate the 5th and instruct and send it to the first intelligent cipher key equipment, and the first intelligent cipher key equipment carries out the 5th instruction Parsing, obtains corresponding second public key according to the secret key bits length of the second key pair in parsing result from data field, according to Application ID, Container ID in parsing result open specified application and container, and 16 bytes are generated in specified application and container The first session key, the first session key is encrypted using the second public key according to algorithm corresponding with the first algorithm mark The first session key ciphertext is obtained, and is exported by the first session key ciphertext and for the first session key ID of its distribution, device Obtain the first session key ciphertext and the first session key ID of the output of the first intelligent cipher key equipment, such as the first intelligent cipher key equipment The the first session key ciphertext not exported or the first session key ID, then test suspension, terminates;
For example, in the present embodiment, the first algorithm is identified as SM4 algorithm mark, ExportSessionKey instruction are as follows: 80 5A00 00 000090 0001 0001 00000401 00000400C2ACEFAD38B5A489C3EA2B79324E31C969 6EAD796451232FC6C5CA7DB8F0B5DE82818DD3C1B483D6E2D1909DB0787B4B3DAA15C0C9CEBC 8D2BE4F12CA99EF5B8081F848A8DB79007CC663287A161C80E65223BE9367DD4B2524049A133 4DB657A158304E04BB44DA4700F49919D939D67403A7F3FBCEB99DE535EDA21476CA01 00010001;It obtains the first session key ciphertext and the first session key ID is respectively as follows: 5EC055642CDE8EE941C273E6 1AB81A60A71A9F884F72EEAE4B0B2C0EA
526A0044F4717DD153919314A4C267CABD263897A4131597D0006BD07603CA10C03F 0812AE72F497CD23F6C31C98BDFB69B9D8CB22DBDBC800452628243BEB292D148682EB32ED74 ED27CFF4FC05B95CE5330A2C8689CEA857B215BB888FB9751CCEC74 and 0001;
Step 302: device imports the first session key ciphertext in the second intelligent cipher key equipment according to the second parameter preset, The the second session key ID for such as receiving the return of the second intelligent cipher key equipment, thens follow the steps 303, and it is close not receive the second intelligence such as The second session key ID that key equipment returns then tests suspension, executes step 306;
Specifically, in the present embodiment, device is according to preset application ID, preset Container ID, preset first algorithm Mark, the first session key ciphertext length, the first session key ciphertext generate the second instruction, and (i.e. ImportSessionKey refers to Enable), and second instruction (ImportSessionKey instruction) is sent to the second intelligent cipher key equipment, it realizes the first meeting Key ciphertext is talked about to import in the second intelligent cipher key equipment;
Second intelligent cipher key equipment parses it after receiving the second instruction, and the first session obtained according to parsing is close Key ciphertext length obtains the first session key ciphertext, then root from the data field of the second instruction (ImportSessionKey instruction) Application ID, the specified application of Container ID opening and the container obtained according to parsing, uses the second private key pair in specified application and container The the first session key ciphertext got is decrypted, obtained decryption according to application ID, Container ID if successful decryption the One session key is saved in corresponding position, distributes corresponding second session key ID and is returned to device;In the present embodiment The second private key it is corresponding with the second public key in step 301;
For example, in the present embodiment, ImportSessionKey instruction are as follows: 00 00 00008C 0,001 0001 of 80A0 00000401 00000080 5EC055642CDE8EE941C273E61AB81A60A71A9F884
F72EEAE4B0B2C0EA526A0044F4717DD153919314A4C267CABD263897A4131597D000 6BD07603CA10C03F0812AE72F497CD23F6C31C98BDFB69B9D8CB22DBDBC800452628243BEB29 2D148682EB32ED74ED27CFF4FC05B95CE5330A2C8689CEA857B215BB888FB9751CCEC740002; The the second session key ID returned are as follows: 0001;
Step 303: device controls the first intelligent cipher key equipment and adds to preset data according to the first session key ID It is close, the preset data ciphertext of the first intelligent cipher key equipment output, such as non-output data of the first intelligent cipher key equipment are obtained, then is tested Stop, executes step 306;
Specifically, in the present embodiment, device is by sending the 6th instruction (i.e. Encrypt to the first intelligent cipher key equipment Instruction), wherein the data field of the 6th instruction includes: application ID, Container ID, the first session key ID, preset data;Step 303 specifically: the 6th instruction is generated simultaneously according to preset application ID, preset Container ID, the first session key ID, preset data Send it to the first intelligent cipher key equipment, the first intelligent cipher key equipment receives after the 6th instruction (Encrypt instruction) to it Parsed, according to the application ID in parsing result, Container ID, the first session key ID obtain corresponding first session key and First algorithm mark carries out preset data using the first session key obtained according to corresponding algorithm is identified with the first algorithm Encryption obtains preset data ciphertext and returns to device;Device obtains the preset data ciphertext of the first intelligent cipher key equipment output, Such as the non-output data of the first intelligent cipher key equipment, then suspension is tested, executes step 306;
