[go: up one dir, main page]

CN113839780A - Encryption method, decryption method, server and storage medium - Google Patents

Encryption method, decryption method, server and storage medium Download PDF

Info

Publication number
CN113839780A
CN113839780A CN202010586747.5A CN202010586747A CN113839780A CN 113839780 A CN113839780 A CN 113839780A CN 202010586747 A CN202010586747 A CN 202010586747A CN 113839780 A CN113839780 A CN 113839780A
Authority
CN
China
Prior art keywords
decryption
data
encryption
plaintext data
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010586747.5A
Other languages
Chinese (zh)
Inventor
吴道揆
李光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN202010586747.5A priority Critical patent/CN113839780A/en
Publication of CN113839780A publication Critical patent/CN113839780A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Collating Specific Patterns (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application discloses an encryption method, a decryption method, a server and a storage medium, and belongs to the field of communication. The encryption method comprises the following steps: encrypting the encryption key by using the selected encryption algorithm to obtain an encrypted fingerprint; encrypting plaintext data by using the encryption algorithm and the encryption key to obtain first ciphertext data; and mixing the encrypted fingerprint and the first ciphertext data to obtain second ciphertext data. The encryption key is encrypted by the encryption algorithm, so that the encryption key is difficult to break, the security of the encryption key is improved, first ciphertext data obtained by encrypting plaintext data by the encryption algorithm and the encryption key is difficult to break, the security of the data is improved, after the first ciphertext data is obtained, the encryption fingerprint and the first ciphertext data are mixed to obtain second ciphertext data, and the security of the data is improved.

Description

Encryption method, decryption method, server and storage medium
Technical Field
The present disclosure relates to the field of communications, and in particular, to an encryption method, a decryption method, a server, and a storage medium.
Background
At present, some service data with higher security requirement is generally called as sensitive configuration data, for example: specifically as a password or data for identity authentication. Because the sensitive configuration data has a requirement on security, the system firstly utilizes a local encryption key and an algorithm to encrypt the sensitive configuration data to form a ciphertext, and the ciphertext exists in the conditions of storage, response to inquiry, transmission and the like.
However, even if the sensitive configuration data is encrypted by using the encryption key and the algorithm to form the ciphertext, the security of the sensitive configuration data is low because the encryption key is easy to crack.
Disclosure of Invention
The embodiments of the present application mainly aim to provide an encryption method, a decryption method, a server and a storage medium, which aim to improve the security of an encryption key, thereby improving the security of data.
To achieve the above object, an embodiment of the present application provides an encryption method, including: encrypting the encryption key by using the selected encryption algorithm to obtain an encrypted fingerprint; encrypting plaintext data by using the encryption algorithm and the encryption key to obtain first ciphertext data; and mixing the encrypted fingerprint and the first ciphertext data to obtain second ciphertext data.
In order to achieve the above object, an embodiment of the present application further provides an encryption method, including: encrypting the encryption key by using the selected encryption algorithm to obtain an encrypted fingerprint; obfuscating the encrypted fingerprint and the first plaintext data to obtain second plaintext data; and encrypting the second plaintext data by using the encryption algorithm and the encryption key to obtain ciphertext data.
In order to achieve the above object, an embodiment of the present application further provides a decryption method, including: separating the encrypted fingerprint and the first ciphertext data from the obtained second ciphertext data; wherein the second ciphertext data is obtained by the encryption method; decrypting the first ciphertext data, comprising: selecting a decryption algorithm and a decryption key, and encrypting the decryption key by using the selected decryption algorithm to obtain a decryption fingerprint; if the decryption fingerprint is matched with the encryption fingerprint separated from the second ciphertext data, decrypting the first ciphertext data by using the decryption algorithm and the decryption key to obtain plaintext data; and if the decrypted fingerprint is not matched with the encrypted fingerprint, repeating the step of decrypting the first ciphertext data.
In order to achieve the above object, an embodiment of the present application further provides a decryption method, including: selecting a decryption algorithm and a decryption key, and decrypting the acquired ciphertext data by using the selected decryption algorithm and the selected decryption key; wherein, the ciphertext data is obtained by the encryption method; if the decryption is successful, second plaintext data is obtained; separating first plaintext data from the second plaintext data; and if the decryption fails, repeating the steps of the decryption method.
In order to achieve the above object, an embodiment of the present application further provides a server, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the encryption method, and/or the decryption method described above.
According to the method and the device, the selected encryption algorithm is used for encrypting the encryption key to obtain the encrypted fingerprint, so that the encryption key is difficult to break, namely, the security of the encryption key is improved, and the security of finally obtained ciphertext data is improved.
The method and the device avoid the problems of safety and compatibility brought by decryption, and the safety is that if the device is replaced, the encrypted data is not easy to obtain because the encryption key exists in an encrypted fingerprint form in the sending process, so that the safety problem of the encrypted data in the replacing process of the device is avoided; the compatibility is that if the equipment system is upgraded, an accurate decryption key and a decryption algorithm can be obtained based on the ciphertext data, so that decryption is realized, the key before the system is upgraded and the key after the system is upgraded do not need to be used for decryption at the same time, and the problem of compatibility is avoided. Therefore, if the equipment is replaced, the safety of the ciphertext data is improved, and if the system of the equipment is upgraded, the safety of the ciphertext data is improved, and the problem of compatibility is avoided.
Drawings
Fig. 1 is a flow chart of an encryption method in a first embodiment of the present application;
fig. 2 is a flow chart of a decryption method in a second embodiment of the present application;
FIG. 3 is a flow chart of an encryption method in a third embodiment of the present application;
fig. 4 is a flow chart of a decryption method in a fourth embodiment of the present application;
fig. 5 is a flowchart of a decryption method in a fifth embodiment of the present application;
fig. 6 is a schematic structural diagram of a server in a sixth embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention will be described in detail with reference to the accompanying drawings. However, it will be appreciated by those of ordinary skill in the art that in various embodiments of the invention, numerous technical details are set forth in order to provide a better understanding of the present application. However, the technical solution claimed in the present application can be implemented without these technical details and various changes and modifications based on the following embodiments. The following embodiments are divided for convenience of description, and should not constitute any limitation to the specific implementation manner of the present invention, and the embodiments may be mutually incorporated and referred to without contradiction.
A first embodiment of the present application relates to an encryption method applied to a terminal, for example: computers, etc. The specific flow of the encryption method of the present embodiment is shown in fig. 1, and includes:
and 101, encrypting the encryption key by using the selected encryption algorithm to obtain the encrypted fingerprint.
Specifically, the terminal stores an encryption algorithm and an encryption key input by a user in advance, or stores the encryption algorithm and the encryption key generated by the encryption chip, and the encryption algorithm and the encryption key can be respectively selected from the stored encryption algorithm and the stored encryption key; or the user temporarily inputs the encryption algorithm and the encryption key of the terminal when the encryption is needed, or the encryption algorithm and the encryption key temporarily generated by the encryption chip, and at this time, the temporarily input or generated encryption algorithm and encryption key are selected. The encryption algorithm includes a hash algorithm, for example: MD5(Message-Digest Algorithm), and the like. And a root key is preset in the terminal for encrypting the encryption key, the root key is stored in a Trusted Platform Module (TPM) of the terminal, and after the encryption algorithm and the encryption key are selected, the terminal encrypts the encryption key by using the selected encryption algorithm and the root key to obtain the encrypted fingerprint.
And 102, encrypting the plaintext data by using an encryption algorithm and an encryption key to obtain first ciphertext data.
And 103, confusing the encrypted fingerprint and the first ciphertext data to obtain second ciphertext data.
Specifically, the terminal encrypts plaintext data by using an encryption algorithm and an encryption key to obtain first ciphertext data, and then confuses the encrypted fingerprint and the first ciphertext data to obtain second ciphertext data. Wherein the encrypted fingerprint and the first ciphertext data may exist in the form of a string. The obfuscation has a certain obfuscation rule, and the obfuscation rule is an offset of the encrypted fingerprint in the first ciphertext data or an offset of the first ciphertext data in the encrypted fingerprint. For example: the terminal splices the encrypted fingerprint and the first ciphertext data, splices the previous encrypted fingerprint and the subsequent first ciphertext data, namely the confusion rule at the moment is that the offset of the encrypted fingerprint in the first ciphertext data is 0, and splices to obtain second ciphertext data. For another example: and the terminal confuses the encrypted fingerprint and the first ciphertext data, inserts the first ciphertext data into the indicated encrypted fingerprint, and inserts the first ciphertext data between the 10 th character and the 11 th character of the indicated encrypted fingerprint if the obfuscation rule is that the offset of the first ciphertext data in the encrypted fingerprint is 10 characters to obtain second ciphertext data.
In one example, the terminal obfuscates the encrypted fingerprint and the first ciphertext data based on an obfuscation algorithm. The obfuscating algorithm has a corresponding obfuscating rule, and the encrypted fingerprint and the first ciphertext data are obfuscated according to the obfuscating rule in the obfuscating algorithm.
In one example, the second ciphertext data may include information indicating an obfuscation rule. Specifically, the second ciphertext data exists in the form of a character string, information indicating an obfuscation rule is located at the first few character positions of the second ciphertext data, and the obfuscation rule is an offset of the encrypted fingerprint in the first ciphertext data, or an offset of the first ciphertext data in the encrypted fingerprint. By carrying the information indicating the confusion rule in the second ciphertext data, the confusion rule can be known quickly during decryption, the first ciphertext data and the encrypted fingerprint can be decrypted quickly, and the decryption speed is improved.
In the embodiment, the encryption key is encrypted by using the encryption algorithm, so that the encryption key is difficult to break, the security of the encryption key is improved, first ciphertext data obtained by encrypting plaintext data by using the encryption algorithm and the encryption key is difficult to break, the security of the data is improved, after the first ciphertext data is obtained, the encryption fingerprint and the first ciphertext data are mixed to obtain second ciphertext data, and the security of the data is improved.
A second embodiment of the present application relates to a decryption method corresponding to the encryption method of the first embodiment, which is applied to a terminal, where the terminal of the second embodiment may be the same terminal as the terminal of the first embodiment, and a system in the terminal may change, and at this time, second ciphertext data is stored in the terminal; the terminal of the second embodiment may also be a terminal different from the terminal of the first embodiment, and at this time, the terminal of the second embodiment needs to receive the second ciphertext data sent by the terminal of the first embodiment; wherein the second ciphertext data is obtained by the encryption method of the first embodiment.
A specific flowchart of the decryption method of this embodiment is shown in fig. 2, and includes:
step 201, separating the encrypted fingerprint and the first ciphertext data from the obtained second ciphertext data.
In one example, separating the encrypted fingerprint and the first ciphertext data from the obtained second ciphertext includes: and identifying the information of the confusion rule from the acquired second ciphertext data, and separating the encrypted fingerprint and the first ciphertext data from the second ciphertext by using the information of the confusion rule.
Specifically, the information of the obfuscation rule in the second ciphertext data is located at the first few character positions of the second ciphertext data, and the obfuscation rule is an offset of the encrypted fingerprint in the first ciphertext data, or an offset of the first ciphertext data in the encrypted fingerprint. Therefore, the terminal can know how the encrypted fingerprint in the second ciphertext data is confused with the first ciphertext data according to the information of the confusion rule, so that the encrypted fingerprint and the first ciphertext data can be separated from the second ciphertext data more quickly, and the decryption speed is improved. After the first ciphertext data is obtained, the first ciphertext data needs to be decrypted.
In one example, the second ciphertext data is obtained by mixing the encrypted fingerprint and the first ciphertext data based on a mixing algorithm, and if the terminal is not changed, the terminal still stores contents such as the mixing algorithm adopted during encryption; if the terminal changes, the user can pre-store the confusion algorithm adopted during encryption into the terminal for receiving the second ciphertext data, and when the second ciphertext data needs to be separated, the terminal can inquire the confusion algorithm stored locally and perform reverse operation by using the confusion algorithm to separate the encrypted fingerprint and the first ciphertext data from the second ciphertext data. After the first ciphertext data is obtained, the first ciphertext data needs to be decrypted.
Step 202, selecting a decryption algorithm and a decryption key, and encrypting the decryption key by using the selected decryption algorithm to obtain a decrypted fingerprint.
Step 203, determining whether the decrypted fingerprint matches the encrypted fingerprint separated from the second ciphertext data, if yes, entering step 204, and if not, entering step 202 again.
And step 204, decrypting the first ciphertext data by using a decryption algorithm and a decryption key to obtain plaintext data.
Specifically, the terminal stores one or more decryption algorithms and one or more decryption keys in advance, or one or more decryption algorithms and one or more decryption keys temporarily input by the user, where the decryption algorithms and decryption keys include a decryption algorithm corresponding to the encryption algorithm in the encryption method of the first embodiment and a decryption key corresponding to the encryption key, so that the terminal needs to randomly select or select the decryption algorithm and the decryption key according to a certain priority rule, and then encrypt the decryption key by using the selected decryption algorithm and the root key to obtain a decrypted fingerprint; wherein the root key used to encrypt the decryption key is the same as the root key used to encrypt the encryption key in the encryption method.
If the decryption fingerprint is matched with the encryption fingerprint, the correct decryption algorithm and the decryption key are obtained, and the first ciphertext data is decrypted by using the obtained correct decryption algorithm and the obtained decryption key to obtain plaintext data. If the decrypted fingerprint and the encrypted fingerprint do not match, it indicates that the correct decryption algorithm or decryption key is not obtained, and step 202 is re-entered. When the decryption algorithm and the decryption key are selected again, repeated selection needs to be avoided, that is, the combination formed by the decryption algorithm and the decryption key can be selected only once, and is not selected repeatedly, for example: the decryption algorithm 1 and the decryption key 1 are selected once, and when the decryption algorithm 1 and the decryption key 1 are selected again, the decryption algorithm 1 and the decryption key 1 are not selected at the same time; but may choose decryption algorithm 1 and decryption key 2, or decryption algorithm 2 and decryption key 1, or decryption algorithm 2 and decryption key 3, etc.
In this embodiment, by using such a method, a security problem or a compatibility problem caused by decryption is avoided, where the security is that, if a device is replaced, the encrypted data is not easily obtained in the process of sending the encrypted data because the encryption key exists in the form of an encrypted fingerprint, and the security problem of the encrypted data in the process of replacing the device is avoided; the compatibility is that if the equipment system is upgraded, an accurate decryption key and a decryption algorithm can be obtained based on the ciphertext data, so that decryption is realized, and the problem of compatibility is avoided by simultaneously using a key before the system is upgraded and a key after the system is upgraded for decryption. Therefore, if the equipment is replaced, the safety of the ciphertext data is improved, and if the system of the equipment is upgraded, the safety of the ciphertext data is improved, and the problem of compatibility is avoided.
A third embodiment of the present application relates to an encryption method applied to a terminal, for example: computers, etc. The specific flow of the encryption method of this embodiment is shown in fig. 3, and includes:
step 301, encrypting the encryption key by using the selected encryption algorithm to obtain the encrypted fingerprint.
Step 301 is similar to step 101 in the first embodiment, and is not described herein again.
Step 302, confuse the encrypted fingerprint with the first plaintext data to obtain a second plaintext data.
And step 303, encrypting the second plaintext data by using the encryption algorithm and the encryption key to obtain ciphertext data.
Specifically, the terminal confuses the encrypted fingerprint and the first plaintext data to obtain second plaintext data; and then, encrypting the second plaintext data by using an encryption algorithm and an encryption key to obtain ciphertext data. Wherein the encrypted fingerprint and the first plaintext data are present in the form of a string. The obfuscation has a certain obfuscation rule, which is an offset of the encrypted fingerprint in the first plaintext data, or an offset of the first plaintext data in the encrypted fingerprint. For example: and the terminal splices the encrypted fingerprint and the first plaintext data, splices the previous encrypted fingerprint and the following first plaintext data, namely the confusion rule at the moment is that the offset of the encrypted fingerprint in the first plaintext data is 0, and splices to obtain second plaintext data. For another example: and the terminal confuses the encrypted fingerprint and the first plaintext data, inserts the first plaintext data into the encrypted fingerprint, and inserts the first plaintext data between the 10 th character and the 11 th character of the encrypted fingerprint to obtain second plaintext data if the obfuscation rule indicates that the offset of the first plaintext data in the encrypted fingerprint is 10 characters.
In one example, the terminal obfuscates the encrypted fingerprint and the first plaintext data based on an obfuscation algorithm to obtain second plaintext data. The confusion algorithm has a corresponding confusion rule, and the encrypted fingerprint and the first ciphertext data are confused according to the confusion rule in the confusion algorithm to obtain second plaintext data.
In one example, the second plaintext data includes information indicating an obfuscation rule. Specifically, the second plaintext data exists in the form of a character string, the information indicating the obfuscation rule is in the first few character positions indicating the second plaintext data, and the obfuscation rule is an offset of the encrypted fingerprint in the first plaintext data, or an offset of the first plaintext data in the encrypted fingerprint. By carrying the information indicating the confusion rule in the second plaintext data, the confusion rule can be known quickly during decryption, the first plaintext data and the encrypted fingerprint can be decrypted quickly, and the decryption speed is improved.
In the embodiment, the encryption key is encrypted by using the encryption algorithm, so that the encryption key is difficult to break, that is, the security of the encryption key is improved, and the ciphertext data is difficult to break, that is, the security of the data is improved.
The fourth embodiment of the present application relates to a decryption method corresponding to the encryption method of the third embodiment, which is applied to a terminal, where the terminal of the fourth embodiment may be the same terminal as the terminal of the third embodiment, and a system in the terminal may be changed, and at this time, ciphertext data is stored in the terminal; the terminal of the fourth embodiment may also be a terminal different from the terminal of the third embodiment, and at this time, the terminal of the fourth embodiment needs to receive the ciphertext data sent by the terminal of the third embodiment; the ciphertext data is obtained by the encryption method of the third embodiment, and the ciphertext data needs to be decrypted in this embodiment.
A specific flowchart of the decryption method of this embodiment is shown in fig. 4, and includes:
step 401, selecting a decryption algorithm and a decryption key, and decrypting the obtained ciphertext data by using the selected decryption algorithm and the selected decryption key.
Step 402, judging whether the decryption is successful, if the decryption is successful, entering step 403, and then entering step 404; if the decryption fails, step 401 is entered.
In step 403, second plaintext data is obtained.
Specifically, the terminal stores one or more decryption algorithms and one or more decryption keys in advance, or one or more decryption algorithms and one or more decryption keys temporarily input by the user, so that the terminal selects the decryption algorithms and the decryption keys randomly or according to a certain priority rule, and performs trial decryption on the obtained ciphertext data by using the selected decryption algorithms and decryption keys. If the decryption is successful, the second plaintext data is obtained, and if the decryption is unsuccessful, the second plaintext data cannot be obtained, then step 401 is re-entered. When the decryption algorithm and the decryption key are selected again, repeated selection needs to be avoided, that is, the combination formed by the decryption algorithm and the decryption key can be selected only once, and is not selected repeatedly, for example: the decryption algorithm 1 and the decryption key 1 are selected once, and when the decryption algorithm 1 and the decryption key 1 are selected again, the decryption algorithm 1 and the decryption key 1 are not selected at the same time; but may choose decryption algorithm 1 and decryption key 2, or decryption algorithm 2 and decryption key 1, or decryption algorithm 2 and decryption key 3, etc.
In step 404, the first plaintext data is separated from the second plaintext data.
In one example, separating the first plaintext data from the second plaintext data comprises: information of the obfuscation rule is identified from the second plaintext data, and the first plaintext data is separated from the second plaintext data using the information of the obfuscation rule.
Specifically, the information of the obfuscation rule in the second plaintext data is at the first few character positions of the second plaintext data, and the obfuscation rule is an offset of the encrypted fingerprint in the first plaintext data, or an offset of the first plaintext data in the encrypted fingerprint. Therefore, the terminal can know how the encrypted fingerprint in the second plaintext data is confused with the first plaintext data according to the information, so that the first plaintext data can be separated from the second plaintext data more quickly, and the decryption speed is improved.
In one example, the second plaintext data is obtained by mixing the encrypted fingerprint and the first plaintext data based on a mixing algorithm, and if the terminal is not changed, the terminal still stores contents such as the mixing algorithm adopted during encryption; if the terminal changes, the user can pre-store the confusion algorithm adopted during encryption into the terminal for receiving the ciphertext data, and when the second plaintext data needs to be separated, the terminal inquires the confusion algorithm stored locally and performs reverse operation by using the confusion algorithm to separate the first plaintext data from the second plaintext data.
In this embodiment, by using such a method, a security problem or a compatibility problem caused by decryption is avoided, where the security is that, if a device is replaced, the encrypted data is not easily obtained in the process of sending the encrypted data because the encryption key exists in the form of an encrypted fingerprint, and the security problem of the encrypted data in the process of replacing the device is avoided; the compatibility is that if the equipment system is upgraded, an accurate decryption key and a decryption algorithm can be obtained based on the ciphertext data, so that decryption is realized, and the problem of compatibility is avoided by simultaneously using a key before the system is upgraded and a key after the system is upgraded for decryption. Therefore, if the equipment is replaced, the safety of the ciphertext data is improved, and if the system of the equipment is upgraded, the safety of the ciphertext data is improved, and the problem of compatibility is avoided.
A fifth embodiment of the present application relates to a decryption method corresponding to the encryption method of the third embodiment, which is applied to a terminal, and is substantially the same as the fourth embodiment, with the main difference that: it is further determined whether the first plaintext data is correct.
Fig. 5 shows a specific flowchart of the decryption method in this embodiment, which includes:
step 501, selecting a decryption algorithm and a decryption key, and decrypting the acquired ciphertext data by using the selected decryption algorithm and the selected decryption key.
Step 502, judging whether the decryption is successful, if the decryption is successful, entering step 503, and then entering step 504; if the decryption fails, step 501 is entered.
In step 503, second plaintext data is obtained.
Steps 501-503 are similar to steps 401-403 in the fourth embodiment, and are not described herein again.
Step 504 separates the encrypted fingerprint and the first plaintext data from the second plaintext data.
In one example, separating the encrypted fingerprint and the first plaintext data from the second plaintext data comprises: information of the obfuscation rule is identified from the second plaintext data, and the encrypted fingerprint and the first plaintext data are separated from the second plaintext data using the information of the obfuscation rule.
Specifically, the information of the obfuscation rule in the second plaintext data is at the first few character positions of the second plaintext data, and the obfuscation rule is an offset of the encrypted fingerprint in the first plaintext data, or an offset of the first plaintext data in the encrypted fingerprint. Therefore, the terminal can know how the encrypted fingerprint in the second plaintext data is confused with the first plaintext data according to the information, so that the encrypted fingerprint and the first plaintext data can be separated from the second plaintext data more quickly, and the decryption speed is improved.
In one example, the second plaintext data is obtained by mixing the encrypted fingerprint and the first plaintext data based on a mixing algorithm, and if the terminal is not changed, the terminal still stores contents such as the mixing algorithm adopted during encryption; if the terminal changes, the user can pre-store the confusion algorithm adopted during encryption into the terminal for receiving the ciphertext data, and when the second plaintext data needs to be separated, the terminal inquires the confusion algorithm stored locally and performs reverse operation by using the confusion algorithm to separate the encrypted fingerprint and the first plaintext data from the second plaintext data.
And 505, encrypting the decryption key by using a decryption algorithm to obtain a decrypted fingerprint.
Step 506, determining whether the decrypted fingerprint matches the encrypted fingerprint separated from the second plaintext data, if yes, entering step 507, and if not, entering step 501 again.
In step 507, the first plaintext data is determined to be correct.
Specifically, in some cases, even if the ciphertext data is successfully decrypted using the selected decryption algorithm and decryption key, there is a possibility that the decryption algorithm is not the decryption algorithm corresponding to the encryption algorithm in the encryption method of the third embodiment and/or the decryption key is not the decryption key corresponding to the encryption key in the encryption method of the third embodiment, which results in the second plaintext data not being required by the terminal, i.e., the obtained second plaintext data is determined to be incorrect, and thus the obtained first plaintext data is determined to be incorrect.
The terminal stores the root key used for encrypting the encryption key in the encryption method in advance, so that the terminal can encrypt the decryption key by using the decryption algorithm and the root key to obtain the decryption fingerprint, if the decryption fingerprint is matched with the encryption fingerprint, the correct decryption algorithm and decryption key are obtained, the second plaintext data obtained by decrypting the ciphertext data by using the decryption algorithm and the decryption key is determined to be correct, and the first plaintext data separated from the second plaintext data is determined to be correct. If the decrypted fingerprint and the encrypted fingerprint are not matched, it is determined that the obtained decryption algorithm and the obtained decryption key are not correct, and further, it is determined that the second plaintext data obtained by decrypting the ciphertext data by using the decryption algorithm and the decryption key is incorrect, and further, it is determined that the first plaintext data separated from the second plaintext data is incorrect, and the process reenters step 501. When the decryption algorithm and the decryption key are selected again, repeated selection needs to be avoided, that is, the combination formed by the decryption algorithm and the decryption key can be selected only once and is not selected repeatedly.
In this embodiment, whether the obtained first plaintext data is correct may be determined by verifying whether the decrypted fingerprint and the encrypted fingerprint are matched.
The steps of the above methods are divided for clarity, and the implementation may be combined into one step or split some steps, and the steps are divided into multiple steps, so long as the same logical relationship is included, which are all within the protection scope of the present patent; it is within the scope of the patent to add insignificant modifications to the algorithms or processes or to introduce insignificant design changes to the core design without changing the algorithms or processes.
A sixth embodiment of the present application relates to a server, as shown in fig. 6, including: includes at least one processor 602; and, a memory 601 communicatively coupled to the at least one processor; the memory 601 stores instructions executable by the at least one processor 602, and the instructions are executed by the at least one processor 602 to enable the at least one processor 602 to execute the encryption method of the first embodiment, and/or the decryption method of the second embodiment, and/or the encryption method of the third embodiment, and/or the decryption method of the fourth embodiment, and/or the decryption method of the fifth embodiment.
Where the memory 601 and the processor 602 are coupled by a bus, the bus may comprise any number of interconnected buses and bridges that couple one or more of the various circuits of the processor 602 and the memory 601 together. The bus may also connect various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. A bus interface provides an interface between the bus and the transceiver. The transceiver may be one element or a plurality of elements, such as a plurality of receivers and transmitters, providing a means for communicating with various other apparatus over a transmission medium. Data processed by processor 602 is transmitted over a wireless medium through an antenna, which receives the data and transmits the data to processor 602.
The processor 602 is responsible for managing the bus and general processing and may also provide various functions including timing, peripheral interfaces, voltage regulation, power management, and other control functions. And memory 601 may be used to store data used by processor 602 in performing operations.
A seventh embodiment of the present application relates to a computer-readable storage medium storing a computer program. The computer program, when executed by the processor, implements the encryption method of the first embodiment, and/or the decryption method of the second embodiment, and/or the encryption method of the third embodiment, and/or the decryption method of the fourth embodiment, and/or the decryption method of the fifth embodiment.
That is, as can be understood by those skilled in the art, all or part of the steps in the method for implementing the embodiments described above may be implemented by a program instructing related hardware, where the program is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, or the like) or a processor (processor) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It will be understood by those of ordinary skill in the art that the foregoing embodiments are specific examples for carrying out the present application, and that various changes in form and details may be made therein without departing from the spirit and scope of the present application in practice.

Claims (11)

1.一种加密方法,其特征在于,包括:1. an encryption method, is characterized in that, comprises: 利用选取的加密算法对加密密钥进行加密,得到加密指纹;Encrypt the encryption key using the selected encryption algorithm to obtain an encrypted fingerprint; 利用所述加密算法和所述加密密钥对明文数据进行加密,得到第一密文数据;Encrypt plaintext data by using the encryption algorithm and the encryption key to obtain first ciphertext data; 对所述加密指纹和所述第一密文数据进行混淆,得到第二密文数据。Confuse the encrypted fingerprint and the first ciphertext data to obtain second ciphertext data. 2.根据权利要求1所述的加密方法,其特征在于,所述第二密文数据中包含用于指示混淆规则的信息。2 . The encryption method according to claim 1 , wherein the second ciphertext data includes information for indicating an obfuscation rule. 3 . 3.一种加密方法,其特征在于,包括:3. an encryption method, is characterized in that, comprises: 利用选取的加密算法对加密密钥进行加密,得到加密指纹;Encrypt the encryption key using the selected encryption algorithm to obtain an encrypted fingerprint; 对所述加密指纹和第一明文数据进行混淆,得到第二明文数据;Confuse the encrypted fingerprint and the first plaintext data to obtain second plaintext data; 利用所述加密算法和所述加密密钥对所述第二明文数据进行加密,得到密文数据。The second plaintext data is encrypted by using the encryption algorithm and the encryption key to obtain ciphertext data. 4.根据权利要求3所述的加密方法,其特征在于,所述第二明文数据中包含用于指示混淆规则的信息。4 . The encryption method according to claim 3 , wherein the second plaintext data includes information for indicating an obfuscation rule. 5 . 5.一种解密方法,其特征在于,包括:5. a decryption method, is characterized in that, comprises: 从获取的第二密文数据中分离出加密指纹和第一密文数据;其中,所述第二密文数据由权利要求1中所述的加密方法得到;Separate the encrypted fingerprint and the first ciphertext data from the acquired second ciphertext data; wherein, the second ciphertext data is obtained by the encryption method described in claim 1; 对所述第一密文数据进行解密,包括:Decrypting the first ciphertext data includes: 选取解密算法和解密密钥,并利用选取的所述解密算法对所述解密密钥进行加密,得到解密指纹;Select a decryption algorithm and a decryption key, and utilize the selected decryption algorithm to encrypt the decryption key to obtain a decryption fingerprint; 若所述解密指纹和从第二密文数据中分离出的所述加密指纹匹配,利用所述解密算法和所述解密密钥对所述第一密文数据进行解密,得到明文数据;If the decrypted fingerprint matches the encrypted fingerprint separated from the second ciphertext data, use the decryption algorithm and the decryption key to decrypt the first ciphertext data to obtain plaintext data; 若所述解密指纹和所述加密指纹不匹配,重复所述对所述第一密文数据进行解密的步骤。If the decrypted fingerprint and the encrypted fingerprint do not match, repeat the step of decrypting the first ciphertext data. 6.根据权利要求5所述的解密方法,其特征在于,所述从获取的第二密文中分离出加密指纹和第一密文数据,包括:6. The decryption method according to claim 5, wherein the separating the encrypted fingerprint and the first ciphertext data from the obtained second ciphertext comprises: 从获取的第二密文数据中识别混淆规则的信息,并利用所述混淆规则的信息从所述第二密文中分离出所述加密指纹和所述第一密文数据。The information of the obfuscation rule is identified from the acquired second ciphertext data, and the encrypted fingerprint and the first ciphertext data are separated from the second ciphertext by using the information of the obfuscation rule. 7.一种解密方法,其特征在于,7. A decryption method, characterized in that, 选取解密算法和解密密钥,并利用选取的所述解密算法和所述解密密钥对获取的密文数据进行解密;其中,所述密文数据由权利要求4中所述的加密方法得到;Select decryption algorithm and decryption key, and utilize the selected decryption algorithm and the decryption key to decrypt the obtained ciphertext data; Wherein, the ciphertext data is obtained by the encryption method described in claim 4; 若解密成功,得到第二明文数据;If the decryption is successful, the second plaintext data is obtained; 从所述第二明文数据中分离出第一明文数据;separate the first plaintext data from the second plaintext data; 若解密失败,重复所述解密方法的步骤。If the decryption fails, the steps of the decryption method are repeated. 8.根据权利要求7所述的解密方法,其特征在于,所述从所述第二明文数据中分离出第一明文数据,包括:8. The decryption method according to claim 7, wherein the separating the first plaintext data from the second plaintext data comprises: 从所述第二明文数据中识别混淆规则的信息,并利用所述混淆规则的信息从所述第二明文数据中分离出第一明文数据。The information of the obfuscation rule is identified from the second plaintext data, and the first plaintext data is separated from the second plaintext data by using the information of the obfuscation rule. 9.根据权利要求7所述的解密方法,其特征在于,所述从所述第二明文数据中分离出第一明文数据,包括:9. The decryption method according to claim 7, wherein the separating the first plaintext data from the second plaintext data comprises: 从所述第二明文数据中分离出加密指纹和第一明文数据;Separating the encrypted fingerprint and the first plaintext data from the second plaintext data; 在所述从所述第二明文中分离出加密指纹和第一明文数据之后,还包括:After the separation of the encrypted fingerprint and the first plaintext data from the second plaintext, the method further includes: 利用所述解密算法对所述解密密钥进行加密,得到解密指纹;Utilize the decryption algorithm to encrypt the decryption key to obtain a decryption fingerprint; 若所述解密指纹和从所述第二明文数据中分离出的所述加密指纹匹配,认定所述第一明文数据正确;If the decrypted fingerprint matches the encrypted fingerprint separated from the second plaintext data, it is determined that the first plaintext data is correct; 若所述解密指纹和所述加密指纹不匹配,重复所述解密方法的步骤。If the decrypted fingerprint and the encrypted fingerprint do not match, the steps of the decryption method are repeated. 10.一种服务器,其特征在于,包括:10. A server, characterized in that, comprising: 至少一个处理器;以及,at least one processor; and, 与所述至少一个处理器通信连接的存储器;其中,a memory communicatively coupled to the at least one processor; wherein, 所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够执行如权利要求1至2中任一所述的加密方法,和/或如权利要求3至4中任一所述的加密方法,和/或如权利要求5至6中任一所述的解密方法,和/或如权利要求7至9中任一所述的解密方法。The memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to enable the at least one processor to perform any of the claims 1 to 2 encryption method, and/or encryption method as described in any one of claims 3 to 4, and/or decryption method as described in any one of claims 5 to 6, and/or as in claims 7 to 9 Any of the decryption methods described. 11.一种计算机可读存储介质,存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现权利要求1至2中任一所述的加密方法,和/或如权利要求3至4中任一所述的加密方法,和/或如权利要求5至6中任一所述的解密方法,和/或如权利要求7至9中任一所述的解密方法。11. A computer-readable storage medium storing a computer program, characterized in that, when the computer program is executed by a processor, the encryption method according to any one of claims 1 to 2 is implemented, and/or as claimed in claim 3 The encryption method according to any one of claims 5 to 4, and/or the decryption method according to any one of claims 5 to 6, and/or the decryption method according to any one of claims 7 to 9.
CN202010586747.5A 2020-06-24 2020-06-24 Encryption method, decryption method, server and storage medium Pending CN113839780A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010586747.5A CN113839780A (en) 2020-06-24 2020-06-24 Encryption method, decryption method, server and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010586747.5A CN113839780A (en) 2020-06-24 2020-06-24 Encryption method, decryption method, server and storage medium

Publications (1)

Publication Number Publication Date
CN113839780A true CN113839780A (en) 2021-12-24

Family

ID=78964420

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010586747.5A Pending CN113839780A (en) 2020-06-24 2020-06-24 Encryption method, decryption method, server and storage medium

Country Status (1)

Country Link
CN (1) CN113839780A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114553491A (en) * 2022-01-24 2022-05-27 大唐互联科技(武汉)有限公司 Data grading encryption method, system and storage medium
CN114884716A (en) * 2022-04-28 2022-08-09 世融能量科技有限公司 Encryption and decryption method, device and medium
CN115208632A (en) * 2022-06-16 2022-10-18 国网浙江省电力有限公司营销服务中心 Front-end and back-end data encryption transmission method and system
CN119182539A (en) * 2024-11-22 2024-12-24 国网天津市电力公司电力科学研究院 Data encryption method, decryption method and device based on terahertz wave detection signals

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107086915A (en) * 2017-05-25 2017-08-22 山东浪潮商用系统有限公司 A kind of data transmission method, data sending terminal and data receiver
CN107809436A (en) * 2017-11-10 2018-03-16 北京世纪鼎点软件有限公司 Authority discrimination method, encryption method, the apparatus and system of Internet video access
CN108964903A (en) * 2018-07-12 2018-12-07 腾讯科技(深圳)有限公司 password storage method and device
CN109728902A (en) * 2018-06-01 2019-05-07 平安科技(深圳)有限公司 Key management method, device, storage medium and device
CN110929291A (en) * 2019-12-04 2020-03-27 楚天龙股份有限公司 Method and device for accessing text file and computer readable storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107086915A (en) * 2017-05-25 2017-08-22 山东浪潮商用系统有限公司 A kind of data transmission method, data sending terminal and data receiver
CN107809436A (en) * 2017-11-10 2018-03-16 北京世纪鼎点软件有限公司 Authority discrimination method, encryption method, the apparatus and system of Internet video access
CN109728902A (en) * 2018-06-01 2019-05-07 平安科技(深圳)有限公司 Key management method, device, storage medium and device
CN108964903A (en) * 2018-07-12 2018-12-07 腾讯科技(深圳)有限公司 password storage method and device
CN110929291A (en) * 2019-12-04 2020-03-27 楚天龙股份有限公司 Method and device for accessing text file and computer readable storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
周书锋;孙玉真;房素荣;: "混合密钥的数字签名技术在Java中的实现", 电脑知识与技术(学术交流), no. 26, 27 September 2006 (2006-09-27) *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114553491A (en) * 2022-01-24 2022-05-27 大唐互联科技(武汉)有限公司 Data grading encryption method, system and storage medium
CN114884716A (en) * 2022-04-28 2022-08-09 世融能量科技有限公司 Encryption and decryption method, device and medium
CN114884716B (en) * 2022-04-28 2024-02-27 世融能量科技有限公司 Encryption and decryption method, device and medium
CN115208632A (en) * 2022-06-16 2022-10-18 国网浙江省电力有限公司营销服务中心 Front-end and back-end data encryption transmission method and system
CN115208632B (en) * 2022-06-16 2023-11-07 国网浙江省电力有限公司营销服务中心 A front-end and back-end data encryption transmission method and system
CN119182539A (en) * 2024-11-22 2024-12-24 国网天津市电力公司电力科学研究院 Data encryption method, decryption method and device based on terahertz wave detection signals

Similar Documents

Publication Publication Date Title
CN113839780A (en) Encryption method, decryption method, server and storage medium
CN110138744B (en) Method, device and system for replacing communication number, computer equipment and storage medium
CN106790223B (en) Method and device for data transmission and system thereof
US11329835B2 (en) Apparatus and method for authenticating IoT device based on PUF using white-box cryptography
EP3283964B1 (en) Method of operating a computing device, computing device and computer program
US20170099144A1 (en) Embedded encryption platform comprising an algorithmically flexible multiple parameter encryption system
EP2538366B1 (en) Generating secure device secret key
US11405202B2 (en) Key processing method and apparatus
CN104244237A (en) Data transmitting and receiving method, receiving and transmitting terminal and data transmitter-receiver set
KR102364649B1 (en) APPARATUS AND METHOD FOR AUTHENTICATING IoT DEVICE BASED ON PUF
US20220366030A1 (en) Password Management Method and Related Apparatus
CN108270739A (en) A kind of method and device of managing encrypted information
CN107864129B (en) Method and device for ensuring network data security
CN115129332A (en) Firmware burning method, computer equipment and readable storage medium
CN113392401A (en) Authentication system
CN111132148A (en) Method, device and storage medium for configuring network access of smart home appliances
CN115442032A (en) Data processing method, system on chip and readable storage medium
EP3610401B1 (en) Storing data on target data processing devices
US20090024844A1 (en) Terminal And Method For Receiving Data In A Network
JP5561457B2 (en) Self-decryption encrypted file management system, management method and apparatus, and decryption control method and apparatus
US8161295B2 (en) Storing of data in a device
KR101834522B1 (en) Apparatus for confirming data and method for confirming data using the same
CN110008654A (en) Electronic document treating method and apparatus
CN117499023B (en) Hardware security method, device and storage medium based on AES algorithm
CN109981678B (en) Information synchronization method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination