CN115982114B

CN115982114B - File processing method, device, computer equipment and computer program product

Info

Publication number: CN115982114B
Application number: CN202111198082.1A
Authority: CN
Inventors: 何冠有
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2021-10-14
Filing date: 2021-10-14
Publication date: 2025-09-16
Anticipated expiration: 2041-10-14
Also published as: CN115982114A

Abstract

The application provides a file processing method, a device, computer equipment and a computer program product, wherein a first encrypted file obtained by encrypting a target file by using a first key is stored in a server, and the first encrypted file is generated based on triggering of a first object; if the sharing object is a second object logged on the second client, encrypting the target file by using the second key to obtain a second encrypted file, encrypting the second key by using the public key of the second object to obtain a second encrypted key, and sending the second encrypted file and the second encrypted key to the server so that the second client can obtain the target file. By adopting the method, the file sharing safety and the file acquisition efficiency can be improved.

Description

File processing method, device, computer equipment and computer program product

Technical Field

The present application relates to the field of computer technology, and in particular, to a file processing method, a file processing apparatus, a computer device, and a computer program product.

Background

At present, when a file is shared through a cloud, one method is to directly upload the file to the cloud for a file request end to directly download the file from the cloud, but the method has the problem of low file security, and the other method is to only encrypt the file and upload the file to the cloud for the file request end to download the file from the cloud and then decrypt the file to obtain the file.

Disclosure of Invention

The embodiment of the application provides a file processing method, a file processing device, computer equipment and a computer program product, which can effectively improve the safety of file sharing and the efficiency of file acquisition.

In one aspect, an embodiment of the present application provides a method for processing a target file, where a first encrypted file obtained by encrypting the target file with a first key is stored in a server, and the first encrypted file is generated based on a first object trigger logged on a first client, and the method includes:

receiving a sharing operation about the target file;

If the sharing object of the sharing operation is the first object logged in on the second client, the first key is obtained, the first key is encrypted by using the public key of the first object on the second client to obtain a first encryption key, and the first encryption key is sent to the server so that the second client can conveniently obtain the target file;

and if the sharing object of the sharing operation is a second object logged on the second client, acquiring the target file, encrypting the target file by using a second key to obtain a second encrypted file, encrypting the second key by using a public key of the second object on the second client to obtain a second encrypted key, and transmitting the second encrypted file and the second encrypted key to the server so as to facilitate the second client to acquire the target file.

In one aspect, an embodiment of the present application provides another method for processing a target file, where a first encrypted file obtained by encrypting the target file with a first key is stored in a server, and the first encrypted file is generated based on a first object trigger logged on a first client, and the method includes:

acquiring file decryption related information about the target file from the server;

Acquiring the target file based on the first encrypted file and the first encryption key if the file decryption related information comprises the first encrypted file and the first encryption key, wherein the first encryption key is obtained by encrypting the first key by using a public key of the first object on a second client when a sharing object of the sharing operation of the target file is the first object logged on the second client by the first client, and the first key is transmitted to the server;

And if the file decryption related information comprises a second encryption file and a second encryption key, acquiring the target file based on the second encryption file and the second encryption key, wherein the second encryption file and the second encryption key are generated and sent to the server when a sharing object of the sharing operation of the target file is a second object logged on the second client by the first client, the second encryption file is obtained by encrypting the target file by using the second encryption key, and the second encryption key is obtained by encrypting the second encryption key by using a public key of the second object on the second client.

In one aspect, an embodiment of the present application provides a file processing apparatus, where the apparatus is configured to process a target file, and a first encrypted file obtained by encrypting the target file with a first key is stored in a server, where the first encrypted file is generated based on a first object trigger logged on a first client, and the apparatus includes:

The processing unit is used for receiving sharing operation on the target file;

The processing unit is further configured to obtain the first key if the sharing object of the sharing operation is the first object logged in on the second client, and encrypt the first key with a public key of the first object on the second client to obtain a first encryption key;

the communication unit is used for sending the first encryption key to the server so as to facilitate the second client to acquire the target file;

The processing unit is further configured to obtain the target file if the sharing object of the sharing operation is a second object logged on the second client, encrypt the target file with a second key to obtain a second encrypted file, and encrypt the second key with a public key of the second object on the second client to obtain a second encrypted key;

The communication unit is further configured to send the second encrypted file and the second encryption key to the server, so that the second client obtains the target file.

In an embodiment, the processing unit is specifically configured to obtain the first key, obtain the first encrypted file from the server, and decrypt the first encrypted file with the first key to obtain the target file.

In an embodiment, a third encryption key obtained by encrypting the first key by using the public key of the first object on the first client is stored in the server, and the processing unit is specifically used for obtaining the third encryption key from the server when obtaining the first key, and decrypting the third encryption key by using the private key of the first object on the first client to obtain the first key.

In an embodiment, when the processing unit encrypts the target file by using a second key to obtain a second encrypted file, the processing unit is specifically configured to obtain a first watermark identifier, add the first watermark identifier to the target file, encrypt the target file to which the first watermark identifier is added by using the second key to obtain a second encrypted file, where the first watermark identifier is used to indicate that the target file is shared based on the first object logged on the first client, and the second client obtains the target file to which the first watermark identifier is added.

In an embodiment, the communication unit is further configured to receive a source file sent by the third client;

The processing unit is further used for adding a second watermark identifier to the source file to obtain the target file based on triggering of the first object logged on the first client, encrypting the target file by using the first key to obtain the first encrypted file, and storing the first encrypted file to the server, wherein the second watermark identifier is used for indicating that the target file is generated based on triggering of the first object logged on the first client.

In an embodiment, the source file carries a third watermark identification for indicating that the source file is shared triggered based on a third object logged on the third client.

In one aspect, an embodiment of the present application provides another file processing apparatus, where the apparatus is configured to process a target file, and a first encrypted file obtained by encrypting the target file with a first key is stored in a server, where the first encrypted file is generated based on a first object trigger logged on a first client, and the apparatus includes:

a communication unit configured to acquire file decryption related information about the target file from the server;

The processing unit is used for acquiring the target file based on the first encrypted file and the first encrypted key if the file decryption related information comprises the first encrypted file and the first encrypted key, wherein the first encrypted key is obtained by encrypting the first key by using a public key of the first object on a second client when a sharing object of the sharing operation of the target file of the first client is the first object logged on the second client, and the first key is transmitted to the server;

The processing unit is further configured to obtain, if the file decryption related information includes a second encrypted file and a second encrypted key, the target file based on the second encrypted file and the second encrypted key, where the second encrypted file and the second encrypted key are generated and sent to the server when a sharing object of the sharing operation of the target file is a second object logged on the second client by the first client, the second encrypted file is obtained by encrypting the target file with the second encrypted key, and the second encrypted key is obtained by encrypting the second encrypted key with a public key of the second object on the second client.

In an embodiment, when the processing unit obtains the target file based on the first encrypted file and the first encrypted key, the processing unit is specifically configured to decrypt the first encrypted key by using a private key of the first object on the second client to obtain the first key, and decrypt the first encrypted file by using the first key to obtain the target file.

In an embodiment, when the processing unit obtains the target file based on the second encrypted file and the second encrypted key, the processing unit is specifically configured to decrypt the second encrypted key by using a private key of the second object on the second client to obtain the second key, and decrypt the second encrypted file by using the second key to obtain the target file.

In an embodiment, the second encrypted file is obtained by adding a first watermark identifier to the target file by the first client and encrypting the target file added with the first watermark identifier by using the second key, wherein the first watermark identifier is used for indicating that the target file is shared based on the first object logged on the first client, and the second encrypted file is obtained by decrypting the second encrypted file by using the second key.

In an embodiment, the target file is obtained by obtaining the first key for the first client, obtaining the first encrypted file from the server, decrypting the first encrypted file by using the first key, storing a third encrypted key obtained by encrypting the first key by using a public key of the first object on the first client in the server, and obtaining the third encrypted key by the first client from the server, and decrypting the third encrypted key by using a private key of the first object on the first client.

In one embodiment, the first encrypted file is a source file sent by a third client and received by the first client, a second watermark identifier is added to the source file based on triggering of the first object logged on the first client to obtain the target file, and the target file is encrypted by the first key and stored in the server, wherein the second watermark identifier is used for indicating that the target file is generated based on triggering of the first object logged on the first client.

In one aspect, the embodiment of the application provides computer equipment, which comprises a processor, a communication interface and a memory, wherein the processor, the communication interface and the memory are mutually connected, executable program codes are stored in the memory, and the processor is used for calling the executable program codes to execute the file processing method provided by the embodiment of the application.

Correspondingly, the embodiment of the application also provides a computer readable storage medium, wherein the computer readable storage medium stores instructions which, when run on a computer, cause the computer to execute the file processing method provided by the embodiment of the application.

Accordingly, the embodiment of the present application also provides a computer program product, where the computer program product includes a computer program or computer instructions, and the computer program or computer instructions implement the steps of the file processing method provided by the embodiment of the present application when executed by a processor.

Accordingly, the embodiment of the application also provides a computer program, which comprises computer instructions, wherein the computer instructions are stored in a computer readable storage medium, a processor of a computer device reads the computer instructions from the computer readable storage medium, and the processor executes the computer instructions, so that the computer device executes the file processing method provided by the embodiment of the application.

By adopting the embodiment of the application, on one hand, when the target file is shared, not only the target file is encrypted, but also a key (hereinafter referred to as a file key) used for encrypting the target file is encrypted, so that the security of the target file can be effectively ensured by the double encryption mechanism, in addition, the key used for encrypting the file key is a public key corresponding to the sharing object, and the file key of the target file can be obtained by successfully decrypting the encryption key only by utilizing a private key corresponding to the sharing object, so that the security of the target file can be further improved. On the other hand, the encryption key and the encryption file can be automatically decrypted so as to obtain the target file, and thus the acquisition efficiency of the target file can be effectively improved.

Drawings

In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a schematic diagram of a file processing system according to an embodiment of the present application;

FIG. 2 is a schematic flow chart of a method for processing files according to an embodiment of the present application;

FIG. 3 is a flowchart illustrating another method for processing a file according to an embodiment of the present application;

FIG. 4 shows a technical architecture to which the file processing method according to the embodiment of the present application is applicable;

FIG. 5 shows the encryption and decryption process for keys and files;

FIG. 6 is a schematic diagram of a document processing apparatus according to an embodiment of the present application;

fig. 7 is a schematic structural diagram of a computer device according to an embodiment of the present application.

Detailed Description

The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

For a better understanding of embodiments of the present application, some terms related to the embodiments of the present application are described below:

Public and private keys, two keys are required in an asymmetric cryptography algorithm, one is a public key (i.e., public key) and the other is a private key (i.e., private key), the public key is used for encryption, and the private key is used for decryption. The ciphertext obtained by encrypting the plaintext by using the public key can be decrypted only by using the corresponding private key and the original plaintext can be obtained, and the public key which is originally used for encryption cannot be used for decryption. The public key may be public and the private key may not be, and once the private key is compromised, the public and private key pair is updated, otherwise the private key is not kept secret.

The embodiment of the application provides a file processing method, which is used for effectively improving the safety of file sharing and effectively improving the efficiency of file acquisition. The file processing method provided by the embodiment of the application can be realized based on one or more of Cloud technology (Cloud technology), artificial intelligence technology and blockchain technology. For example, one or more of Cloud storage (Cloud storage), cloud Database (Cloud Database) in Cloud technology may be involved. For example, at least part of data (e.g., an encrypted file, an encryption key, etc.) involved in performing the file processing method is stored in a cloud database. For another example, at least a portion of the data involved in performing the file processing method may be stored in blocks on a blockchain, and in addition, the computer device performing the file processing method may be a node device in the blockchain network.

The file processing method provided by the embodiment of the application can be applied to the file processing system shown in fig. 1, and the file processing system comprises a server 10, a first client 11 and one or more second clients 12. In a possible embodiment, the file processing system may further comprise a third client 13. The server 10 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs, basic cloud computing services such as big data and artificial intelligence platforms. The client may be a terminal device such as a smart phone, a tablet computer, a notebook computer, a desktop computer, an intelligent voice interaction device, an intelligent home appliance, a vehicle-mounted terminal, but is not limited thereto.

For clients in the file processing system (including the first client 11, the second client 12, the third client 13, etc.), an object login may be performed on the client, which may be an account or an account number for identifying a user of the client. The private and public keys of each object on different clients are different, and the private and public keys of different objects on the same client are also different. The public key is used for encryption, the corresponding private key is used for decryption, the public key can be disclosed, and the private key cannot be disclosed. The server 10 may record the public keys of the objects on the clients to facilitate quick retrieval of the desired public keys.

In the embodiment of the present application, the first client 11 shares the target file with the second client 12 through the server 10 is described as an example. The first client 11 needs to encrypt the target file in advance and store the encrypted target file in the server 10, as shown in the processing flow shown in fig. 2, the first client 11 obtains the target file and generates a first key based on the trigger of the first object logged on the device, encrypts the target file by using the first key to obtain a first encrypted file, and then sends the first encrypted file to the server 10 for storage.

In a possible embodiment, the target file may be a file local to the first client 11, or may be a source file sent by the third client 13 received by the first client 11. The target file may also be obtained by the first client 11 receiving the source file sent by the third client 13 and adding a second watermark identification to the source file, where the second watermark identification may be used to indicate that the target file is generated based on the first object trigger logged on the first client 11. In a possible embodiment, the source file may also carry a third watermark identification for indicating that the source file is shared triggered based on a third object logged on the third client 13. The watermark identification is added to the file, so that the source of the file can be inquired later, and the transmission path of the file can be determined later. The watermark identification may include one or more of a client identification (e.g., physical address), an object identification (e.g., account number or name indicated by the object, etc.), and a type of operation for the file (e.g., generating the file indicated by an identification "0", sharing the file indicated by an identification "1"), etc.

In a possible embodiment, the first key may be a key for encrypting the file, which is randomly generated by the first client 11, and which needs to satisfy a specific condition and/or a specific rule, and the satisfaction of the specific condition may include one or more of setting a number of bits (e.g. 10 bits) of the key, including at least one or more character types (including both numbers and letters if necessary), and so on. Meeting the specific rule includes that a final key is obtained after hash operation is required on randomly generated key characters.

In an embodiment, as shown in the process flow of fig. 2, the first client 11 may further obtain a public key of the first object on the first client 11, encrypt the first key with the public key of the first object on the first client 11 to obtain a third encryption key, and then send the third encryption key to the server 10, where the server 10 stores the third encryption key and the first encryption file in a mapping manner.

In a possible embodiment, after storing the target file in the server in the form of the first encrypted file, the first client 11 may obtain the target file based on the first encrypted file stored in the server, so that the first client 11 may not store the target file locally any more, which not only saves the storage space of the first client, but also may avoid the situation that the target file is directly obtained maliciously from the first client 11, thereby improving the security of the target file. Similarly, after the first key is stored in the server in the form of the third encryption key, the first client may acquire the first key based on the third encryption key stored in the server, so the first client 11 may not store the first key locally any more, which may avoid the situation that the first key is directly acquired maliciously from the first client 11 to decrypt and obtain the target file, thereby further improving the security of the target file, and may further save the storage space of the first client. It should be noted that, in the same way, the first client 11 may not need to store the first encrypted file and the third encrypted key locally.

In the embodiment of the present application, in the process that the first client 11 shares the target file with the second client 12 through the server 10, the first client 11 receives the sharing operation about the target file. The manner in which the first client 11 shares the target file with the second client 12 through the server 10 is different for the different sharing objects of the sharing operation, which includes the following two manners:

In one embodiment, the sharing object of the sharing operation is the first object registered on the second client 12, that is, the scenario is that the user corresponding to the same object synchronizes the target file on different clients.

At this time, the first client 11 acquires the first key, acquires the public key of the first object on the second client from the server 10, encrypts the first key with the public key of the first object on the second client to obtain a first encryption key, and then transmits the first encryption key to the server 10. Accordingly, the second client 12 obtains the file decryption related information about the target file from the server 10, wherein the file decryption related information comprises the first encrypted file and the first encrypted key, decrypts the first encrypted key by using the private key of the first object on the second client to obtain the first key, and then decrypts the first encrypted file by using the first key to obtain the target file.

In the second mode, the sharing object of the sharing operation is a second object (the second object is different from the first object) logged in on the second client 12, that is, the scene is that different users corresponding to different objects synchronize target files on different clients.

At this time, the first client 11 acquires the target file and generates a second key, which may be a key for encrypting the file, which is randomly generated by the first client 11, similar to the first key described above, and which is different from the first key described above. The first client 11 encrypts the target file with the second key to obtain a second encrypted file, encrypts the second key with the public key of the second object on the second client 12 to obtain a second encrypted key, and then sends the second encrypted file and the second encrypted key to the server 10. Accordingly, the second client 12 obtains the file decryption related information about the target file from the server 10, wherein the file decryption related information comprises a second encrypted file and a second encrypted key, decrypts the second encrypted key by using the private key of the second object on the second client to obtain the second key, and then decrypts the second encrypted file by using the second key to obtain the target file.

By adopting the file processing mode, on one hand, when the target file is shared, not only the target file is encrypted, but also a key (hereinafter referred to as a file key) used for encrypting the target file is encrypted, so that the security of the target file can be effectively ensured by the double encryption mechanism, in addition, the key used for encrypting the file key is a public key corresponding to a sharing object, and the file key of the target file can be obtained by successfully decrypting the encryption key only by utilizing a private key corresponding to the sharing object, so that the security of the target file can be further improved. On the other hand, the encryption key and the encryption file can be automatically decrypted so as to obtain the target file, and thus the acquisition efficiency of the target file can be effectively improved.

The file processing method provided by the embodiment of the application is briefly introduced, and the specific implementation manner of the file processing method is explained in detail below.

Referring to fig. 3, fig. 3 is a flowchart illustrating a file processing method according to an embodiment of the application. The file processing method described in the embodiment of the present application may be applied to the file processing system shown in fig. 1. The file processing method is used for processing the target file, and as described above, a first encrypted file obtained by encrypting the target file by using a first key can be stored in the server, wherein the first encrypted file is generated based on a first object trigger logged on the first client. In a possible embodiment, a third encryption key obtained by encrypting the first key with the public key of the first object on the first client may also be stored in the server. In addition, the private and public keys on different clients are different for each object, and the private and public keys on the same client are also different for different objects. The public key is used for encryption, the corresponding private key is used for decryption, the public key can be disclosed, and the private key cannot be disclosed. The server may record the public key of each object on each client in order to quickly obtain the required public key. The method includes, but is not limited to, the steps of:

S301, the first client receives sharing operation on the target file.

In the embodiment of the present application, the sharing operation about the target file may be triggered by the first object logged on the first client, for example, when the user of the first client (i.e., the user corresponding to the first object) wants to share the target file with the user of the second client, the sharing operation about the target file may be actively triggered based on the first object logged on the first client. The sharing operation on the target file may also be triggered by an object (the object may be the first object or a second object different from the first object) registered on a second client (the second client is different from the first client), for example, when the second client needs to request the target file from the first client, the second client sends a sharing request on the target file to the first client based on the triggering of the object registered on the second client, and after the first client receives the sharing request, it is determined that the sharing operation on the target file is received.

In a possible embodiment, after receiving the sharing operation about the target file, the first client determines a sharing object of the sharing operation, and determines whether to share the target file with the sharing object. For example, whether the sharing object exists in a sharable list related to the target file is detected, if so, it is determined that the target file can be shared with the sharing object, otherwise, it is determined that the target file cannot be shared with the sharing object. For another example, a file sharing prompt message including an identifier (such as an account number or an account name) corresponding to the sharing object is output, if a confirmation sharing instruction input by the user for the sharing prompt message is received, a sharing target file to the sharing object is determined, and if a rejection sharing instruction input by the user for the sharing prompt message is received, it is determined that the sharing target file is not shared to the sharing object. If the first client determines to share the target file with the sharing object, steps S302 to S307 are executed, and if the first client determines not to share the target file with the sharing object, the process is ended.

And S302, if the sharing object of the sharing operation is the first object registered on the second client, the first client acquires the first key, and encrypts the first key by using the public key of the first object on the second client to obtain a first encryption key.

In the embodiment of the present application, if the sharing object of the sharing operation is the first object logged on the second client, it indicates that the application scenario at this time is that the user corresponding to the same object synchronizes the target file on different clients, for example, the first user synchronizes the file of the computer terminal to the mobile phone terminal.

In an embodiment, a third encryption key obtained by encrypting the first key by using the public key of the first object on the first client is stored in the server, after the first key is stored in the form of the third encryption key in the server, the first client may acquire the first key based on the third encryption key stored in the server, where in order to ensure security and save storage space, the first client may not store the first key and the third encryption key locally. In this case, when the first client performs file sharing on the target file, the first client needs to obtain the third encryption key from the server, and decrypt the third encryption key by using the private key of the first object on the first client to obtain the first key. It should be noted that, if the first client locally stores the first key or the third encryption key, the first key may be obtained directly based on the locally stored key.

The first client acquires the public key of the first object on the second client from the server, encrypts the first key by using the public key of the first object on the second client, and then the first encryption key can be obtained.

S303, the first client sends the first encryption key to the server.

Accordingly, the server receives and stores the first encryption key sent by the first client. In a possible embodiment, in order to ensure security and save storage space, the first client may not store the first encryption key locally after sending the first encryption key to the server.

If the sharing operation on the target file is triggered by the first object logged on the first client, the first client can send a forwarding request on the target file to the server together when sending the first encryption key to the server, and the server responds to the forwarding request to send the first encryption file and the first encryption key to the second client.

If the sharing operation on the target file is triggered by the object logged on the second client, and the second client sends the sharing request on the target file to the first client through the server, the server may automatically send the first encrypted file and the first encryption key to the second client after receiving the first encryption key. If the second client does not send the sharing request about the target file to the first client through the server, the second client needs to request the target file from the server multiple times (e.g., periodically), and the server may send the first encrypted file and the first encrypted key to the second client in response to the request of the second client after receiving the first encrypted key.

S304, if the file decryption related information about the target file obtained from the server comprises the first encrypted file and the first encryption key, the second client obtains the target file based on the first encrypted file and the first encryption key.

In the embodiment of the application, the second client decrypts the first encryption key by using the private key of the first object on the second client to obtain the first key, and then decrypts the first encryption file by using the first key to obtain the target file.

In the file sharing manner described in steps S302 to S304, the first encrypted file that the first client uploaded to the server in advance is shared with the second client, and the first key that the first client used for encrypting the target file in advance is shared, but the public key of the sharing object on the second client is used for encryption. In addition, the encryption key can be successfully decrypted only by utilizing the private key corresponding to the sharing object to obtain the file key (namely the first key) of the target file, so that the security of the target file can be further improved. On the other hand, the file receiving end (namely the second client) can automatically decrypt the encryption key and the encryption file to obtain the target file, so that the acquisition efficiency of the target file can be effectively improved.

S305, if the sharing object of the sharing operation is a second object registered on the second client, the first client obtains the target file, encrypts the target file by using the second key to obtain a second encrypted file, and encrypts the second key by using the public key of the second object on the second client to obtain a second encrypted key.

In the embodiment of the present application, if the sharing object of the sharing operation is a second object registered on a second client (the second object is different from the first object), it indicates that the application scenario at this time is that different users corresponding to different objects synchronize target files on different clients, for example, the user a synchronizes the files of the mobile phone terminal to the mobile phone terminal of the user b.

In an embodiment, the first encrypted file obtained by encrypting the target file with the first key is stored in the server, and after the target file is stored in the server in the form of the first encrypted file, the first client may obtain the target file based on the first encrypted file stored in the server, where in order to ensure security and save storage space, the first client may not store the target file and the first encrypted file locally. In this case, when the first client performs file sharing on the target file, it is required to obtain the first encrypted file from the server first, and obtain the first key (the method for obtaining the first key may be described in the foregoing, which is not repeated here), and then decrypt the first encrypted file with the first key to obtain the target file. It should be noted that, if the first client locally stores the target file or the first encrypted file, the target file may be obtained directly based on the locally stored file.

The first client generates a second key, which may be a key for encrypting a file that is randomly generated by the first client 11, and the second key is different from the first key, and also needs to satisfy a specific condition and/or a specific rule, where satisfying the specific condition may include one or more of a number of bits of the key being a set number of bits (e.g., 10 bits), including at least one or more character types set (including both numbers and letters if necessary), and so on. Meeting the specific rule includes requiring hash operations on randomly generated key characters to obtain the final key. The first client encrypts the target file by using the second key to obtain a second encrypted file, acquires the public key of the second object on the second client from the server, and encrypts the second key by using the public key of the second object on the second client to obtain a second encrypted key.

In a possible embodiment, the first client may generate the first watermark identifier first and add the first watermark identifier to the target file when generating the second encrypted file. The watermark identification is added to the file, so that the source of the file can be inquired later, and the transmission path of the file can be determined later. The first watermark identification may be used to indicate that the target file is shared based on a first object logged on the first client, the watermark identification may include one or more of a client identification (e.g., physical address), an object identification (e.g., account number or name indicated by the object, etc.), and a type of operation for the file (e.g., generating the file indicated by an identification "0", sharing the file indicated by an identification "1"), etc. And then encrypting the target file added with the first watermark identification by using a second key to obtain a second encrypted file.

S306, the first client sends the second encrypted file and the second encryption key to the server.

Accordingly, the server receives and stores the second encrypted file and the second encryption key sent by the first client. In a possible embodiment, in order to ensure security and save storage space, the first client may not store the second encrypted file and the second encrypted key locally after sending the second encrypted file and the second encrypted key to the server.

If the sharing operation on the target file is triggered by the first object logged on the first client, the first client can send a forwarding request on the target file to the server together when sending the second encrypted file and the second encrypted key to the server, and the server responds to the forwarding request and sends the second encrypted file and the second encrypted key to the second client.

If the sharing operation on the target file is triggered by the object logged on the second client, and the second client sends the sharing request on the target file to the first client through the server, the server may automatically send the second encrypted file and the second encrypted key to the second client after receiving the second encrypted file and the second encrypted key. If the second client does not send the sharing request about the target file to the first client through the server, the second client needs to request the target file from the server multiple times (e.g., periodically), and the server may send the second encrypted file and the second encrypted key to the second client in response to the request of the second client after receiving the second encrypted file and the second encrypted key.

S307, if the file decryption related information about the target file obtained from the server comprises the second encrypted file and the second encryption key, the second client obtains the target file based on the second encrypted file and the second encryption key.

In the embodiment of the application, the second client decrypts the second encryption key by using the private key of the second object on the second client to obtain the second key, and then decrypts the second encryption file by using the second key to obtain the target file. It should be noted that, when the second encrypted file is obtained by encrypting the target file added with the first watermark identifier by using the second key, the second client obtains the target file added with the first watermark identifier, and based on the first watermark identifier, it can be determined that the obtained target file is shared based on the triggering of the first object logged on the first client, so that the tracing of the file can be realized.

In the file sharing manner described in steps S305 to S307, the first encryption file that is uploaded to the server in advance by the first client is not shared with the second client, and the first key that is used for encrypting the target file in advance by the first client, but the new key that is reused for encrypting the target file is shared with the second client, and the target file encrypted with the new key is shared, so that when sharing the file with other objects (i.e., different from the first object), only the specific content of the file is shared, the original encryption file, the file key and the encryption key are not shared, and the file security is higher.

In a possible embodiment, if the sharing object of the sharing operation is a second object logged in the second client, the first client may also obtain the target file, and send the target file after adding the watermark identifier to the target file. The watermark identification may be used to indicate that the target file is shared triggered based on a first object logged on the first client. The second client generates a random key, encrypts the random key by using the public key of the second object on the second client, and sends the encrypted random key to the server for storage. And the second client encrypts the target file by using the random key after adding the watermark identifier again, and sends the encrypted target file to the server for storage. The re-added watermark identification is used to indicate that the target file was generated and stored based on a second object trigger that was logged on the second client. In this way, the second client is beneficial to directly acquiring the target file from the server, and is beneficial to sharing the target file to other clients (the sharing mode can be described in the foregoing and will not be repeated here), compared with the sharing of the target file only based on the first client, the sharing source of the target file can be increased, and thus the sharing efficiency of the target file is improved.

In addition, based on watermark identification added to the target file in each stage, the tracing of the target file can be realized, and a basis can be provided for the trace of file leakage. For convenience of inquiry, watermark identifiers added to the target file at each stage can be mapped and stored in a server, and the server can store the correspondence among the watermark identifiers, time, file senders, file receivers and the like.

It should be noted that, in this embodiment, the implementation manner that is not described in detail may refer to the foregoing description, and will not be repeated here. In addition, for the case that the sharing object is the first object logged on the second client, the sharing of the target file may be implemented in a similar manner to the file sharing described in steps S305 to S307, which is not described herein. Similarly, for the case that the sharing object is the second object logged on the second client, the sharing of the target file may be implemented in a similar manner to the file sharing described in steps S302 to S304, which is not described herein again.

Referring to fig. 4, fig. 4 shows a technical architecture to which the file processing method provided by the embodiment of the application is applicable. As shown in fig. 4, each object (which is used to identify the user of the client and may be an account or an account number) has a private key and a public key (not shown in the public key diagram) on each client, the public key of each object on each client is also stored on the server, and each encrypted file corresponds to an encryption key (the encryption key used to encrypt the file is obtained by encrypting the key).

Before file sharing, the file needs to be uploaded to a server. For user 1 (the user for which the first object is logged on the client 1) to upload a new file to the server at the client 1, there are steps of generating a random key a by the client 1, which is not recorded in the form of a file and is deleted after the use, encrypting the random key a with the public key1 of the first object (or the user 1) on the client 1, generating an encryption key a (this process is shown as a process in fig. 5), and uploading the encryption key a to the server for storage. The client 1 adds the watermark identification of the first object (the watermark identification may be a random string and may also include the identification of the first object and/or the client 1) to the file, symmetrically encrypts the file added with the watermark identification by using a random key a to generate an encrypted file a (this process is shown in a process c in fig. 5), and then uploads the encrypted file a to a server for storage, and the watermark identification may be uploaded to a server record together, where the encrypted file, the watermark identification, the identification of the first object and/or the identification of the client 1 may be mapped for storage.

For obtaining a file from a server, the following scenarios are included:

In case 1, the user 1 downloads the file just uploaded by the user on the client 1, and the following steps exist:

The client 1 downloads the encrypted file a and the encrypted key a from the server, decrypts the encrypted key a with the private key PRIVATE KEY (corresponding to public key 1) of the first object on the client 1, and obtains the random key a (this process is shown as a process b in fig. 5). Again the random key a is not stored in the client 1 but only in memory when the program is running. The client 1 decrypts the encrypted file a with the random key a to obtain the file with the watermark identification (this process is shown as the process d in fig. 5). In a possible embodiment, the actual content of the file does not appear as a file entity in the client 1, but the file is displayed to the user by the client software together with the watermark identification, which is written in the file.

If a file writing operation follows, the client 1 encrypts the file again (this process is described with reference to the foregoing description) and then uploads the encrypted file to the server. If the file is leaked out in the process, the watermark can identify which object corresponds to the leaked user.

In case 2, the user 1 corresponding to the first object synchronizes the file on different clients, and may share the random key a and the encrypted file a, but not share the encrypted key a, where the following steps exist:

When the user 1 wants to synchronize the file on the client 2, the client 2 needs to apply for the file allowing the synchronization to the client 1 with the file, after the client 1 receives the application, if the file allowing the synchronization is determined not to be allowed, the process is terminated, and if the file allowing the synchronization is determined, the client 1 applies for the public key2 of the first object on the client 2 from the server. The client 1 uses a private key PRIVATE KEY1 of the first object on the client 1 to unlock the encryption key a, so as to obtain a random key A, encrypts the random key A by using a public key2, so as to obtain an encryption key b, and then uploads the encryption key b to the server. The client 2 resynchronizes the encrypted file a and encryption key b on the server locally and decrypts the file in a similar manner as described in case 1 above to open and view the file.

In case 3, the user 1 corresponding to the first object synchronizes the file with the user 2 corresponding to the second object, and only specific content of the file can be shared at this time, but the encrypted file a, the random key a and the encrypted key a) are not shared, which includes the following two ways:

In the mode 1, when the user 1 shares a file with the user2 on the client 2 through the client 1, the client 1 firstly obtains a public key3 of a second object on the client 2 from a server, the client 1 generates a random key B corresponding to the second object and is used for symmetrically encrypting the file, the client 1 encrypts the random key B by using the public key3 to generate an encryption key c, and then the encryption key c is uploaded to the server. The client 1 obtains the file in the manner described in the foregoing case 1, adds the watermark identifier corresponding to the second object (or user 2) to the file, encrypts the file with the random key B to obtain an encrypted file B, and then uploads the encrypted file B to the server. The client 2 downloads the encrypted file b and the encryption key c from the server and decrypts the file in a similar manner as described in case 1 above to open and view the file.

In a possible embodiment, when it is not known on which client the second object is logged in, or the second object is offline (or not logged in), the public key of the second object on each client may be obtained from the server, then the encryption key and the encrypted file corresponding to each client are generated based on each public key in the manner described above, and uploaded to the server, and no matter on which client the second object is subsequently logged in, the file successfully obtained based on the corresponding encryption key and the encrypted file stored on the server may be obtained. By adopting the mode, file sharing can be realized when the second object is offline.

In mode 2, when the user 1 shares a file with the user 2 on the client 2 through the client 1, the client 1 notifies the client 2 that the user 1 (or the first object) wants to share a file with the user 2. The client 2 generates a random key C, encrypts the random key C with the public key of the second object on the client 2, generates an encryption key d, and then uploads the encryption key d to the server. The client 1 obtains the file in the manner described in the foregoing case 1, adds the watermark identifier corresponding to the first object to the file, and sends the watermark identifier to the client 2. The client 2 receives the file, adds the watermark identification of the second object, encrypts the file by using the random key C and uploads the encrypted file to the server. In this case, after the client uploads the encryption key and the encrypted file to the server, the file, the encryption key, the encrypted file, and the like may not be stored locally any more, and when the file needs to be checked later, the file may be obtained from the server in the manner described above.

By adopting the file processing mode provided by the embodiment of the application, only the encrypted file and the encrypted key of the target file and the public key of each object on each client are stored on the server, all clients cannot obtain the original information of the target file on the server, and when the target file is shared, the watermark mark for indicating the shared information is written in the file, so that the file sharing link can be tracked, and the problem of tracking the shared file can be solved. In addition, the key used for encrypting the file key is a public key corresponding to the sharing object, and the file key of the target file can be obtained by successfully decrypting the encryption key only by utilizing the private key corresponding to the sharing object, so that the security of the target file can be further improved. On the other hand, the encryption key and the encryption file can be automatically decrypted so as to obtain the target file, and thus the acquisition efficiency of the target file can be effectively improved.

The main body for executing the steps in the above method embodiment may be configured by hardware, software, or a combination of hardware and software.

Referring to fig. 6, fig. 6 is a schematic structural diagram of a file processing device according to an embodiment of the application. The file processing device described in the embodiment of the present application is configured to process a target file, and store a first encrypted file obtained by encrypting the target file with a first key in a server, where the first encrypted file is generated based on a first object trigger registered on a first client, and the device may correspond to the first client, and includes:

a processing unit 601, configured to receive a sharing operation about the target file;

the processing unit 601 is further configured to obtain the first key if the sharing object of the sharing operation is the first object logged in on the second client, and encrypt the first key with a public key of the first object on the second client to obtain a first encryption key;

A communication unit 602, configured to send the first encryption key to the server, so that the second client obtains the target file;

The processing unit 601 is further configured to obtain the target file if the sharing object of the sharing operation is a second object logged in on the second client, encrypt the target file with a second key to obtain a second encrypted file, and encrypt the second key with a public key of the second object on the second client to obtain a second encrypted key;

the communication unit 602 is further configured to send the second encrypted file and the second encryption key to the server, so that the second client obtains the target file.

In an embodiment, the processing unit 601 is specifically configured to obtain the first key, obtain the first encrypted file from the server, and decrypt the first encrypted file with the first key to obtain the target file.

In an embodiment, a third encryption key obtained by encrypting the first key by using the public key of the first object on the first client is stored in the server, and the processing unit 601 is specifically configured to obtain the third encryption key from the server when obtaining the first key, and decrypt the third encryption key by using the private key of the first object on the first client to obtain the first key.

In an embodiment, when the processing unit 601 encrypts the target file with a second key to obtain a second encrypted file, the processing unit is specifically configured to obtain a first watermark identifier, add the first watermark identifier to the target file, encrypt the target file to which the first watermark identifier is added with the second key to obtain a second encrypted file, where the first watermark identifier is used to indicate that the target file is shared based on the first object logged on the first client, and the second client obtains the target file to which the first watermark identifier is added.

In an embodiment, the communication unit 602 is further configured to receive a source file sent by the third client;

The processing unit 601 is further configured to add a second watermark identifier to the source file based on a trigger of the first object logged on the first client to obtain the target file, encrypt the target file with the first key to obtain the first encrypted file, and store the first encrypted file to the server, where the second watermark identifier is used to indicate that the target file is generated based on the first object trigger logged on the first client.

In a possible embodiment, the file processing apparatus provided in the embodiment of the present application may correspond to the second client described above, where:

a communication unit 602 configured to acquire file decryption related information about the target file from the server;

A processing unit 601, configured to obtain, if the file decryption related information includes the first encrypted file and a first encryption key, the target file based on the first encrypted file and the first encryption key, where the first encryption key is obtained by encrypting, by using a public key of the first object on a second client, the first key when a sharing object of a sharing operation related to the target file of the first client is the first object registered on the second client, and sending the first object to the server;

The processing unit 601 is further configured to obtain, if the file decryption related information includes a second encrypted file and a second encrypted key, the target file based on the second encrypted file and the second encrypted key, where the second encrypted file and the second encrypted key are generated and sent to the server when a sharing object of the sharing operation of the target file is a second object registered on the second client by the first client, the second encrypted file is obtained by encrypting the target file with the second encrypted key, and the second encrypted key is obtained by encrypting the second encrypted key with a public key of the second object on the second client.

In an embodiment, when the processing unit 601 obtains the target file based on the first encrypted file and the first encryption key, the processing unit is specifically configured to decrypt the first encryption key by using a private key of the first object on the second client to obtain the first key, and decrypt the first encrypted file by using the first key to obtain the target file.

In an embodiment, when the processing unit 601 obtains the target file based on the second encrypted file and the second encryption key, the processing unit is specifically configured to decrypt the second encryption key by using a private key of the second object on the second client to obtain the second key, and decrypt the second encrypted file by using the second key to obtain the target file.

It may be understood that the functions of each functional unit of the file processing apparatus described in the embodiments of the present application may be specifically implemented according to the method in the foregoing method embodiments, and the specific implementation process may refer to the relevant description in the foregoing method embodiments, which is not repeated herein.

In a possible embodiment, the file processing device provided by the embodiment of the application may be implemented in a software manner, and the file processing device may be stored in a memory, and may be software in the form of a program, a plug-in unit, or the like, and include a series of units including a processing unit and a communication unit, where the processing unit and the communication unit are configured to implement the file processing method provided by the embodiment of the application.

In other possible embodiments, the file processing apparatus provided in the embodiments of the present application may also be implemented by combining software and hardware, and by way of example, the file processing apparatus provided in the embodiments of the present application may be a processor in the form of a hardware decoding processor that is programmed to perform the file processing method provided in the embodiments of the present application, for example, the processor in the form of a hardware decoding processor may employ one or more Application Specific Integrated Circuits (ASICs), DSPs, programmable logic devices (PLDs, programmable Logic Device), complex Programmable logic devices (CPLDs, complex Programmable Logic Device), field Programmable Gate Arrays (FPGAs), field-Programmable GATE ARRAY), or other electronic components.

Referring to fig. 7, fig. 7 is a schematic structural diagram of a computer device according to an embodiment of the application. The computer device described in the embodiments of the present application includes a processor 701, a communication interface 702, and a memory 703. The processor 701, the communication interface 702, and the memory 703 may be connected by a bus or other means, for example, in the embodiment of the present application.

The processor 701 (or CPU (Central Processing Unit, central processing unit)) is a computing core and a control core of the computer device, and can analyze various instructions in the computer device and process various data of the computer device, for example, the CPU can be used for analyzing a power-on instruction sent by a user to the computer device and controlling the computer device to perform power-on operation, for example, the CPU can transmit various interactive data between internal structures of the computer device, and the like. Communication interface 702 may optionally include a standard wired interface, a wireless interface (e.g., wi-Fi, mobile communication interface, etc.), controlled by processor 701, for transceiving data, and communication interface 702 may optionally also enable data or signal communication between internal devices of a computer device. Memory 703 (Memory) is a Memory device in a computer device for storing programs and data. It will be appreciated that the memory 703 herein may comprise either a built-in memory of the computer device or an extended memory supported by the computer device. The memory 703 provides a storage space that stores the operating system of the computer device, which may include, but is not limited to, an Android system, iOS system, windows Phone system, etc., as the present application is not limited in this regard.

In an embodiment of the present application, the computer device is configured to process a target file, and store a first encrypted file obtained by encrypting the target file with a first key in a server, where the first encrypted file is generated based on a first object trigger logged on a first client. In a possible embodiment, the computer device may correspond to the first client described above, at which time the processor 701 performs the following operations by running executable program code in the memory 703:

If the sharing object of the sharing operation is the first object logged in on a second client, the first key is acquired, the first key is encrypted by using the public key of the first object on the second client to obtain a first encryption key, and the first encryption key is sent to the server through the communication interface 702 so as to facilitate the second client to acquire the target file;

If the sharing object of the sharing operation is a second object logged on the second client, the target file is obtained, the target file is encrypted by using a second key to obtain a second encrypted file, the second key is encrypted by using a public key of the second object on the second client to obtain a second encrypted key, and the second encrypted file and the second encrypted key are sent to the server through the communication interface 702, so that the second client can conveniently obtain the target file.

In one embodiment, the processor 701 is specifically configured to obtain the first key, obtain the first encrypted file from the server through the communication interface 702, and decrypt the first encrypted file with the first key to obtain the target file.

In an embodiment, a third encryption key obtained by encrypting the first key by using the public key of the first object on the first client is stored in the server, and when the processor 701 obtains the first key, the processor is specifically configured to obtain the third encryption key from the server through the communication interface 702, and decrypt the third encryption key by using the private key of the first object on the first client to obtain the first key.

In an embodiment, when the processor 701 encrypts the target file with a second key to obtain a second encrypted file, the processor is specifically configured to obtain a first watermark identifier, add the first watermark identifier to the target file, encrypt the target file to which the first watermark identifier is added with the second key to obtain a second encrypted file, where the first watermark identifier is used to indicate that the target file is shared based on the first object logged on the first client, and the second client obtains the target file to which the first watermark identifier is added.

In an embodiment the processor 701 is further configured to receive a source file sent by a third client via the communication interface 702, add a second watermark identification to the source file based on a trigger of the first object logged on the first client to obtain the target file, and encrypt the target file with the first key to obtain the first encrypted file, store the first encrypted file to the server via the communication interface 702, wherein the second watermark identification is configured to indicate that the target file is generated based on the first object trigger logged on the first client.

In a possible embodiment, the computer device may correspond to the second client described above, at which time the processor 701 performs the following operations by running executable program code in the memory 703:

Acquiring file decryption related information about the target file from a server through the communication interface 702;

In an embodiment, when the processor 701 obtains the target file based on the first encrypted file and the first encryption key, the processor is specifically configured to decrypt the first encryption key by using a private key of the first object on the second client to obtain the first key, and decrypt the first encrypted file by using the first key to obtain the target file.

In an embodiment, when the processor 701 obtains the target file based on the second encrypted file and the second encrypted key, the processor is specifically configured to decrypt the second encrypted key with a private key of the second object on the second client to obtain the second key, and decrypt the second encrypted file with the second key to obtain the target file.

In a specific implementation, the processor 701, the communication interface 702, and the memory 703 described in the embodiments of the present application may execute an implementation manner of the first client or the second client described in the file processing method provided in the embodiments of the present application, or may execute an implementation manner described in the file processing device provided in the embodiments of the present application, which is not described herein again.

The embodiment of the application also provides a computer readable storage medium, wherein a computer program is stored in the computer readable storage medium, and when the computer program runs on a computer, the computer is caused to execute the file processing method according to the embodiment of the application. The specific implementation manner may refer to the foregoing description, and will not be repeated here.

The embodiment of the application also provides a computer program product, which comprises a computer program or computer instructions, and the computer program or computer instructions realize the steps of the file processing method provided by the embodiment of the application when being executed by a processor. The specific implementation manner may refer to the foregoing description, and will not be repeated here.

Embodiments of the present application also provide a computer program comprising computer instructions stored in a computer-readable storage medium. A processor of a computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device performs the file processing method according to the embodiment of the present application. The specific implementation manner may refer to the foregoing description, and will not be repeated here.

It should be noted that, for simplicity of description, the foregoing method embodiments are all expressed as a series of action combinations, but it should be understood by those skilled in the art that the present application is not limited by the order of action described, as some steps may be performed in other order or simultaneously according to the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required for the present application.

Those of ordinary skill in the art will appreciate that all or part of the steps in the various methods of the above embodiments may be implemented by a program for instructing related hardware, and the program may be stored in a computer readable storage medium, where the storage medium may include a flash disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, an optical disk, or the like.

The above disclosure is illustrative only of some embodiments of the application and is not intended to limit the scope of the application, which is defined by the claims and their equivalents.

Claims

1. A file processing method, characterized in that the method is used to process a target file, encrypt the target file using a first key to obtain a first encrypted file and store it in a server, wherein the first encrypted file is generated based on a first object logged in on a first client, and the method comprises:

receiving a sharing operation on the target file;

If the object of the sharing operation is the first object logged in on the second client, obtaining the first key, encrypting the first key using the public key of the first object on the second client to obtain a first encryption key, and sending the first encryption key to the server so that the second client can obtain the target file;

If the sharing object of the sharing operation is a second object logged in on the second client, the target file is obtained, the target file is encrypted using the second key to obtain a second encrypted file, the second key is encrypted using the public key of the second object on the second client to obtain a second encryption key, and the second encrypted file and the second encryption key are sent to the server so that the second client can obtain the target file.

2. The method according to claim 1, wherein obtaining the target file comprises:

Obtaining the first key, and obtaining the first encrypted file from the server;

The first encrypted file is decrypted using the first key to obtain the target file.

3. The method according to claim 1 or 2, wherein a third encryption key obtained by encrypting the first key using the public key of the first object on the first client is stored in the server, and obtaining the first key comprises:

obtaining the third encryption key from the server;

The third encryption key is decrypted using the private key of the first object on the first client to obtain the first key.

4. The method according to claim 1, wherein encrypting the target file using the second key to obtain the second encrypted file comprises:

Obtaining a first watermark identifier, and adding the first watermark identifier to the target file;

Encrypting the target file with the first watermark identifier using the second key to obtain a second encrypted file;

The first watermark identifier is used to indicate that the target file is shared based on the first object logged in on the first client; the second client obtains the target file with the first watermark identifier added.

5. The method according to claim 1, further comprising:

receiving a source file sent by a third client;

Based on the trigger of the first object logged in on the first client, adding a second watermark identifier to the source file to obtain the target file, and encrypting the target file using the first key to obtain the first encrypted file;

storing the first encrypted file in the server;

The second watermark identifier is used to indicate that the target file is generated based on the triggering of the first object logged in on the first client.

6. The method according to claim 5, wherein the source file carries a third watermark identifier, and the third watermark identifier is used to indicate that the source file is shared based on a third object logged in on the third client.

7. A file processing method, characterized in that the method is used to process a target file, encrypt the target file using a first key to obtain a first encrypted file and store it in a server, wherein the first encrypted file is generated based on a first object logged in on a first client, and the method comprises:

Obtaining file decryption related information about the target file from the server;

If the file decryption related information includes the first encrypted file and a first encryption key, obtaining the target file based on the first encrypted file and the first encryption key; wherein the first encryption key is obtained by encrypting the first key using the public key of the first object on the second client when the first client performs a sharing operation on the target file and the first object is logged in on the second client, and then sending the first key to the server;

If the file decryption-related information includes a second encrypted file and a second encryption key, the target file is obtained based on the second encrypted file and the second encryption key; wherein, the second encrypted file and the second encryption key are generated and sent to the server by the first client when the sharing object of the sharing operation on the target file is the second object logged in on the second client, the second encrypted file is obtained by encrypting the target file using the second key, and the second encryption key is obtained by encrypting the second key using the public key of the second object on the second client.

8. The method of claim 7, wherein obtaining the target file based on the first encrypted file and the first encryption key comprises:

Decrypting the first encryption key using the private key of the first object on the second client to obtain the first key;

9. The method of claim 7, wherein obtaining the target file based on the second encrypted file and the second encryption key comprises:

Decrypting the second encryption key using the private key of the second object on the second client to obtain the second key;

The second encrypted file is decrypted using the second key to obtain the target file.

10. The method according to any one of claims 7 to 9, characterized in that the second encrypted file is obtained by the first client adding a first watermark to the target file and encrypting the target file with the first watermark using the second key; wherein the first watermark is used to indicate that the target file is shared based on the first object logged in on the first client; and the second client decrypts the second encrypted file using the second key to obtain the target file with the first watermark.

11. The method according to any one of claims 7 to 9, wherein the target file is obtained by the first client obtaining the first key, obtaining the first encrypted file from the server, and decrypting the first encrypted file using the first key;

A third encryption key obtained by encrypting the first key using the public key of the first object on the first client is stored in the server, and the first key is obtained by the first client obtaining the third encryption key from the server and decrypting the third encryption key using the private key of the first object on the first client.

12. The method according to any one of claims 7 to 9 is characterized in that the first encrypted file is a source file received by the first client from a third client, the target file is obtained by adding a second watermark to the source file based on the trigger of the first object logged in on the first client, and the target file is encrypted using the first key and stored in the server; wherein the second watermark is used to indicate that the target file is generated based on the trigger of the first object logged in on the first client.

13. The method according to claim 12, wherein the source file carries a third watermark identifier, and the third watermark identifier is used to indicate that the source file is shared based on a third object logged in on the third client.

14. A file processing device, characterized by comprising a unit for executing the file processing method according to any one of claims 1 to 6, or comprising a unit for executing the file processing method according to any one of claims 7 to 13.

15. A computer device, characterized in that it comprises: a processor, a communication interface and a memory, wherein the processor, the communication interface and the memory are interconnected, wherein the memory stores an executable program code, and the processor is used to call the executable program code to execute the file processing method according to any one of claims 1 to 6, or to execute the file processing method according to any one of claims 7 to 13.

16. A computer program product, characterized in that the computer program product comprises a computer program or computer instructions, and when the computer program or computer instructions are executed by a processor, the computer program or computer instructions implement the steps of the file processing method according to any one of claims 1 to 6, or implement the steps of the file processing method according to any one of claims 7 to 13.