For example, in the present embodiment, Encrypt instruction are as follows: 8,0A6 00 00 000,016 0,001 0,001 0,001 112 23344112233441122334411223344;Preset data ciphertext are as follows: C4B7CFD3EB6BF8C44325F76EE2D216 A7;
In the present embodiment, step 303 can carry out before step 302, and then device is by the first session key ciphertext It is imported in the second intelligent cipher key equipment together with preset data ciphertext;
Step 304: device is decrypted preset data ciphertext using the second intelligent cipher key equipment, if successful decryption To data clear text, step 305 is executed, suspension is tested if decrypting failure, executes step 306;
Specifically, in the present embodiment, by sending the 7th instruction to the second intelligent cipher key equipment, (Decrypt refers to device Enable), wherein the data field of the 7th instruction includes: application ID, Container ID, the second session key ID, preset data ciphertext;Second Intelligent cipher key equipment parses it after receiving the 7th instruction, according to the application ID in parsing result, Container ID, the second meeting It talks about key ID and obtains corresponding first session key, using the first session key of acquisition to the volume preset data in parsing result Ciphertext is decrypted, and data clear text is obtained if successful decryption and returns to device, tests suspension if decrypting failure, executes step Rapid 306;
For example, in the present embodiment, Decrypt instruction are as follows: 00 00 000,016 0,001 0001 0001C4B7 of 80AE CFD3EB6BF8C44325F76EE2D216A7;Preset data is in plain text are as follows: 11223344112233441122334411223344;
Step 305: device judges whether preset data is consistent with data clear text, is, test passes through, and otherwise tests and does not lead to It crosses, executes step 306;
Step 306: device destroys the first session key in the first intelligent cipher key equipment and the second intelligent cipher key equipment, knot Beam.
Specifically, in the present embodiment, device passes through respectively to the first intelligent cipher key equipment and the second intelligent cipher key equipment Send the 4th instruction (i.e. DestroySessionKey instruction), the data of the 4th instruction (i.e. DestroySessionKey instruction) Domain includes application ID, Container ID, the first session key ID (or the second session key mark), and the first intelligent cipher key equipment receives 4th instruction parses it, obtains corresponding first according to obtained application ID, Container ID, the first session key ID is parsed Session key is simultaneously destroyed;It is right that second intelligent cipher key equipment receives the 4th instruction (i.e. DestroySessionKey instruction) It is parsed, and obtains corresponding first session key simultaneously according to obtained application ID, Container ID, the second session key ID is parsed It is destroyed.
Example IV
The embodiment of the present invention four provides the device that a kind of pair of intelligent cipher key equipment is tested, the device setting of the present embodiment In in terminal, tested intelligent cipher key equipment is connect with terminal, and connection type includes but is not limited to USB, bluetooth etc..Such as Fig. 4 institute Show, which includes:
First export module 400, for exporting the first public key from tested intelligent cipher key equipment according to parameter preset;
Specifically, in the present embodiment, the first export module 400 is specifically used for according to preset application ID, preset appearance Device ID, the first public key length generate the first instruction, and send it to tested intelligent cipher key equipment, and tested intelligent key is set It is standby receive the first instruction after it is parsed, opened in specified application according to the application ID in parsing result, Container ID Specified containers obtain the first public key according to the secret key bits length of the first public key from the container and send the first export module 400, First export module 400 receives the first public key that tested intelligent cipher key equipment returns.
First encrypting module 401, the first public key for being obtained using the first export module 400 is to preset first session Key is encrypted to obtain the first session key ciphertext;
Specifically, in the present embodiment, the first encrypting module 401 is specifically used for the first public key and preset first session Key calls first function as parameter value, and first function returns to the first session key ciphertext if encrypting successfully, and such as encryption is lost It loses then first function and returns to error value.
Import modul 402, the first session key ciphertext for being obtained the first encrypting module 401 according to parameter preset are led Enter in tested intelligent cipher key equipment, and receives the first session key ID that tested intelligent cipher key equipment returns;
In the present embodiment, import modul 402 is specifically used for according to preset application ID, preset Container ID, preset First algorithm mark, the first session key ciphertext length, the first session key ciphertext generate second instruction, and send it to by Test intelligent cipher key equipment;Tested intelligent cipher key equipment parses it after receiving the second instruction, is tied according to parsing The first session key ciphertext length in fruit parses the first session key ciphertext from the data field of the second instruction, further according to answering Corresponding application and container are opened with ID, Container ID, parsing is obtained using the first private key in corresponding application and container First session key ciphertext is decrypted, and the first session for being obtained decryption according to application ID, Container ID if successful decryption is close Key is saved in corresponding position and distributes corresponding first session key ID for it, is tested intelligent cipher key equipment to import modul 402 return to corresponding first session key ID, as import modul 402 receives the first meeting that tested intelligent cipher key equipment returns Words key ID then triggers the second export module 403, and otherwise importing secret key fails.
Second export module 403, the first session key ID for being received using the second public key and import modul 402, The second session key ciphertext is exported from tested intelligent cipher key equipment;
Specifically, the second export module 403 in the present embodiment is specifically used for according to preset application ID, preset container ID, the first session key ID, the secret key bits length of the second key pair, the second public key generate third instruction, and send it to by Test intelligent cipher key equipment;Tested intelligent cipher key equipment parses it after receiving third instruction, is tied according to parsing The secret key bits length of the second key pair in fruit analytically obtains the second public key in result, according to application ID, Container ID, the first meeting Words key ID obtains corresponding internal the first session key saved, encrypt to the first session key using the second public key The second export module 403, the second export module 403 are returned to the second session key ciphertext, and by the second session key ciphertext Receive the second session key ciphertext that tested intelligent cipher key equipment returns.
Comparison module 404 is decrypted, for close to the second session key derived from the second export module 403 using the second private key Text is decrypted, and decrypted result is compared with the first session key, tests and passes through if the two is consistent, otherwise tests obstructed It crosses, terminates.
Specifically, in the present embodiment, decryption comparison module 404 is specifically used for the second session key ciphertext issuing auxiliary Intelligent cipher key equipment decryption, by decrypted result and the first session if receiving the decrypted result that auxiliary intelligent cipher key equipment returns Key is compared, and tests and passes through if the two is consistent, otherwise tests and do not pass through, does not receive auxiliary intelligent cipher key equipment such as and returns The decrypted result returned, then test and do not pass through.
The device of the present embodiment further includes export module, for by the second public key from having tested the auxiliary intelligent key passed through It is exported in equipment.
In the present embodiment, which further includes destroying module, is not utilized after for stopping in testing or testing First session key ID destroys the first session key in tested intelligent cipher key equipment.Module is destroyed to be specifically used for according to default Application ID, preset Container ID, the first session key ID generate the 4th and instruct and send it to tested intelligent key and set Standby, tested intelligent cipher key equipment parses it after receiving the 4th instruction, according to the application ID in parsing result, container ID, the first session key ID obtain corresponding first session key and are destroyed.
Embodiment five
The embodiment of the present invention five provides the device that a kind of pair of intelligent cipher key equipment is tested, the device setting of the present embodiment In in terminal, tested intelligent cipher key equipment is connect with terminal, and connection type includes but is not limited to USB, bluetooth etc..Such as Fig. 5 institute Show, which includes:
It is close to control tested intelligence for third public key to be issued tested intelligent cipher key equipment for first export module 501 It is generated in key equipment and exports third session key ciphertext and obtain third session key ID;
Specifically, in the present embodiment, the first export module 501 is specifically used for according to preset application ID, preset appearance Device ID, preset second algorithm mark, the secret key bits length of third key pair, third public key generate the 5th and instruct and be sent to To tested intelligent cipher key equipment;Tested intelligent cipher key equipment parses the 5th instruction, according to the in parsing result The secret key bits length of three key pairs obtains corresponding third public key from data field, according to the application ID in parsing result, container ID opens specified application and container, and the third session key of 16 bytes is generated in specified application and container, uses third Public key encrypts third session key to obtain third session key ciphertext, and distributes by third session key ciphertext and for it The second session key ID output, the first export module 501 obtains the third session key of tested intelligent cipher key equipment output Ciphertext and third session key ID.
First encrypting module 502, for controlling tested intelligent cipher key equipment to present count according to third session key ID According to being encrypted, the preset data ciphertext of tested intelligent cipher key equipment output is obtained;
Specifically, in the present embodiment, the first encrypting module 502 is specifically used for according to preset application ID, preset appearance Device ID, third session key ID, preset data generate the 6th and instruct and send it to tested intelligent cipher key equipment, are tested Intelligent cipher key equipment receive the 6th instruction (Encrypt instruction) after it is parsed, according in parsing result application ID, Container ID, third session key ID obtain corresponding third session key and the second session key algorithm mark, according to second Session key algorithm identifies corresponding algorithm and is encrypted to obtain present count to preset data using the third session key of acquisition According to ciphertext and return;First encrypting module 502 obtains the preset data ciphertext of tested intelligent cipher key equipment output.
First deciphering module 503, the third session key for being obtained using third private key to the first export module 501 are close Text is decrypted;
In the present embodiment, the first deciphering module 503 is specifically used for for third session key ciphertext being sent to auxiliary intelligence Key devices are decrypted, and obtain the decrypted result of auxiliary intelligent cipher key equipment output.
Second deciphering module 504, the decrypted result for being obtained using the first deciphering module 503 is to the first encrypting module The 502 preset data ciphertexts obtained are decrypted, and obtain data clear text;
In the present embodiment, the second deciphering module 504 is especially by using decrypted result and preset data ciphertext as parameter Call the 4th function (i.e. Decrypt function) realization that preset data ciphertext is decrypted, the 4th function returns if successful decryption Data clear text is returned, the 4th function returns to error value if decrypting failure;The third private key used is corresponding with third public key.
First judgment module 505, for judging whether preset data is consistent with data clear text, is, test passes through, otherwise Test does not pass through.
The device of the present embodiment further includes the second export module, for third public key is intelligent from the auxiliary passed through has been tested It is exported in key devices.
In the present embodiment, which further includes destroying module, is not utilized after for stopping in testing or testing Third session key ID destroys the third session key in tested intelligent cipher key equipment.Module is destroyed to be specifically used for according to default Application ID, preset Container ID, third session key ID generate the 4th and instruct and send it to tested intelligent key and set Standby, tested intelligent cipher key equipment parses it after receiving third instruction, according to the application ID in parsing result, container ID, the second session key ID obtain corresponding second session key and are destroyed.
Technical solution of the present invention can accurately and efficiently determine whether intelligent cipher key equipment has session key agreement function And it can interoperate, solve the problems, such as the functional test.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto, Anyone skilled in the art is in technical scope disclosed by the invention, and any changes or substitutions that can be easily thought of, It should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with scope of protection of the claims Subject to.

Claims (26)

1. the method that a kind of pair of intelligent cipher key equipment is tested characterized by comprising
Step A1: the first public key, the EOT end of test if not exporting, knot are exported from tested intelligent cipher key equipment according to parameter preset Beam;
Step A2: preset first session key is encrypted using first public key to obtain the first session key ciphertext;
Step A3: the first session key ciphertext is imported by the tested intelligent cipher key equipment according to the parameter preset In, it is tested the first session key ID that intelligent cipher key equipment returns as described in receiving, thens follow the steps A4, does not receive such as The first session key ID that the tested intelligent cipher key equipment returns, then the EOT end of test, terminates;
Step A4: the second public key is exported from the auxiliary intelligent cipher key equipment for having passed through test, uses the second public key and described First session key ID exports the second session key ciphertext from the tested intelligent cipher key equipment, such as the tested intelligence Energy key devices do not export data, then the EOT end of test, terminate;The second session key ciphertext is the tested intelligent key Equipment encrypts the first session key using the second public key;
Step A5: the second session key ciphertext is decrypted using the second private key, by decrypted result and first meeting Words key is compared, and tests and passes through if the two is consistent, otherwise test and do not pass through, terminates.
2. the method as described in claim 1, which is characterized in that the step A1 includes: according to preset application ID, preset Container ID, the first public key length generate the first instruction, and send it to the tested intelligent cipher key equipment, receive the quilt Test first public key that intelligent cipher key equipment returns.
3. the method as described in claim 1, which is characterized in that the step A3 includes: according to preset application ID, preset Container ID, preset first algorithm mark, the first session key ciphertext length, the first session key ciphertext generate the second instruction, And the tested intelligent cipher key equipment is sent it to, the first meeting that intelligent cipher key equipment returns is tested as described in receiving Key ID is talked about, A4 is thened follow the steps, the first session key ID that intelligent cipher key equipment returns is tested as described in not receiving, then Importing secret key failure, terminates.
4. the method as described in claim 1, which is characterized in that the step A4 includes:
According to preset application ID, preset Container ID, the first session key ID, the second key pair secret key bits length, Second public key generates third instruction, and sends it to the tested intelligent cipher key equipment, receives the tested intelligence The second session key ciphertext that energy key devices return.
5. the method as described in claim 1, which is characterized in that the step A5 specifically: second session key is close Text issues the auxiliary intelligent cipher key equipment decryption, will if the decrypted result for assisting intelligent cipher key equipment to return as described in receiving Decrypted result is compared with first session key, tests and passes through if the two is consistent, otherwise test and do not pass through, terminates, The decrypted result for assisting intelligent cipher key equipment to return as described in not receiving, then test and do not pass through, terminates.
6. the method as described in claim 1, which is characterized in that after the EOT end of test or test do not pass through further include: The first session key in the tested intelligent cipher key equipment is destroyed using the first session key ID.
7. method as claimed in claim 6, which is characterized in that described to destroy described be tested using the first session key ID The first session key in intelligent cipher key equipment is tried, specifically: according to preset application ID, preset Container ID, described first Session key ID generates the 4th and instructs and send it to the tested intelligent cipher key equipment.
8. the method that a kind of pair of intelligent cipher key equipment is tested characterized by comprising
Step B1: third public key is exported from having tested in the auxiliary intelligent cipher key equipment passed through, third public key is issued tested Intelligent cipher key equipment is tried, the tested intelligent cipher key equipment is controlled and generates and export third session key ciphertext, obtain third Session key ID, such as tested intelligent cipher key equipment do not export third session key ciphertext or third session key ID, then The EOT end of test terminates;
Step B2: it according to the third session key ID, controls the tested intelligent cipher key equipment and preset data is added It is close, the preset data ciphertext of the tested intelligent cipher key equipment output is obtained, such as tested intelligent cipher key equipment is not defeated Preset data ciphertext out, then the EOT end of test, terminates;
Step B3: being decrypted the third session key ciphertext using third private key, using decrypted result to described default Data ciphertext is decrypted, and obtains data clear text;
Step B4: judging whether the preset data is consistent with the data clear text, is, test passes through, and otherwise tests obstructed It crosses, terminates.
9. method according to claim 8, which is characterized in that the step B1 specifically: according to preset application ID, preset Container ID, preset second algorithm mark, the secret key bits length of third key pair, the third public key generate the 5th instruction simultaneously The tested intelligent cipher key equipment is sent it to, the third session key of the tested intelligent cipher key equipment output is obtained Ciphertext and third session key ID, such as tested intelligent cipher key equipment do not export third session key ciphertext or third session Key ID, then the EOT end of test, terminates.
10. method according to claim 8, which is characterized in that the step B2 includes: according to preset application ID, presets Container ID, the third session key ID, preset data generate the 6th and instruct and to send it to the tested intelligence close Key equipment obtains the preset data ciphertext of the tested intelligent cipher key equipment output, is tested as described in not receiving The data of intelligent cipher key equipment output, then the EOT end of test, terminates.
11. method as claimed in claim 9, which is characterized in that the use third private key in the step B3 is to the third It includes: that the third session key ciphertext is sent to the auxiliary intelligent cipher key equipment to carry out that session key ciphertext, which is decrypted, Decryption, and the decrypted result of the auxiliary intelligent cipher key equipment output is obtained, such as auxiliary intelligent cipher key equipment does not return to solution The close result then EOT end of test terminates.
12. method according to claim 8, which is characterized in that after the EOT end of test or test do not pass through further include: The third session key in the tested intelligent cipher key equipment is destroyed using the third session key ID.
13. method as claimed in claim 12, which is characterized in that described to destroy the quilt using the third session key ID The third session key in intelligent cipher key equipment is tested, specifically: according to preset application ID, preset Container ID, described the Three session key ID generate the 4th and instruct and send it to the tested intelligent cipher key equipment.
14. the device that a kind of pair of intelligent cipher key equipment is tested, which is characterized in that described device is set in terminal, is tested Examination intelligent cipher key equipment is connect with the terminal, and described device includes:
First export module, for exporting the first public key from tested intelligent cipher key equipment according to parameter preset;
First encrypting module, for being encrypted to obtain the first session to preset first session key using first public key Key ciphertext;
Import modul, for the first session key ciphertext to be imported the tested intelligent key according to the parameter preset In equipment, and receive the first session key ID that the tested intelligent cipher key equipment returns;
Third export module, for exporting the second public key from the auxiliary intelligent cipher key equipment for having passed through test;
Second export module is set for using the second public key and the first session key ID from the tested intelligent key Standby the second session key ciphertext of middle export;The second session key ciphertext is that the tested intelligent cipher key equipment uses second Public key encrypts the first session key;
Decrypt comparison module, for the second session key ciphertext to be decrypted using the second private key, by decrypted result with First session key is compared, and tests and passes through if the two is consistent, otherwise test and do not pass through, terminates.
15. device as claimed in claim 14, which is characterized in that first export module is specifically used for being answered according to preset The first instruction is generated with ID, preset Container ID, the first public key length, and sends it to the tested intelligent key and sets It is standby, receive first public key that the tested intelligent cipher key equipment returns.
16. device as claimed in claim 14, which is characterized in that the import modul is specifically used for according to preset application ID, preset Container ID, preset first algorithm mark, the first session key ciphertext length, the first session key ciphertext generate Second instruction, and the tested intelligent cipher key equipment is sent it to, it is tested intelligent cipher key equipment as described in receiving and returns The the first session key ID returned then triggers second export module, and otherwise importing secret key fails.
17. device as claimed in claim 14, which is characterized in that second export module is specifically used for being answered according to preset It is generated with ID, preset Container ID, the first session key ID, the secret key bits length of the second key pair, second public key Third instruction, and the tested intelligent cipher key equipment is sent it to, receive what the tested intelligent cipher key equipment returned The second session key ciphertext.
18. device as claimed in claim 14, which is characterized in that the decryption comparison module is specifically used for second meeting Words key ciphertext issues the auxiliary intelligent cipher key equipment decryption, the decryption for assisting intelligent cipher key equipment to return as described in receiving As a result then decrypted result is compared with first session key, tests and pass through if the two is consistent, otherwise tests obstructed It crosses, the decrypted result for assisting intelligent cipher key equipment to return as described in not receiving is then tested and do not passed through.
19. device as claimed in claim 14, which is characterized in that further include destroying module, in the EOT end of test or test The first session key in the tested intelligent cipher key equipment is not destroyed using the first session key ID after.
20. device as claimed in claim 19, which is characterized in that the destruction module is specifically used for according to preset application ID, preset Container ID, the first session key ID generate the 4th and instruct and send it to the tested intelligent key Equipment.
21. the device that a kind of pair of intelligent cipher key equipment is tested, described device are set in terminal, tested intelligent key is set Standby to connect with the terminal, described device includes:
Second export module, for exporting third public key from having tested in the auxiliary intelligent cipher key equipment passed through;
First export module controls the tested intelligent key for third public key to be issued tested intelligent cipher key equipment Equipment generates and exports third session key ciphertext, obtains third session key ID;
First encrypting module, for controlling the tested intelligent cipher key equipment to default according to the third session key ID Data are encrypted, and the preset data ciphertext of the tested intelligent cipher key equipment output is obtained;
First deciphering module, for the third session key ciphertext to be decrypted using third private key;
Second deciphering module, the decrypted result for being obtained using first deciphering module carry out the preset data ciphertext Decryption, obtains data clear text;
First judgment module, for judging whether the preset data is consistent with the data clear text, is, test passes through, otherwise Test does not pass through, and terminates.
22. device as claimed in claim 21, which is characterized in that first export module is specifically used for being answered according to preset It is generated with ID, preset Container ID, preset second algorithm mark, the secret key bits length of third key pair, the third public key 5th instructs and simultaneously sends it to the tested intelligent cipher key equipment, obtains the of the tested intelligent cipher key equipment output Three session key ciphertexts and third session key ID.
23. device as claimed in claim 21, which is characterized in that first encrypting module is specifically used for being answered according to preset The 6th instruction is generated with ID, preset Container ID, the third session key ID, preset data and is sent it to described tested Intelligent cipher key equipment is tried, the preset data ciphertext of the tested intelligent cipher key equipment output is obtained.
24. device as claimed in claim 21, which is characterized in that first deciphering module is specifically used for the third meeting Words key ciphertext is sent to the auxiliary intelligent cipher key equipment and is decrypted, and obtains the auxiliary intelligent cipher key equipment output Decrypted result.
25. device as claimed in claim 21, which is characterized in that further include destroying module, in the EOT end of test or test The third session key in the tested intelligent cipher key equipment is not destroyed using the third session key ID after.
26. device as claimed in claim 25, which is characterized in that the destruction module is specifically used for according to preset application ID, preset Container ID, the third session key ID generate the 4th and instruct and send it to the tested intelligent key Equipment.
CN201610949255.1A 2016-10-26 2016-10-26 The method and device that a kind of pair of intelligent cipher key equipment is tested Active CN106411653B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610949255.1A CN106411653B (en) 2016-10-26 2016-10-26 The method and device that a kind of pair of intelligent cipher key equipment is tested

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610949255.1A CN106411653B (en) 2016-10-26 2016-10-26 The method and device that a kind of pair of intelligent cipher key equipment is tested

Publications (2)

Publication Number Publication Date
CN106411653A CN106411653A (en) 2017-02-15
CN106411653B true CN106411653B (en) 2019-03-29

Family

ID=58013858

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610949255.1A Active CN106411653B (en) 2016-10-26 2016-10-26 The method and device that a kind of pair of intelligent cipher key equipment is tested

Country Status (1)

Country Link
CN (1) CN106411653B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107124515A (en) * 2017-05-15 2017-09-01 上海与德科技有限公司 A kind of intelligent unlocking method and device
CN107809311B (en) * 2017-09-30 2020-01-03 飞天诚信科技股份有限公司 Asymmetric key issuing method and system based on identification
CN107911215B (en) * 2017-11-21 2020-09-29 中国银行股份有限公司 HSM key verification method and device
CN108347361B (en) * 2018-03-06 2020-08-04 平安普惠企业管理有限公司 Application program testing method and device, computer equipment and storage medium
CN111445250B (en) * 2020-04-16 2023-04-11 中国银行股份有限公司 Block chain key testing method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102790678A (en) * 2012-07-11 2012-11-21 飞天诚信科技股份有限公司 Authentication method and system
CN103905204A (en) * 2014-04-02 2014-07-02 天地融科技股份有限公司 Data transmission method and transmission system
CN105634742A (en) * 2015-12-28 2016-06-01 飞天诚信科技股份有限公司 Session key negotiation method and intelligent secret key device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7711951B2 (en) * 2004-01-08 2010-05-04 International Business Machines Corporation Method and system for establishing a trust framework based on smart key devices

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102790678A (en) * 2012-07-11 2012-11-21 飞天诚信科技股份有限公司 Authentication method and system
CN103905204A (en) * 2014-04-02 2014-07-02 天地融科技股份有限公司 Data transmission method and transmission system
CN105634742A (en) * 2015-12-28 2016-06-01 飞天诚信科技股份有限公司 Session key negotiation method and intelligent secret key device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一种基于智能卡的会话密钥交换和认证方案;刘嘉勇;《电讯技术》;20030131(第1期);121-124

Also Published As

Publication number Publication date
CN106411653A (en) 2017-02-15

Similar Documents

Publication Publication Date Title
CN106411653B (en) The method and device that a kind of pair of intelligent cipher key equipment is tested
CN112291230B (en) Data security authentication transmission method and device for terminal of Internet of things
US8516268B2 (en) Secure field-programmable gate array (FPGA) architecture
CN104683304B (en) A kind of processing method of secure traffic, equipment and system
CN106656503B (en) Method for storing cipher key, data encryption/decryption method, electric endorsement method and its device
CN105721443B (en) A kind of link session key negotiation method and device
CN108234132A (en) The safe communication system and method for a kind of main control chip and encryption chip
CN105447407A (en) Off-line data encryption method and decryption method and corresponding apparatus and system
CN105871918A (en) Household appliance, communication system and method between household appliance and cloud server as well as cloud server
CN106878015A (en) Encryption satellite communication system and method
CN109168162A (en) Bluetooth communication encryption method, device and intelligent security guard equipment
CN105281910A (en) Internet of things lock with CA digital certificate serving as network access identity identifier and network access identity identification method
CN106453391A (en) Long repeating data encryption and transmission method and system
CN104468126A (en) Safety communication system and method
CN115967485A (en) Encryption and decryption system based on quantum key
CN113704780A (en) Model-driven-based power distribution network user side information adaptive encryption method
CN108551391B (en) Authentication method based on USB-key
CN109389710A (en) Intelligent door lock system based on RSA Algorithm Yu BLE low-power consumption bluetooth
CN105915345B (en) The implementation method of licensed-type production and restructuring in a kind of family gateway equipment production test
CN100586063C (en) Triple stirring method for Ethernet data
CN106850443A (en) A kind of SDN flow table issuance methods based on TPM
CN109547303A (en) Control method and relevant device
CN113254960A (en) Method, medium and device for realizing hardware password interface by adopting go language
CN114978769B (en) Unidirectional leading-in device, unidirectional leading-in method, unidirectional leading-in medium and unidirectional leading-in equipment
CN103634113B (en) Encryption and decryption method and device with user/equipment identity authentication

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant