CN108134673B - Method and device for generating white box library file - Google Patents
Method and device for generating white box library file Download PDFInfo
- Publication number
- CN108134673B CN108134673B CN201711484177.3A CN201711484177A CN108134673B CN 108134673 B CN108134673 B CN 108134673B CN 201711484177 A CN201711484177 A CN 201711484177A CN 108134673 B CN108134673 B CN 108134673B
- Authority
- CN
- China
- Prior art keywords
- lookup table
- library file
- white
- parameter combination
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 238000004590 computer program Methods 0.000 claims description 17
- 238000003860 storage Methods 0.000 claims description 13
- 230000008569 process Effects 0.000 abstract description 18
- 230000006870 function Effects 0.000 description 14
- 238000010586 diagram Methods 0.000 description 12
- 238000012545 processing Methods 0.000 description 7
- 235000000332 black box Nutrition 0.000 description 4
- 238000013478 data encryption standard Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
- H04L9/16—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/16—Obfuscation or hiding, e.g. involving white box
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to the technical field of terminal security protection, in particular to a method and a device for generating a white box library file, which are used for solving the problem that a secret key in the prior art is unsafe. Determining a first code block matching the first parameter combination according to the determined first parameter combination; running the first code block, and randomly generating a lookup table source file; and compiling the lookup table source file to obtain a white box library file. Therefore, the key is convenient to update, and the white box library file does not need to be updated when the key is updated, so that the dynamic white box encryption process can be simplified, and the security of the key is improved. And furthermore, the safety of the user in decrypting the ciphertext and encrypting the plaintext is improved.
Description
Technical Field
The application relates to the technical field of terminal safety protection, in particular to a method and a device for generating a white box library file.
Background
With the development of terminal technology, more and more applications are installed in the terminal. The user may generate some data that the attacker does not want to steal in the process of using the application programs, or the user does not want the execution logic of the application program itself to be cracked reversely by the attacker. In order to secure the application and the data generated during the operation of the application, it is often necessary to encrypt the data.
The conventional encryption technology is a black-box encryption technology, which generally refers to a technology for encrypting plaintext data by using an encryption algorithm in a black-box (black-box) environment to obtain ciphertext data and a key. The black box environment is a safe and reliable operating environment invisible to an attacker, and under the environment, the attacker can only obtain input or output of an encryption algorithm but cannot obtain a secret key.
In recent years, intelligent terminals are widely popularized, and as the operating environment of the intelligent terminals is relatively open, that is, the operating environment of the intelligent terminals is visible to attackers (commonly known as white-box environment), the black-box encryption technology is no longer applicable, and the white-box encryption technology is correspondingly proposed. White-box cryptography refers to cryptography that can resist attacks in a white-box environment. The key idea is to confuse the cryptographic algorithm, so that an attacker cannot know the specific algorithm flow, thereby achieving the purpose of protecting key information, preventing the attacker from extracting the key in a white box environment, and ensuring the safety of protected data.
In the existing white-box encryption technology, a key is usually selected first, then scrambling coding is performed on the mapping from a plaintext to a ciphertext, and the coding result is expressed in a lookup table (also called a white-box library file) manner, so that an attacker cannot analyze the key from the lookup table. Such as the white-box AES algorithm designed by Chow et al. But the existing white-box AES algorithm has been broken down so that there is still a security threat to the data in the white-box environment.
Disclosure of Invention
The embodiment of the application provides a method and a device for generating a white box library file, which are used for solving the problem of insecure secret keys in the prior art.
In order to solve the technical problem, the embodiment of the application adopts the following technical scheme:
a method of generating a white-box library file, comprising:
determining a first code block matching the first parameter combination according to the determined first parameter combination;
running the first code block, and randomly generating a lookup table source file;
and compiling the lookup table source file to obtain a white box library file.
A white-box library file generation apparatus, comprising:
the determining module is used for determining a code block matched with the first parameter combination according to the determined first parameter combination;
the generating module is used for operating the first code block and randomly generating a lookup table source file;
and the compiling module is used for compiling the lookup table source file to obtain a white box library file.
The embodiment of the application adopts at least one technical scheme which can achieve the following beneficial effects:
through the technical scheme, the key is convenient to update, and the white box library file does not need to be updated when the key is updated, so that the dynamic white box encryption process can be simplified, and the security of the key is improved. And furthermore, the safety of the user in decrypting the ciphertext and encrypting the plaintext is improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1(a) is a schematic flow chart of a method for generating a white-box library file provided in the present application;
fig. 1(b) is a second schematic flowchart of a method for generating a white-box library file provided in the present application;
fig. 2 is a schematic flowchart of a downloading method of a white box library file provided in the present application;
fig. 3(a) is a schematic flowchart of a downloading method of a white-box library file provided in the present application;
FIG. 3(b) is a second schematic flowchart of the downloading method of white-box library file provided in the present application
Fig. 4(a) is a schematic structural diagram of a white box library file generation device provided in the present application;
fig. 4(b) is a schematic structural diagram of a downloading apparatus for a white box library file provided in the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
In the present application, a dynamic white-box solution is mainly introduced. The dynamic white box is that the white box library file is not required to be updated after being generated, and the original key is subjected to key conversion through a specific white box key generation tool to obtain a white box key; after the white-box key and the corresponding file transmit the matched white-box library file, the plaintext can be encrypted in a table look-up mode or the ciphertext can be decrypted. In the encryption and decryption scheme of the dynamic white box, the white box key is safe, and an attacker cannot obtain any information about the original key by analyzing the white box key, so that the cracking difficulty of the original key can be enhanced, and the security of the encryption and decryption operation can be guaranteed.
The whole dynamic white-box technology is fully introduced below through several scheme branches in the dynamic white-box technology.
Wherein, the whole dynamic white box technology comprises: a generation scheme of the dynamic white box library file; a downloading scheme of the dynamic white box library file; a generation scheme of the dynamic white-box key; a download scheme of the dynamic white-box key; and carrying out encryption and decryption by using the white-box library file and the white-box key.
Referring to fig. 1(a), which is a schematic flow chart of the white-box library file generation method provided in the present application, it should be noted that an execution main body of the white-box library file generation scheme may be a server, where the server may be a white-box system server specially used for processing the white-box file, or may be a sub-server integrated in a developer server. The generation method mainly comprises the following steps:
step 11: according to the determined first parameter combination, a first code block matching the first parameter combination is determined.
Optionally, in this application, when determining, according to the determined first parameter combination, a first code block matching with the first parameter combination, referring to fig. 1(b), step 11 is specifically performed as:
step 111: a first combination of parameters is determined from the received library file generation request.
Specifically, in the present application, the library file generation request may be generated and submitted by the client. The library file generation request carries a first parameter combination, and the first parameter combination at least comprises: algorithm identification, applicable platform identification and target function.
-the algorithm identifier refers to one algorithm identifier or a combination of algorithm identifiers in the encryption algorithm. Currently supported encryption algorithms include: advanced Encryption Standard (AES) algorithm, Data Encryption Standard (DES), Triple Data Encryption Standard (TDES) and block cipher algorithm SM 4.
-said applicable platform identification refers to the terminal operating system to which the dynamic white-box technique is applicable. The supported operating systems include at least: the Android operating system or the iOS operating system, which is not limited thereto, may also support compatibility with the Android operating system and the iOS operating system. The Android operating system can support generation of a static white box library file and a dynamic white box library file; the iOS operating system may support the generation of static white-box library files.
-the target function means that the white-box library file to be generated is used for encryption, decryption or encryption and decryption. The target function can be used for single selection or multiple selection of the user when the client is opened to the user.
In fact, in the present application, the first parameter combination may include, in addition to the above three types of parameters: a device binding function; the method specifically comprises the following steps: add a device binding function or not. Specifically, the identifier of the client may be added to the first parameter combination. Thus, the processing side of the dynamic white-box technique is enabled to perform white-box key services for a particular user.
Step 112: and selecting a first code block corresponding to the matched code base according to the first parameter combination.
The method includes the steps of analyzing a first parameter combination carried by a library file generation request received from a client, and then selecting a matched code library from encryption libraries corresponding to an encryption algorithm according to the first parameter combination, wherein the number of the encryption libraries is matched with the encryption algorithm, and can be 4 or 8, and the like, and the application is not limited. And determining the corresponding first code block according to the selected code base. Wherein each code base comprises a plurality of first code blocks.
Step 12: and running the first code block and randomly generating a lookup table source file.
In particular, in the present application, a lookup table source file may be a set of codes that contains a lookup table. The lookup table source file can be dynamically and randomly generated according to a preset generation rule, so that the lookup table source files generated by the library file generation request initiated each time are different, the white box library files generated by the key request each time are different, and the encryption and decryption safety is improved.
Optionally, in this application, step 12 is specifically executed as: and operating the first code block, and dynamically and randomly generating at least one lookup table and a fixed code corresponding to each lookup table, wherein the fixed code records a lookup rule when a lookup operation is performed on the at least one lookup table. The lookup rule is used to indicate how to lookup a table and how to lookup. In fact, the lookup table exists in a mapping relationship, and the process of lookup table is the process of inputting plaintext-outputting ciphertext, or the process of inputting ciphertext-outputting plaintext.
Step 13: and compiling the lookup table source file to obtain a white box library file.
In the present application, step 13 specifically includes: combining the at least one lookup table with a fixed code corresponding to each lookup table; compiling the combined at least one lookup table and the fixed codes corresponding to each lookup table to obtain a white box library file.
The lookup table in the white-box library file is used for encrypting subsequently input plaintext or decrypting subsequently input ciphertext.
Through the technical scheme, the dynamic white box technology is adopted, the corresponding first code block is determined according to the first parameter combination carried in the received library file generation request, the corresponding lookup table and the corresponding fixed code are dynamically and randomly generated after the first code block is operated, the lookup table and the corresponding fixed code are compiled to obtain the white box library file in the dynamic white box technology, and when the key is updated, the white box library file does not need to be updated, so that the dynamic white box encryption process can be simplified, and the security of the key is improved.
In addition, in the application, it is considered that compiling the lookup table source file to obtain the white box library file is not limited to compiling only the lookup table and the corresponding fixed code, and corresponding package codes can be added for interfacing with corresponding operating systems according to different operation types. For example, for an Android operating system, a JNI code may be added as an interface packaging code, and the JNI code, a lookup table and a fixed code are combined together and then compiled to obtain a white box library file, so that the white box library file is suitable for the corresponding Android operating system. For another example, for the iOS operating system, other similar codes (codes that are aligned to interface with the iOS operating system) may be added as interface package codes, and the interface package codes are combined with the lookup table and the fixed codes together and then compiled to obtain a white box library file, so that the white box library file is suitable for the corresponding iOS operating system. The design can be conveniently butted with a white box standard algorithm, and the integration level is high.
Referring to fig. 2, a schematic flow chart of a downloading method of a white box library file provided in the present application is shown, where the downloading method is mainly introduced from the perspective of a system including a client and a white box key server, and the downloading method mainly includes the following steps:
step 21: the client side submits a library file generation request to the server.
Specifically, a client receives a selection instruction triggered by a selection operation of a user, and determines a first parameter combination selected by the user; then, the first parameter combination is added to the library file generation request, and the library file generation request is submitted to the server, where the submission is understood to be sending. The library file generation request carries a first parameter combination. The first parameter combination at least comprises: algorithm identification, applicable platform identification and target function.
The above generation scheme of the white box library file is already described, and is not described herein again.
In fact, in the present application, the first parameter combination may include, in addition to the above three types of parameters: a device binding function; the method specifically comprises the following steps: add a device binding function or not. Specifically, the identifier of the client may be added to the first parameter combination. Thus, the processing side of the dynamic white-box technique is enabled to perform white-box key services for a particular user.
Step 22: the server determining a first code block that matches the library file generation request; running the first code block, and randomly generating a lookup table source file; and compiling the lookup table source file, and sending the generated white box library file to a client.
Specifically, the server analyzes a first parameter combination carried by the library file according to the received library file generation request, then selects a matched code library from an encryption library corresponding to the encryption algorithm according to the first parameter combination, and determines a corresponding first code block according to the selected code library. The lookup table source file may be a collection of code containing a lookup table. The lookup table source file can be dynamically and randomly generated according to a preset generation rule, so that the lookup table source files generated by the library file generation request initiated each time are different, the white box library files generated by the key request each time are different, and the encryption and decryption safety is improved.
And operating the first code block, and dynamically and randomly generating at least one lookup table and a fixed code corresponding to each lookup table, wherein the fixed code records a lookup rule when a lookup operation is performed on the at least one lookup table. The lookup rule is used to indicate how to lookup a table and how to lookup. In fact, the lookup table exists in a mapping relationship, and the process of lookup table is the process of inputting plaintext-outputting ciphertext, or the process of inputting ciphertext-outputting plaintext.
Combining the at least one lookup table with a fixed code corresponding to each lookup table; compiling the combined at least one lookup table and the fixed codes corresponding to each lookup table to obtain a white box library file. The lookup table in the white-box library file is used for encrypting subsequently input plaintext or decrypting subsequently input ciphertext.
And finally, sending the obtained white box library file to a client.
Step 23: and the client receives the white-box library file fed back by the server so as to perform encryption and decryption operations subsequently according to the white-box library file and the received key file.
And the client receives and stores the white-box library file fed back by the server so as to process the plaintext or the ciphertext input by the user according to the white-box library file. And finishing the downloading operation of the white box library file.
In fact, in the present application, there may be a case where multiple clients initiate a white box library file generation request at the same time, at this time, different white box library file generation operations need to be performed according to the identifier of each client, and then the white box library files are sent to the clients corresponding to the client identifiers, respectively.
Referring to fig. 3(a), a schematic flowchart of a downloading method of a white box library file provided by the present application is shown, where the downloading method is mainly introduced by a client side, and the downloading method mainly includes the following steps:
step 31: and submitting a library file generation request to the server.
Step 32: and the receiving server generates a white-box library file requested to be fed back according to the library file so as to carry out encryption and decryption operation subsequently according to the white-box library file and the received key file.
Optionally, as shown in fig. 3(b), before submitting the library file generation request to the server, the method further includes:
step 33: determining a parameter combination selected by a user, wherein the parameter combination at least comprises: encryption algorithm identification, applicable platform identification, and target function.
Step 34: and generating a library file generation request carrying the parameter combination.
Optionally, step 32 specifically includes: and receiving the white-box library file fed back by the server according to the parameter combination carried in the library file generation request.
Optionally, in this application, the white box library file is determined by: determining a code block matched with the parameter combination according to the determined parameter combination; running the code block and randomly generating a lookup table source file; and compiling the lookup table source file to obtain a white box library file.
Referring to fig. 4(a), a schematic structural diagram of a white box library file generation device provided by the present application is shown, where the device mainly includes the following functional modules:
a determining module 41a, configured to determine, according to the determined first parameter combination, a code block matching the first parameter combination.
A generating module 42a, configured to run the first code block, randomly generate a lookup table source file.
And the compiling module 43a is configured to compile the lookup table source file to obtain a white box library file.
The determining module is specifically configured to determine a first parameter combination from the received library file generation request; and selecting a first code block corresponding to the matched code base according to the parameter combination.
Optionally, the generating module 42a is specifically configured to run the first code block, and dynamically and randomly generate at least one lookup table and a fixed code corresponding to each lookup table, where the fixed code records a lookup rule when performing a table lookup operation on the at least one lookup table.
Optionally, the compiling module 43a is specifically configured to combine the at least one lookup table with a fixed code corresponding to each lookup table; compiling the combined at least one lookup table and the fixed codes corresponding to each lookup table to obtain a white box library file.
Referring to fig. 4(b), a schematic structural diagram of a downloading device for white box library files provided by the present application is shown, where the device mainly includes the following functional modules:
a sending module 41b, configured to submit a library file generation request to a server;
the receiving module 42b is configured to receive the white-box library file that is generated by the server according to the library file and requested to be fed back, so as to perform encryption and decryption operations subsequently according to the white-box library file and the received key file.
Optionally, still referring to fig. 4(b), the apparatus further comprises:
a determining module 43b, configured to determine a parameter combination selected by the user before submitting the library file generation request to the server; generating a library file generation request carrying the parameter combination; wherein the parameter combination at least comprises: encryption algorithm identification, applicable platform identification, and target function.
Optionally, the receiving module 42b is specifically configured to receive the white-box library file fed back by the server according to the parameter combination carried in the library file generation request.
In fact, in this application, the downloading device of the white box library file can be regarded as a system for downloading the white box library file, including: a client and a server;
the client is used for submitting a library file generation request to a server and receiving a white box library file fed back by the server so as to carry out encryption and decryption operations according to the white box library file and a received key file in a follow-up manner;
the server is used for determining a code block matched with the library file generation request; running the code block and randomly generating a lookup table source file; and compiling the lookup table source file, and sending the generated white box library file to a client.
The embodiment of the present invention further provides a mobile terminal, which includes a processor, a memory, and a computer program stored in the memory and capable of running on the processor, and when being executed by the processor, the computer program implements each process of the foregoing white box library file downloading method embodiment, and can achieve the same technical effect, and is not described herein again to avoid repetition.
The embodiment of the present invention further provides a server device, which includes a processor, a memory, and a computer program stored in the memory and capable of running on the processor, and when being executed by the processor, the computer program implements each process of the above-mentioned white box library file generation method, and can achieve the same technical effect, and is not described herein again to avoid repetition.
The embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program implements the downloading method of the white box library file and/or the processes of the embodiment of the method for generating the white box library file, and can achieve the same technical effects, and in order to avoid repetition, the details are not repeated here. The computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include transitory computer readable media (transmyedia) such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (6)
1. A method of generating a white-box library file, comprising:
determining a first code block matching the first parameter combination according to the determined first parameter combination, the first parameter combination including an identification of a client;
running the first code block, and randomly generating a lookup table source file which is a code set containing a lookup table and dynamically and randomly generated according to a preset generation rule;
compiling the lookup table source file to obtain a white box library file;
wherein the running the first code block and randomly generating a lookup table source file specifically include:
running the first code block, and dynamically and randomly generating at least one lookup table and a fixed code corresponding to each lookup table, wherein the fixed code records a lookup rule when performing a table lookup operation on the at least one lookup table;
compiling the lookup table source file to obtain a white box library file, wherein the compiling the lookup table source file specifically comprises:
combining the at least one lookup table with a fixed code corresponding to each lookup table; compiling the combined at least one lookup table and the fixed codes corresponding to each lookup table to obtain a white box library file.
2. The method of claim 1, wherein determining, from the determined first parameter combination, a first code block matching the first parameter combination comprises:
determining a first parameter combination from the received library file generation request;
and selecting a first code block corresponding to the matched code base according to the first parameter combination.
3. An apparatus for generating a white-box library file, comprising:
a determining module, configured to determine, according to the determined first parameter combination, a first code block matching the first parameter combination, where the first parameter combination includes an identity of a client;
the generating module is used for operating the first code block and randomly generating a lookup table source file, wherein the lookup table source file is a code set which is dynamically and randomly generated according to a preset generating rule and contains a lookup table;
the compiling module is used for compiling the lookup table source file to obtain a white box library file;
the generating module is specifically configured to run the first code block, and dynamically and randomly generate at least one lookup table and a fixed code corresponding to each lookup table, where the fixed code records a lookup rule when performing a table lookup operation on the at least one lookup table;
the compiling module is specifically configured to combine the at least one lookup table with a fixed code corresponding to each lookup table; compiling the combined at least one lookup table and the fixed codes corresponding to each lookup table to obtain a white box library file.
4. The generation apparatus as claimed in claim 3, wherein the determination module is specifically configured to determine a first parameter combination from the received library file generation request; and selecting a first code block corresponding to the matched code base according to the parameter combination.
5. An apparatus for generating a white-box library file, comprising: memory, processor and computer program stored on the memory and running on the processor, which when executed by the processor implements the steps of the method according to any of claims 1 to 2.
6. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711484177.3A CN108134673B (en) | 2017-12-29 | 2017-12-29 | Method and device for generating white box library file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711484177.3A CN108134673B (en) | 2017-12-29 | 2017-12-29 | Method and device for generating white box library file |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108134673A CN108134673A (en) | 2018-06-08 |
| CN108134673B true CN108134673B (en) | 2021-08-13 |
Family
ID=62393995
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711484177.3A Active CN108134673B (en) | 2017-12-29 | 2017-12-29 | Method and device for generating white box library file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108134673B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109714154B (en) * | 2019-03-05 | 2021-10-29 | 同济大学 | An implementation method of a white-box cryptographic algorithm under the white-box security model with difficult code size |
| CN110149312B (en) * | 2019-04-09 | 2021-10-15 | 北京奇艺世纪科技有限公司 | Data processing method, device, system and computer readable storage medium |
| CN111831978B (en) * | 2019-04-23 | 2025-03-18 | 北京京东尚科信息技术有限公司 | A method and device for protecting configuration files |
| CN111431888B (en) * | 2020-03-19 | 2020-11-27 | 深圳市道旅旅游科技股份有限公司 | Method, device, equipment and storage medium for shielding key information |
| CN111741374B (en) * | 2020-06-10 | 2022-10-21 | 北京奇艺世纪科技有限公司 | Method and device for acquiring white box lookup table, electronic equipment, storage medium and server |
| CN112887263A (en) * | 2020-12-29 | 2021-06-01 | 美的集团股份有限公司 | Data transmission method in equipment, method and device for realizing data transmission in equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7769165B2 (en) * | 2005-10-14 | 2010-08-03 | Microsoft Corporation | Semi-public white-box cipher |
| CN102047220A (en) * | 2008-05-23 | 2011-05-04 | 爱迪德加拿大公司 | System and method for generating white-box implementations of software applications |
| CN106209346A (en) * | 2015-06-01 | 2016-12-07 | 恩智浦有限公司 | Whitepack cryptographic technique is interlocked look-up table |
| CN106411518A (en) * | 2016-09-26 | 2017-02-15 | 北京洋浦伟业科技发展有限公司 | Symmetric white box encryption method with unfixed key and apparatus |
| CN106612182A (en) * | 2016-12-22 | 2017-05-03 | 中国电子科技集团公司第三十研究所 | Method for implementing SM2 white-box digital signature based on residue number system |
-
2017
- 2017-12-29 CN CN201711484177.3A patent/CN108134673B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7769165B2 (en) * | 2005-10-14 | 2010-08-03 | Microsoft Corporation | Semi-public white-box cipher |
| CN102047220A (en) * | 2008-05-23 | 2011-05-04 | 爱迪德加拿大公司 | System and method for generating white-box implementations of software applications |
| CN106209346A (en) * | 2015-06-01 | 2016-12-07 | 恩智浦有限公司 | Whitepack cryptographic technique is interlocked look-up table |
| CN106411518A (en) * | 2016-09-26 | 2017-02-15 | 北京洋浦伟业科技发展有限公司 | Symmetric white box encryption method with unfixed key and apparatus |
| CN106612182A (en) * | 2016-12-22 | 2017-05-03 | 中国电子科技集团公司第三十研究所 | Method for implementing SM2 white-box digital signature based on residue number system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108134673A (en) | 2018-06-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108134673B (en) | Method and device for generating white box library file | |
| CN108111622B (en) | Method, device and system for downloading white box library file | |
| CN108183796A (en) | The method and device of encryption and decryption is carried out using whitepack library file and whitepack key file | |
| CN105577379B (en) | Information processing method and device | |
| CN109728914B (en) | Digital signature verification method, system, device and computer readable storage medium | |
| CN104298932B (en) | A kind of call method and device of SO files | |
| CN110650010A (en) | Method, device and device for generating and using private key in an asymmetric key | |
| CN107317677B (en) | Secret key storage and equipment identity authentication method and device | |
| CN105450620A (en) | Information processing method and device | |
| US20230325516A1 (en) | Method for file encryption, terminal, electronic device and computer-readable storage medium | |
| US12210658B2 (en) | Executing entity-specific cryptographic code in a cryptographic | |
| US11424919B2 (en) | Protecting usage of key store content | |
| US20200044838A1 (en) | Data encryption method and system using device authentication key | |
| CN110149312B (en) | Data processing method, device, system and computer readable storage medium | |
| CN110855433A (en) | Data encryption method and device based on encryption algorithm and computer equipment | |
| CN116346341A (en) | Private key protection and server access method, system, device and storage medium | |
| CN112579112B (en) | Mirror image security processing and deploying method, device and storage medium | |
| Yeboah-Ofori et al. | Enhancement of big data security in cloud computing using RSA algorithm | |
| RU2710670C2 (en) | Cryptographic system and method | |
| US8862893B2 (en) | Techniques for performing symmetric cryptography | |
| CN109784072B (en) | Security file management method and system | |
| CN107968793B (en) | Method, device and storage medium for downloading white box key | |
| CN108965278B (en) | Transaction request processing method and device | |
| US20210111901A1 (en) | Executing entity-specific cryptographic code in a trusted execution environment | |
| KR102771245B1 (en) | Client apparatus, authentication server, authentication method, and authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |