[go: up one dir, main page]

CN118573672A - File transmission method, device, medium and equipment - Google Patents

File transmission method, device, medium and equipment Download PDF

Info

Publication number
CN118573672A
CN118573672A CN202411025935.5A CN202411025935A CN118573672A CN 118573672 A CN118573672 A CN 118573672A CN 202411025935 A CN202411025935 A CN 202411025935A CN 118573672 A CN118573672 A CN 118573672A
Authority
CN
China
Prior art keywords
encrypted
key
file
encryption
fragment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411025935.5A
Other languages
Chinese (zh)
Inventor
尚鹏
仲海宁
贾岩
周迪
姜辅雨
赵鑫
徐精武
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Guangxin Technology Co ltd
Original Assignee
Hangzhou Guangxin Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Guangxin Technology Co ltd filed Critical Hangzhou Guangxin Technology Co ltd
Priority to CN202411025935.5A priority Critical patent/CN118573672A/en
Publication of CN118573672A publication Critical patent/CN118573672A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1074Peer-to-peer [P2P] networks for supporting data block transmission mechanisms
    • H04L67/1078Resource delivery mechanisms
    • H04L67/108Resource delivery mechanisms characterised by resources being split in blocks or fragments
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

本申请公开了一种文件传输方法、装置、介质及设备,涉及网络安全技术领域。将文件拆分成多个独立的加密分片,每个加密分片携带着加密密钥分片,分别通过不同的安全路径进行传输,使得攻击者难以获取完整的文件内容和密钥信息,显著增强了数据传输的安全性和灵活性,这种策略确保了即使攻击者能够截获部分分片,也无法仅凭这些分片还原出文件的原始内容,因为分片之间的信息是相互独立的,且缺乏必要的解密信息和完整性校验;此外,通过路径加密信息,每个中继点只能解密下一个中继点的地址,防止了路径信息泄露给未授权的中继点,多条传输路径的并行处理还提高了数据传输的效率,使得大文件的传输更加迅速和可靠。

The present application discloses a file transmission method, device, medium and equipment, and relates to the field of network security technology. The file is split into multiple independent encrypted fragments, each of which carries an encryption key fragment, and is transmitted through different secure paths, making it difficult for attackers to obtain the complete file content and key information, significantly enhancing the security and flexibility of data transmission. This strategy ensures that even if an attacker can intercept some fragments, the original content of the file cannot be restored by these fragments alone, because the information between the fragments is independent of each other and lacks the necessary decryption information and integrity verification; in addition, through the path encryption information, each relay point can only decrypt the address of the next relay point, preventing the path information from being leaked to unauthorized relay points, and the parallel processing of multiple transmission paths also improves the efficiency of data transmission, making the transmission of large files faster and more reliable.

Description

文件传输方法、装置、介质及设备File transmission method, device, medium and equipment

技术领域Technical Field

本申请涉及网络安全领域,尤其涉及一种文件传输方法、装置、介质及设备。The present application relates to the field of network security, and in particular to a file transmission method, device, medium and equipment.

背景技术Background Art

随着网络攻击手段的不断进化,传统的文件传输方式暴露出了诸多安全隐患。一方面,互联网上的数据传输容易被第三方追踪,暴露信息来源和流向,威胁用户隐私;另一方面,数据在传输过程中可能经过多个网络节点,任意节点的被侵入或监控设备的部署都可能导致信息被非法截取,尤其是在密钥管理不善或加密算法被破解的情况下,文件安全性更难以保障。With the continuous evolution of cyber attack methods, traditional file transfer methods have exposed many security risks. On the one hand, data transmission on the Internet can be easily tracked by third parties, exposing the source and flow of information and threatening user privacy; on the other hand, data may pass through multiple network nodes during transmission. The intrusion of any node or the deployment of monitoring equipment may lead to illegal interception of information, especially when the key management is poor or the encryption algorithm is cracked, the security of files is even more difficult to guarantee.

现有的安全传输方案,如SSL/TLS协议、HTTPS等,虽然在一定程度上提高了数据传输的安全性,但它们主要侧重于数据的加密传输,对于防止数据源和目的地的追踪以及确保数据分片在复杂网络环境下的绝对安全仍存在局限。特别是在面对APT(AdvancedPersistent Threat,高级持续性威胁)和零日攻击时,单一的加密和直接传输策略显得力不从心。Existing secure transmission solutions, such as SSL/TLS protocol, HTTPS, etc., have improved the security of data transmission to a certain extent, but they mainly focus on encrypted data transmission, and still have limitations in preventing the tracking of data sources and destinations and ensuring the absolute security of data fragmentation in complex network environments. Especially in the face of APT (Advanced Persistent Threat) and zero-day attacks, a single encryption and direct transmission strategy seems to be inadequate.

发明内容Summary of the invention

为了解决背景技术中提到的至少一个技术问题,本申请的目的在于提供一种文件传输方法、装置、介质及设备,可以降低密钥泄露风险,实现文件传输过程中的防追踪和防窃取,提高了文件传输的安全性。In order to solve at least one of the technical problems mentioned in the background technology, the purpose of this application is to provide a file transfer method, device, medium and equipment, which can reduce the risk of key leakage, achieve anti-tracking and anti-theft during file transfer, and improve the security of file transfer.

为实现上述目的,本申请提供如下技术方案:To achieve the above objectives, this application provides the following technical solutions:

第一方面,本申请实施例提供了一种文件传输方法,包括:In a first aspect, an embodiment of the present application provides a file transmission method, including:

在发送端利用密钥对原始文件进行加密得到加密文件,并将加密文件分割成多个加密分片;利用公钥对所述密钥进行加密得到加密密钥,并将加密密钥分割成多个加密密钥分片,加密密钥分片与加密分片一一对应;每个加密分片携带加密密钥分片、附加信息和路径加密信息,所述附加信息包括加密分片编号、加密分片数量、加密密钥分片编号;附加信息被公钥加密;At the sending end, the original file is encrypted by using the key to obtain an encrypted file, and the encrypted file is divided into multiple encrypted slices; the key is encrypted by using the public key to obtain an encryption key, and the encryption key is divided into multiple encryption key slices, and the encryption key slices correspond to the encryption slices one by one; each encryption slice carries an encryption key slice, additional information and path encryption information, and the additional information includes an encryption slice number, the number of encryption slices, and the encryption key slice number; the additional information is encrypted by the public key;

根据预设的传输路径,加密分片经由多个中继点传输,直至被接收端接收;每个中继点解密所述路径加密信息,以获取下一个中继点的地址;According to the preset transmission path, the encrypted fragments are transmitted through multiple relay points until they are received by the receiving end; each relay point decrypts the path encryption information to obtain the address of the next relay point;

在接收端接收到加密分片后,利用私钥对附加信息进行解密,根据加密分片数量确定接收到所有加密分片后,按照加密分片编号将加密分片组装成加密文件,按照加密密钥分片编号将加密密钥分片组装成加密密钥,并利用私钥对加密密钥进行解密,得到密钥,再利用密钥对加密文件进行解密,得到原始文件;其中所述私钥与所述公钥相对应。After receiving the encrypted slices at the receiving end, the additional information is decrypted using the private key. After determining that all the encrypted slices have been received according to the number of the encrypted slices, the encrypted slices are assembled into an encrypted file according to the encrypted slice numbers, the encrypted key slices are assembled into an encrypted key according to the encryption key slice numbers, and the encrypted key is decrypted using the private key to obtain the key, and then the encrypted file is decrypted using the key to obtain the original file; wherein the private key corresponds to the public key.

进一步的,所述附加信息还包括加密分片哈希值;所述加密分片哈希值是在得到所述加密分片之后,对所述加密分片进行哈希处理生成的;Furthermore, the additional information also includes an encrypted fragment hash value; the encrypted fragment hash value is generated by performing a hash process on the encrypted fragment after the encrypted fragment is obtained;

在接收端利用私钥对附加信息进行解密后,对所述加密分片进行哈希校验,判断是否与加密分片哈希值匹配,若不匹配,则向发送端发送第一重传请求,发送端根据所述第一重传请求重新发送相应的加密分片;若匹配,则确定得到真实的加密分片。After the receiving end uses the private key to decrypt the additional information, the encrypted fragment is hashed to determine whether it matches the hash value of the encrypted fragment. If it does not match, a first retransmission request is sent to the sending end, and the sending end resends the corresponding encrypted fragment according to the first retransmission request; if it matches, it is determined that the real encrypted fragment is obtained.

进一步的,所述附加信息还包括原始文件哈希值;所述原始文件哈希值是在所述原始文件加密之前,对所述加密分片进行哈希处理生成的;Furthermore, the additional information also includes an original file hash value; the original file hash value is generated by performing hash processing on the encrypted slice before the original file is encrypted;

在接收端得到原始文件后,对所述原始文件进行哈希校验,判断是否与原始文件哈希值匹配,若不匹配,则向发送端发送第二重传要求,发送端根据所述第二重传要求重新发送所述原始文件;若匹配,则确定得到真实的原始文件。After the receiving end obtains the original file, a hash check is performed on the original file to determine whether it matches the hash value of the original file. If not, a second retransmission request is sent to the sending end, and the sending end resends the original file according to the second retransmission request; if they match, it is determined that the authentic original file is obtained.

进一步的,所述预设的传输路径以及路径数量是基于所述中继点的性能以及当前传输任务量动态调整的;Furthermore, the preset transmission path and the number of paths are dynamically adjusted based on the performance of the relay point and the current transmission task volume;

所述预设的传输路径以及路径数量被确定后,所述加密分片数量也被确定,根据所述预设的传输路径为每一个所述加密分片生成路径加密信息。After the preset transmission path and the number of paths are determined, the number of encrypted fragments is also determined, and path encryption information is generated for each of the encrypted fragments according to the preset transmission path.

进一步的,在所述路径加密信息中,采用非对称加密算法对每一个中继点的下一个中继点的地址进行加密,使得每一个中继点只能解密下一个中继点的地址。Furthermore, in the path encryption information, an asymmetric encryption algorithm is used to encrypt the address of the next relay point of each relay point, so that each relay point can only decrypt the address of the next relay point.

第二方面,本申请实施例提供了一种文件传输装置,包括:In a second aspect, an embodiment of the present application provides a file transmission device, including:

原始文件分片加密单元,用于在发送端利用密钥对原始文件进行加密得到加密文件,并将加密文件分割成多个加密分片;利用公钥对所述密钥进行加密得到加密密钥,并将加密密钥分割成多个加密密钥分片,加密密钥分片与加密分片一一对应;每个加密分片携带加密密钥分片、附加信息和路径加密信息,所述附加信息包括加密分片编号、加密分片数量、加密密钥分片编号;附加信息被公钥加密;The original file slice encryption unit is used to encrypt the original file with the key at the sending end to obtain the encrypted file, and divide the encrypted file into multiple encrypted slices; encrypt the key with the public key to obtain the encryption key, and divide the encryption key into multiple encryption key slices, and the encryption key slices correspond to the encryption slices one by one; each encryption slice carries the encryption key slice, additional information and path encryption information, and the additional information includes the encryption slice number, the number of encryption slices, and the encryption key slice number; the additional information is encrypted by the public key;

加密分片传输单元,用于根据预设的传输路径,加密分片经由多个中继点传输,直至被接收端接收;每个中继点解密所述路径加密信息,以获取下一个中继点的地址;The encrypted fragment transmission unit is used to transmit the encrypted fragments through multiple relay points according to a preset transmission path until they are received by the receiving end; each relay point decrypts the path encryption information to obtain the address of the next relay point;

加密分片解密重组单元,用于在接收端接收到加密分片后,利用私钥对附加信息进行解密,根据加密分片数量确定接收到所有加密分片后,按照加密分片编号将加密分片组装成加密文件,按照加密密钥分片编号将加密密钥分片组装成加密密钥,并利用私钥对加密密钥进行解密,得到密钥,再利用密钥对加密文件进行解密,得到原始文件;其中所述私钥与所述公钥相对应;The encrypted fragment decryption and reassembly unit is used to decrypt the additional information using the private key after receiving the encrypted fragment at the receiving end, assemble the encrypted fragments into an encrypted file according to the encrypted fragment number after determining that all the encrypted fragments have been received according to the number of the encrypted fragments, assemble the encrypted key fragments into an encrypted key according to the encryption key fragment number, decrypt the encrypted key using the private key to obtain the key, and then decrypt the encrypted file using the key to obtain the original file; wherein the private key corresponds to the public key;

其中,所述预设的传输路径以及路径数量是基于所述中继点的性能以及当前传输任务量动态调整的,所述路径数量被确定后,所述加密分片数量也被确定;根据所述预设的传输路径为每一个所述加密分片生成路径加密信息;采用非对称加密算法对每一个中继点的下一个中继点的地址进行加密,使得每一个中继点只能解密下一个中继点的地址。Among them, the preset transmission path and the number of paths are dynamically adjusted based on the performance of the relay point and the current transmission task volume. After the number of paths is determined, the number of encrypted fragments is also determined; path encryption information is generated for each encrypted fragment according to the preset transmission path; and the address of the next relay point of each relay point is encrypted using an asymmetric encryption algorithm, so that each relay point can only decrypt the address of the next relay point.

进一步的,所述附加信息还包括加密分片哈希值;所述加密分片哈希值是在得到所述加密分片之后,对所述加密分片进行哈希处理生成的;所述文件传输装置还包括:Furthermore, the additional information also includes an encrypted fragment hash value; the encrypted fragment hash value is generated by performing a hash process on the encrypted fragment after the encrypted fragment is obtained; the file transmission device also includes:

加密分片校验单元,用于在接收端利用私钥对附加信息进行解密后,对所述加密分片进行哈希校验,判断是否与加密分片哈希值匹配,若不匹配,则向发送端发送第一重传请求,发送端根据所述第一重传请求重新发送相应的加密分片;若匹配,则确定得到真实的加密分片。The encrypted fragment verification unit is used to perform hash verification on the encrypted fragment after the receiving end uses the private key to decrypt the additional information to determine whether it matches the encrypted fragment hash value. If it does not match, a first retransmission request is sent to the sending end, and the sending end resends the corresponding encrypted fragment according to the first retransmission request; if it matches, it is determined that the real encrypted fragment is obtained.

进一步的,所述附加信息还包括原始文件哈希值;所述原始文件哈希值是在所述原始文件加密之前,对所述加密分片进行哈希处理生成的;所述文件传输装置还包括:Furthermore, the additional information also includes an original file hash value; the original file hash value is generated by performing hash processing on the encrypted slice before the original file is encrypted; the file transmission device also includes:

原始文件校验单元,用于在接收端得到原始文件后,对所述原始文件进行哈希校验,判断是否与原始文件哈希值匹配,若不匹配,则向发送端发送第二重传要求,发送端根据所述第二重传要求重新发送所述原始文件;若匹配,则确定得到真实的原始文件。The original file verification unit is used to perform hash verification on the original file after the receiving end obtains the original file to determine whether it matches the hash value of the original file. If it does not match, a second retransmission request is sent to the sending end, and the sending end resends the original file according to the second retransmission request; if it matches, it is determined that the real original file is obtained.

第三方面,本申请实施例提供了一种计算机存储介质,其上存储有计算机程序,该程序被处理器执行时实现上述文件传输方法。In a third aspect, an embodiment of the present application provides a computer storage medium on which a computer program is stored, and when the program is executed by a processor, the above-mentioned file transfer method is implemented.

第四方面,本申请实施例提供了一种终端设备,包括存储器、处理器以及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现上述文件传输方法。In a fourth aspect, an embodiment of the present application provides a terminal device, comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the above-mentioned file transfer method when executing the computer program.

与现有技术相比,本申请的有益效果是:Compared with the prior art, the beneficial effects of this application are:

将文件拆分成多个独立的加密分片,每个加密分片携带着加密密钥分片,分别通过不同的安全路径进行传输,使得攻击者难以获取完整的文件内容和密钥信息,显著增强了数据传输的安全性和灵活性,这种策略确保了即使攻击者能够截获部分分片,也无法仅凭这些分片还原出文件的原始内容,因为加密分片之间的信息是相互独立的,且缺乏必要的解密信息和完整性校验;此外,路径加密信息采用非对称加密算法对每个中继点的下一个中继点地址进行加密,确保了传输路径的机密性,并且每个中继点只能解密下一个中继点的地址,防止了路径信息泄露给未授权的中继点,多条传输路径的并行处理还提高了数据传输的效率,使得大文件的传输更加迅速和可靠;实现了数据传输的安全性、可靠性、完整性和高效性,为文件在复杂网络环境中的安全传输提供了有力保障。The file is split into multiple independent encrypted slices, each of which carries an encryption key slice and is transmitted through different secure paths, making it difficult for attackers to obtain the complete file content and key information, significantly enhancing the security and flexibility of data transmission. This strategy ensures that even if an attacker can intercept some slices, he cannot restore the original content of the file based on these slices alone, because the information between the encrypted slices is independent of each other and lacks the necessary decryption information and integrity verification; in addition, the path encryption information uses an asymmetric encryption algorithm to encrypt the address of the next relay point of each relay point, ensuring the confidentiality of the transmission path, and each relay point can only decrypt the address of the next relay point, preventing the path information from being leaked to unauthorized relay points. The parallel processing of multiple transmission paths also improves the efficiency of data transmission, making the transmission of large files faster and more reliable; it achieves the security, reliability, integrity and efficiency of data transmission, and provides a strong guarantee for the secure transmission of files in complex network environments.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1为本申请实施例一提供的一种文件传输方法的流程图;FIG1 is a flow chart of a file transmission method provided in Embodiment 1 of the present application;

图2为本申请实施例四提供的一种文件传输装置的结构图。FIG. 2 is a structural diagram of a file transmission device provided in Embodiment 4 of the present application.

具体实施方式DETAILED DESCRIPTION

下面对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application are described clearly and completely below. Obviously, the described embodiments are only part of the embodiments of the present application, not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of the present application.

为解决现有技术中存在的上述问题,本申请实施例公开了一种文件传输方法、装置、介质及设备,下面分别进行详细说明。In order to solve the above problems existing in the prior art, the embodiments of the present application disclose a file transmission method, device, medium and equipment, which are described in detail below.

实施例一:Embodiment 1:

如图1所示,图1为本申请实施例一提供的一种文件传输方法的流程图。该方法包括:As shown in Figure 1, Figure 1 is a flowchart of a file transmission method provided in Example 1 of the present application. The method includes:

在发送端利用密钥对原始文件进行加密得到加密文件,并将加密文件分割成多个加密分片;利用公钥对密钥进行加密得到加密密钥,并将加密密钥分割成多个加密密钥分片,加密密钥分片与加密分片一一对应;每个加密分片携带加密密钥分片、附加信息和路径加密信息,附加信息包括加密分片编号、加密分片数量、加密密钥分片编号;附加信息被公钥加密。At the sending end, the original file is encrypted using the key to obtain an encrypted file, and the encrypted file is divided into multiple encrypted fragments; the key is encrypted using the public key to obtain an encryption key, and the encryption key is divided into multiple encryption key fragments, and the encryption key fragments correspond to the encryption fragments one by one; each encryption fragment carries an encryption key fragment, additional information and path encryption information, and the additional information includes the encryption fragment number, the number of encryption fragments, and the encryption key fragment number; the additional information is encrypted by the public key.

为了便于阐述文件的传输过程,下面举例说明。To facilitate the explanation of the file transfer process, an example is given below.

假设具有一个文件发送端A,6个文件传输中继点(分别为B1、B2……B6),一个文件接收端C。发送端和接收端持有一对RSA非对称密钥,发送端A持有公钥P0,接收端持有私钥S0。发送端和6个中继点也分别创建一对RSA密钥,发送端持有公钥P1、P2……P6,中继点B1、B2至B6分别持有私钥S1、S2、S3、S4、S5、S6。要将文件F从发送端A传输至接收端C。Assume that there is a file sender A, 6 file transfer relays (B1, B2...B6), and a file receiver C. The sender and receiver hold a pair of RSA asymmetric keys, sender A holds the public key P0, and the receiver holds the private key S0. The sender and the 6 relays also create a pair of RSA keys, the sender holds the public keys P1, P2...P6, and the relays B1, B2 to B6 hold the private keys S1, S2, S3, S4, S5, S6 respectively. To transfer file F from sender A to receiver C.

发送端A生成一个密钥K,将文件F使用密钥K进行AES(Advanced EncryptionStandard,高级加密标准)加密得到加密文件X。AES加密和解密使用的是同一个密钥,即对称加密。加密过程将明文转换为密文,而解密过程则是将密文转换回明文,都使用相同的密钥K。The sender A generates a key K and uses the key K to encrypt the file F using AES (Advanced Encryption Standard) to obtain the encrypted file X. AES encryption and decryption use the same key, i.e. symmetric encryption. The encryption process converts plaintext into ciphertext, while the decryption process converts ciphertext back into plaintext, both using the same key K.

发送端根据每个中继点的性能、当前传输任务量(包括当前正在传输任务的数量和当前正在传输的文件大小)等因素,确定加密文件X的分片数量以及加密分片的传输路径,假设将加密文件X分割成2份,得到加密分片X1、X2,分别由两条路径A—B1—B5—C、A—B4—B3—C进行传输;The sender determines the number of fragments of the encrypted file X and the transmission path of the encrypted fragments based on the performance of each relay point, the current transmission task volume (including the number of currently transmitting tasks and the size of the currently transmitting file) and other factors. Suppose the encrypted file X is divided into two parts, and the encrypted fragments X1 and X2 are obtained, which are transmitted by two paths A-B1-B5-C and A-B4-B3-C respectively;

其中,X1和X2的文件大小可以不相同,也就是说,对加密文件X进行随机分割,这样,由于加密分片大小不等,可以根据网络带宽、中继点性能等因素,动态调整各加密文件分片的处理优先级和速度,例如,较大的加密文件分片可以分配给性能较高或传输量较小的中继点,而较小的加密文件分片则分配给性能更低或传输量更小的中继点,从而提高并行传输效率。Among them, the file sizes of X1 and X2 can be different, that is, the encrypted file X is randomly divided. In this way, due to the different sizes of encrypted fragments, the processing priority and speed of each encrypted file fragment can be dynamically adjusted according to factors such as network bandwidth and relay point performance. For example, larger encrypted file fragments can be allocated to relay points with higher performance or smaller transmission volume, while smaller encrypted file fragments can be allocated to relay points with lower performance or smaller transmission volume, thereby improving parallel transmission efficiency.

发送端A将密钥K使用公钥P0进行加密,将加密后密钥切割成两份得到K1、K2,并打乱顺序,预计将K1插入分片X2,K2插入分片X1中。The sender A encrypts the key K using the public key P0, cuts the encrypted key into two parts to obtain K1 and K2, and shuffles the order. It is expected that K1 will be inserted into shard X2 and K2 will be inserted into shard X1.

将加密分片X1编号、X的分片数量、加密密钥分片K2编号记录到一个定长的字符串后用公钥P0进行加密,得到加密字符串G1,并加入到加密分片X1尾部。加密分片X2也照此得到加密字符串G2,插入X2尾部。The encrypted fragment X1 number, the number of fragments of X, and the number of the encrypted key fragment K2 are recorded into a fixed-length string and encrypted with the public key P0 to obtain the encrypted string G1, which is added to the end of the encrypted fragment X1. The encrypted fragment X2 is also encrypted to obtain the encrypted string G2, which is inserted into the end of X2.

可以取加密字符串G1的第一个字节值,将加密密钥分片K2插入X1的该位置;取加密字符串G2的第一个字节值,将加密密钥分片K1插入X2的该位置。You can take the first byte value of the encrypted string G1 and insert the encryption key fragment K2 into the corresponding position of X1; take the first byte value of the encrypted string G2 and insert the encryption key fragment K1 into the corresponding position of X2.

至此,原始文件在传输前的准备工作已完成。At this point, the preparation of the original file before transmission has been completed.

根据预设的传输路径,加密分片经由多个中继点传输,直至被接收端接收;每个中继点解密路径加密信息,以获取下一个中继点的地址。According to the preset transmission path, the encrypted fragments are transmitted through multiple relay points until they are received by the receiving end; each relay point decrypts the path encryption information to obtain the address of the next relay point.

发送端A按照上述生成的传输路径,将C的IP地址、端口信息使用公钥P5进行加密附着在X1的头部,再将B5的IP地址、端口信息使用公钥P1进行加密附着在X1头部。同理可得,依次将C、B3的IP地址、端口信息分别使用公钥P3、P4进行加密附着在X2头部。According to the transmission path generated above, the sender A encrypts C's IP address and port information with public key P5 and attaches it to the header of X1, and then encrypts B5's IP address and port information with public key P1 and attaches it to the header of X1. Similarly, the IP addresses and port information of C and B3 are encrypted with public keys P3 and P4 respectively and attached to the header of X2.

发送端A将加密分片X1、X2分别发往中继点B1、B4。The sender A sends the encrypted fragments X1 and X2 to the relay points B1 and B4 respectively.

中继点B1接收到加密分片X1后,取头部信息,使用私钥S1解密得到下一跳中继点B5的地址,将加密分片X1向B5发送。以此类推,每个中继点都按此方法解密下一跳地址后进行发送,直到发送到接收端C。After receiving the encrypted fragment X1, relay point B1 takes the header information, decrypts it with private key S1 to obtain the address of the next-hop relay point B5, and sends the encrypted fragment X1 to B5. Similarly, each relay point decrypts the next-hop address in this way and sends it until it reaches the receiving end C.

在接收端接收到加密分片后,利用私钥对附加信息进行解密,根据分片数量确定接收到所有加密分片后,按照加密分片编号将加密分片组装成加密文件,按照密钥分片编号将加密密钥分片组装成加密密钥,并利用私钥对加密密钥进行解密,得到密钥,再利用密钥对加密文件进行解密,得到原始文件;其中私钥与公钥相对应。After receiving the encrypted fragments at the receiving end, the additional information is decrypted using the private key. After determining that all encrypted fragments have been received based on the number of fragments, the encrypted fragments are assembled into encrypted files according to the encrypted fragment numbers, and the encrypted key fragments are assembled into encrypted keys according to the key fragment numbers. The encrypted keys are decrypted using the private key to obtain the key, and the encrypted files are then decrypted using the key to obtain the original files; the private key corresponds to the public key.

接收端C接收到每个加密分片后,获取加密字符串G1、G2,再从G1、G2的第一个字节值中得到加密密钥分片K2、K1,使用私钥S0解密G1和G2,根据加密分片数量确定接收到了所有加密分片,按照加密分片编号将加密分片重新组装成完整的加密文件X,按照加密密钥分片编号将加密密钥分片组装成加密密钥。After receiving each encrypted fragment, the receiving end C obtains the encrypted strings G1 and G2, and then obtains the encryption key fragments K2 and K1 from the first byte values of G1 and G2, and uses the private key S0 to decrypt G1 and G2. According to the number of encrypted fragments, it is determined that all encrypted fragments have been received, and the encrypted fragments are reassembled into a complete encrypted file X according to the encryption fragment number, and the encryption key fragments are assembled into an encryption key according to the encryption key fragment number.

接收端C使用私钥S0对加密密钥进行解密,得到密钥K,再利用密钥K对加密文件X进行解密,得到原始文件F。The receiving end C uses the private key S0 to decrypt the encryption key to obtain the key K, and then uses the key K to decrypt the encrypted file X to obtain the original file F.

本申请实施例提供了一种文件传输方法,将文件拆分成多个独立的加密分片,每个加密分片携带着加密密钥分片,分别通过不同的安全路径进行传输,使得攻击者难以获取完整的文件内容和密钥信息,显著增强了数据传输的安全性和灵活性,这种策略确保了即使攻击者能够截获部分分片,也无法仅凭这些分片还原出文件的原始内容;此外,路径加密信息采用非对称加密算法对每个中继点的下一个中继点地址进行加密,确保了传输路径的机密性,并且每个中继点只能解密下一个中继点的地址,防止了路径信息泄露给未授权的中继点,多条传输路径的并行处理还提高了数据传输的效率,使得大文件的传输更加迅速和可靠;实现了数据传输的安全性、可靠性、完整性和高效性,为文件在复杂网络环境中的安全传输提供了有力保障。The embodiment of the present application provides a file transmission method, which splits a file into multiple independent encrypted fragments, each of which carries an encryption key fragment, and is transmitted through different secure paths, making it difficult for attackers to obtain the complete file content and key information, significantly enhancing the security and flexibility of data transmission. This strategy ensures that even if an attacker can intercept some fragments, he or she cannot restore the original content of the file based on these fragments alone; in addition, the path encryption information uses an asymmetric encryption algorithm to encrypt the next relay point address of each relay point, ensuring the confidentiality of the transmission path, and each relay point can only decrypt the address of the next relay point, preventing the path information from being leaked to unauthorized relay points. The parallel processing of multiple transmission paths also improves the efficiency of data transmission, making the transmission of large files faster and more reliable; the security, reliability, integrity and efficiency of data transmission are achieved, providing a strong guarantee for the secure transmission of files in a complex network environment.

实施例二:Embodiment 2:

在实施例一的基础上,附加信息还包括加密分片哈希值;加密分片哈希值是在得到加密分片之后,对加密分片进行哈希处理生成的。Based on the first embodiment, the additional information also includes an encrypted fragment hash value; the encrypted fragment hash value is generated by performing a hash process on the encrypted fragment after the encrypted fragment is obtained.

在接收端利用私钥对附加信息进行解密后,对加密分片进行哈希校验,判断是否与加密分片哈希值匹配,若不匹配,则向发送端发送第一重传请求,发送端根据第一重传请求重新发送相应的加密分片;若匹配,则确定得到真实的加密分片。After the receiving end uses the private key to decrypt the additional information, it performs a hash check on the encrypted fragment to determine whether it matches the hash value of the encrypted fragment. If it does not match, a first retransmission request is sent to the sending end, and the sending end resends the corresponding encrypted fragment according to the first retransmission request; if it matches, it is determined that the real encrypted fragment is obtained.

当加密分片的哈希值不匹配时,这通常意味着在传输过程中该分片可能已经被篡改或损坏。在这种情况下,发送端只需要重新发送该不匹配的加密分片给接收端,接收端再次进行哈希校验,以确保重新传输的分片是完整且未被篡改的。When the hash values of the encrypted segments do not match, this usually means that the segment may have been tampered with or damaged during transmission. In this case, the sender only needs to resend the unmatched encrypted segment to the receiver, and the receiver performs a hash check again to ensure that the retransmitted segment is complete and has not been tampered with.

实施例三:Embodiment three:

在实施例一或实施例二的基础上,附加信息还包括原始文件哈希值;原始文件哈希值是在原始文件加密之前,对加密分片进行哈希处理生成的。Based on the first or second embodiment, the additional information further includes an original file hash value; the original file hash value is generated by performing hash processing on the encrypted slice before the original file is encrypted.

在接收端得到原始文件后,对原始文件进行哈希校验,判断是否与原始文件哈希值匹配,若不匹配,则向发送端发送第二重传要求,发送端根据第二重传要求重新发送原始文件;若匹配,则确定得到真实的原始文件。After the receiving end obtains the original file, a hash check is performed on the original file to determine whether it matches the hash value of the original file. If not, a second retransmission request is sent to the sending end, and the sending end resends the original file according to the second retransmission request; if they match, it is determined that the authentic original file is obtained.

如果原始文件的哈希值不匹配,这通常意味着在加密、传输、解密或文件处理过程中的某个环节出现了问题。这不仅仅是一个加密分片的问题,而是整个文件的问题。因此,发送端需要重新执行整个流程,包括重新加密原始文件、传输所有加密分片、接收端解密并验证整个文件的哈希值。If the hash value of the original file does not match, this usually means that there is a problem somewhere in the encryption, transmission, decryption, or file processing process. This is not just a problem with one encrypted slice, but a problem with the entire file. Therefore, the sender needs to re-execute the entire process, including re-encrypting the original file, transmitting all encrypted slices, and the receiver decrypting and verifying the hash value of the entire file.

在将多个加密分片组合成完整的加密文件,并进行解密时,如果组合过程中发生错误(如分片顺序错误、分片丢失或重复等),即使每个分片本身都是完整的,解密后的文件也可能无法正确还原原始文件。通过对解密后的文件进行哈希校验,可以及时发现这种组合错误。When combining multiple encrypted fragments into a complete encrypted file and decrypting it, if an error occurs during the combination process (such as incorrect fragment order, fragment loss or duplication, etc.), even if each fragment itself is complete, the decrypted file may not be able to correctly restore the original file. By performing hash verification on the decrypted file, such combination errors can be discovered in a timely manner.

实施例四:Embodiment 4:

如图2所示,本申请实施例四还提供了一种文件传输装置的结构图。该装置包括:As shown in FIG2 , the fourth embodiment of the present application also provides a structural diagram of a file transmission device. The device includes:

原始文件分片加密单元,用于在发送端利用密钥对原始文件进行加密得到加密文件,并将加密文件分割成多个加密分片;利用公钥对密钥进行加密得到加密密钥,并将加密密钥分割成多个加密密钥分片,加密密钥分片与加密分片一一对应;每个加密分片携带加密密钥分片、附加信息和路径加密信息,附加信息包括加密分片编号、加密分片数量、加密密钥分片编号;附加信息被公钥加密。The original file shard encryption unit is used to encrypt the original file with a key at the sending end to obtain an encrypted file, and divide the encrypted file into multiple encrypted shards; encrypt the key with a public key to obtain an encryption key, and divide the encryption key into multiple encryption key shards, and the encryption key shards correspond to the encryption shards one by one; each encryption shard carries an encryption key shard, additional information and path encryption information, and the additional information includes an encryption shard number, the number of encryption shards, and the encryption key shard number; the additional information is encrypted by the public key.

加密分片传输单元,用于根据预设的传输路径,加密分片经由多个中继点传输,直至被接收端接收;每个中继点解密路径加密信息,以获取下一个中继点的地址。The encrypted fragment transmission unit is used to transmit the encrypted fragments through multiple relay points according to a preset transmission path until they are received by the receiving end; each relay point decrypts the path encryption information to obtain the address of the next relay point.

加密分片解密重组单元,用于在接收端接收到加密分片后,利用私钥对附加信息进行解密,根据加密分片数量确定接收到所有加密分片后,按照加密分片编号将加密分片组装成加密文件,按照加密密钥分片编号将加密密钥分片组装成加密密钥,并利用私钥对加密密钥进行解密,得到密钥,再利用密钥对加密文件进行解密,得到原始文件;其中私钥与公钥相对应。The encrypted fragment decryption and reassembly unit is used to decrypt the additional information using the private key after receiving the encrypted fragment at the receiving end, assemble the encrypted fragments into an encrypted file according to the encrypted fragment number after determining that all the encrypted fragments have been received according to the number of the encrypted fragments, assemble the encrypted key fragments into an encrypted key according to the encryption key fragment number, decrypt the encrypted key using the private key to obtain the key, and then decrypt the encrypted file using the key to obtain the original file; wherein the private key corresponds to the public key.

其中,预设的传输路径以及路径数量是基于中继点的性能以及当前传输任务量动态调整的,路径数量被确定后,加密分片数量也被确定;根据预设的传输路径为每一个加密分片生成路径加密信息;采用非对称加密算法对每一个中继点的下一个中继点的地址进行加密,使得每一个中继点只能解密下一个中继点的地址。Among them, the preset transmission path and the number of paths are dynamically adjusted based on the performance of the relay point and the current transmission task volume. After the number of paths is determined, the number of encrypted fragments is also determined; path encryption information is generated for each encrypted fragment according to the preset transmission path; an asymmetric encryption algorithm is used to encrypt the address of the next relay point of each relay point, so that each relay point can only decrypt the address of the next relay point.

本发明实施例四所提供的文件传输装置,其实现原理及产生的技术效果和前述方法实施例一相同,为简要描述,装置实施例部分未提及之处,可参考前述方法实施例一中相应内容。The file transfer device provided in the fourth embodiment of the present invention has the same implementation principle and technical effects as those of the aforementioned method embodiment 1. For the sake of brief description, for matters not mentioned in the device embodiment, reference may be made to the corresponding contents in the aforementioned method embodiment 1.

实施例五:Embodiment five:

在实施例四的基础上,附加信息还包括加密分片哈希值;加密分片哈希值是在得到加密分片之后,对加密分片进行哈希处理生成的;文件传输装置还包括:On the basis of the fourth embodiment, the additional information further includes an encrypted fragment hash value; the encrypted fragment hash value is generated by performing a hash process on the encrypted fragment after the encrypted fragment is obtained; and the file transmission device further includes:

加密分片校验单元,用于在接收端利用私钥对附加信息进行解密后,对加密分片进行哈希校验,判断是否与加密分片哈希值匹配,若不匹配,则向发送端发送第一重传请求,发送端根据第一重传请求重新发送相应的加密分片;若匹配,则确定得到真实的加密分片。The encrypted fragment verification unit is used to perform hash verification on the encrypted fragment after the receiving end uses the private key to decrypt the additional information to determine whether it matches the encrypted fragment hash value. If it does not match, a first retransmission request is sent to the sending end, and the sending end resends the corresponding encrypted fragment according to the first retransmission request; if it matches, it is determined that the real encrypted fragment is obtained.

本发明实施例五所提供的文件传输装置,其实现原理及产生的技术效果和前述方法实施例二相同,为简要描述,装置实施例部分未提及之处,可参考前述方法实施例二中相应内容。The file transfer device provided in the fifth embodiment of the present invention has the same implementation principle and technical effects as those of the aforementioned method embodiment 2. For the sake of brief description, for matters not mentioned in the device embodiment, reference may be made to the corresponding contents in the aforementioned method embodiment 2.

实施例六:Embodiment six:

在实施例四或实施例五的基础上,附加信息还包括原始文件哈希值;原始文件哈希值是在原始文件加密之前,对加密分片进行哈希处理生成的;文件传输装置还包括:Based on the fourth or fifth embodiment, the additional information further includes an original file hash value; the original file hash value is generated by performing hash processing on the encrypted slice before the original file is encrypted; and the file transmission device further includes:

原始文件校验单元,用于在接收端得到原始文件后,对原始文件进行哈希校验,判断是否与原始文件哈希值匹配,若不匹配,则向发送端发送第二重传要求,发送端根据第二重传要求重新发送原始文件;若匹配,则确定得到真实的原始文件。The original file verification unit is used to perform hash verification on the original file after the receiving end obtains the original file to determine whether it matches the hash value of the original file. If it does not match, a second retransmission request is sent to the sending end, and the sending end resends the original file according to the second retransmission request; if it matches, it is determined that the real original file is obtained.

本发明实施例六所提供的文件传输装置,其实现原理及产生的技术效果和前述方法实施例三相同,为简要描述,装置实施例部分未提及之处,可参考前述方法实施例三中相应内容。The file transfer device provided in the sixth embodiment of the present invention has the same implementation principle and technical effects as those of the aforementioned method embodiment three. For the sake of brief description, for matters not mentioned in the device embodiment, reference may be made to the corresponding contents in the aforementioned method embodiment three.

实施例七:Embodiment seven:

本申请实施例还提供了一种计算机存储介质,其上存储有计算机程序,该程序被处理器执行时实现上述文件传输方法。The embodiment of the present application also provides a computer storage medium on which a computer program is stored, and when the program is executed by a processor, the above-mentioned file transfer method is implemented.

实施例八:Embodiment eight:

本申请实施例还提供了一种终端设备,包括存储器、处理器以及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现上述文件传输方法。An embodiment of the present application also provides a terminal device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the above-mentioned file transfer method when executing the computer program.

对于本领域技术人员而言,显然本申请不限于上述示范性实施例的细节,而且在不背离本申请的精神或基本特征的情况下,能够以其他的具体形式实现本申请。因此,无论从哪一点来看,均应将实施例看作是示范性的,而且是非限制性的,本申请的范围由所附权利要求而不是上述说明限定,因此旨在将落在权利要求的等同要件的含义和范围内的所有变化囊括在本申请内。It is obvious to those skilled in the art that the present application is not limited to the details of the exemplary embodiments described above, and that the present application can be implemented in other specific forms without departing from the spirit or essential features of the present application. Therefore, no matter from which point of view, the embodiments should be regarded as exemplary and non-restrictive, and the scope of the present application is defined by the appended claims rather than the above description, and it is intended that all changes falling within the meaning and scope of the equivalent elements of the claims are included in the present application.

Claims (10)

1.一种文件传输方法,其特征在于,包括:1. A file transmission method, comprising: 在发送端利用密钥对原始文件进行加密得到加密文件,并将加密文件分割成多个加密分片;利用公钥对所述密钥进行加密得到加密密钥,并将加密密钥分割成多个加密密钥分片,加密密钥分片与加密分片一一对应;每个加密分片携带加密密钥分片、附加信息和路径加密信息,所述附加信息包括加密分片编号、加密分片数量、加密密钥分片编号;附加信息被公钥加密;At the sending end, the original file is encrypted by using the key to obtain an encrypted file, and the encrypted file is divided into multiple encrypted slices; the key is encrypted by using the public key to obtain an encryption key, and the encryption key is divided into multiple encryption key slices, and the encryption key slices correspond to the encryption slices one by one; each encryption slice carries an encryption key slice, additional information and path encryption information, and the additional information includes an encryption slice number, the number of encryption slices, and the encryption key slice number; the additional information is encrypted by the public key; 根据预设的传输路径,加密分片经由多个中继点传输,直至被接收端接收;每个中继点解密所述路径加密信息,以获取下一个中继点的地址;According to the preset transmission path, the encrypted fragments are transmitted through multiple relay points until they are received by the receiving end; each relay point decrypts the path encryption information to obtain the address of the next relay point; 在接收端接收到加密分片后,利用私钥对附加信息进行解密,根据加密分片数量确定接收到所有加密分片后,按照加密分片编号将加密分片组装成加密文件,按照加密密钥分片编号将加密密钥分片组装成加密密钥,并利用私钥对加密密钥进行解密,得到密钥,再利用密钥对加密文件进行解密,得到原始文件;其中所述私钥与所述公钥相对应。After receiving the encrypted slices at the receiving end, the additional information is decrypted using the private key. After determining that all the encrypted slices have been received according to the number of the encrypted slices, the encrypted slices are assembled into an encrypted file according to the encrypted slice numbers, the encrypted key slices are assembled into an encrypted key according to the encryption key slice numbers, and the encrypted key is decrypted using the private key to obtain the key, and then the encrypted file is decrypted using the key to obtain the original file; wherein the private key corresponds to the public key. 2.根据权利要求1所述的文件传输方法,其特征在于,所述附加信息还包括加密分片哈希值;所述加密分片哈希值是在得到所述加密分片之后,对所述加密分片进行哈希处理生成的;2. The file transmission method according to claim 1, characterized in that the additional information further includes an encrypted fragment hash value; the encrypted fragment hash value is generated by performing a hash process on the encrypted fragment after the encrypted fragment is obtained; 在接收端利用私钥对附加信息进行解密后,对所述加密分片进行哈希校验,判断是否与加密分片哈希值匹配,若不匹配,则向发送端发送第一重传请求,发送端根据所述第一重传请求重新发送相应的加密分片;若匹配,则确定得到真实的加密分片。After the receiving end uses the private key to decrypt the additional information, the encrypted fragment is hashed to determine whether it matches the hash value of the encrypted fragment. If it does not match, a first retransmission request is sent to the sending end, and the sending end resends the corresponding encrypted fragment according to the first retransmission request; if it matches, it is determined that the real encrypted fragment is obtained. 3.根据权利要求1或2所述的文件传输方法,其特征在于,所述附加信息还包括原始文件哈希值;所述原始文件哈希值是在所述原始文件加密之前,对所述加密分片进行哈希处理生成的;3. The file transmission method according to claim 1 or 2, characterized in that the additional information also includes an original file hash value; the original file hash value is generated by performing hash processing on the encrypted fragment before the original file is encrypted; 在接收端得到原始文件后,对所述原始文件进行哈希校验,判断是否与原始文件哈希值匹配,若不匹配,则向发送端发送第二重传要求,发送端根据所述第二重传要求重新发送所述原始文件;若匹配,则确定得到真实的原始文件。After the receiving end obtains the original file, a hash check is performed on the original file to determine whether it matches the hash value of the original file. If not, a second retransmission request is sent to the sending end, and the sending end resends the original file according to the second retransmission request; if they match, it is determined that the authentic original file is obtained. 4.根据权利要求1所述的文件传输方法,其特征在于,所述预设的传输路径以及路径数量是基于所述中继点的性能以及当前传输任务量动态调整的;4. The file transmission method according to claim 1, characterized in that the preset transmission path and the number of paths are dynamically adjusted based on the performance of the relay point and the current transmission task volume; 所述预设的传输路径以及路径数量被确定后,所述加密分片数量也被确定,根据所述预设的传输路径为每一个所述加密分片生成路径加密信息。After the preset transmission path and the number of paths are determined, the number of encrypted fragments is also determined, and path encryption information is generated for each of the encrypted fragments according to the preset transmission path. 5.根据权利要求1或4所述的文件传输方法,在所述路径加密信息中,采用非对称加密算法对每一个中继点的下一个中继点的地址进行加密,使得每一个中继点只能解密下一个中继点的地址。5. According to the file transfer method described in claim 1 or 4, in the path encryption information, an asymmetric encryption algorithm is used to encrypt the address of the next relay point of each relay point, so that each relay point can only decrypt the address of the next relay point. 6.一种文件传输装置,其特征在于,包括:6. A file transmission device, comprising: 原始文件分片加密单元,用于在发送端利用密钥对原始文件进行加密得到加密文件,并将加密文件分割成多个加密分片;利用公钥对所述密钥进行加密得到加密密钥,并将加密密钥分割成多个加密密钥分片,加密密钥分片与加密分片一一对应;每个加密分片携带加密密钥分片、附加信息和路径加密信息,所述附加信息包括加密分片编号、加密分片数量、加密密钥分片编号;附加信息被公钥加密;The original file slice encryption unit is used to encrypt the original file with the key at the sending end to obtain the encrypted file, and divide the encrypted file into multiple encrypted slices; encrypt the key with the public key to obtain the encryption key, and divide the encryption key into multiple encryption key slices, and the encryption key slices correspond to the encryption slices one by one; each encryption slice carries the encryption key slice, additional information and path encryption information, and the additional information includes the encryption slice number, the number of encryption slices, and the encryption key slice number; the additional information is encrypted by the public key; 加密分片传输单元,用于根据预设的传输路径,加密分片经由多个中继点传输,直至被接收端接收;每个中继点解密所述路径加密信息,以获取下一个中继点的地址;The encrypted fragment transmission unit is used to transmit the encrypted fragments through multiple relay points according to a preset transmission path until they are received by the receiving end; each relay point decrypts the path encryption information to obtain the address of the next relay point; 加密分片解密重组单元,用于在接收端接收到加密分片后,利用私钥对附加信息进行解密,根据加密分片数量确定接收到所有加密分片后,按照加密分片编号将加密分片组装成加密文件,按照加密密钥分片编号将加密密钥分片组装成加密密钥,并利用私钥对加密密钥进行解密,得到密钥,再利用密钥对加密文件进行解密,得到原始文件;其中所述私钥与所述公钥相对应;The encrypted fragment decryption and reassembly unit is used to decrypt the additional information using the private key after receiving the encrypted fragment at the receiving end, assemble the encrypted fragments into an encrypted file according to the encrypted fragment number after determining that all the encrypted fragments have been received according to the number of the encrypted fragments, assemble the encrypted key fragments into an encrypted key according to the encryption key fragment number, decrypt the encrypted key using the private key to obtain the key, and then decrypt the encrypted file using the key to obtain the original file; wherein the private key corresponds to the public key; 其中,所述预设的传输路径以及路径数量是基于所述中继点的性能以及当前传输任务量动态调整的,所述路径数量被确定后,所述加密分片数量也被确定;根据所述预设的传输路径为每一个所述加密分片生成路径加密信息;采用非对称加密算法对每一个中继点的下一个中继点的地址进行加密,使得每一个中继点只能解密下一个中继点的地址。Among them, the preset transmission path and the number of paths are dynamically adjusted based on the performance of the relay point and the current transmission task volume. After the number of paths is determined, the number of encrypted fragments is also determined; path encryption information is generated for each encrypted fragment according to the preset transmission path; and the address of the next relay point of each relay point is encrypted using an asymmetric encryption algorithm, so that each relay point can only decrypt the address of the next relay point. 7.根据权利要求6所述的文件传输装置,其特征在于,所述附加信息还包括加密分片哈希值;所述加密分片哈希值是在得到所述加密分片之后,对所述加密分片进行哈希处理生成的;所述文件传输装置还包括:7. The file transmission device according to claim 6, characterized in that the additional information also includes an encrypted fragment hash value; the encrypted fragment hash value is generated by performing a hash process on the encrypted fragment after the encrypted fragment is obtained; the file transmission device also includes: 加密分片校验单元,用于在接收端利用私钥对附加信息进行解密后,对所述加密分片进行哈希校验,判断是否与加密分片哈希值匹配,若不匹配,则向发送端发送第一重传请求,发送端根据所述第一重传请求重新发送相应的加密分片;若匹配,则确定得到真实的加密分片。The encrypted fragment verification unit is used to perform hash verification on the encrypted fragment after the receiving end uses the private key to decrypt the additional information to determine whether it matches the encrypted fragment hash value. If it does not match, a first retransmission request is sent to the sending end, and the sending end resends the corresponding encrypted fragment according to the first retransmission request; if it matches, it is determined that the real encrypted fragment is obtained. 8.根据权利要求7所述的文件传输装置,其特征在于,所述附加信息还包括原始文件哈希值;所述原始文件哈希值是在所述原始文件加密之前,对所述加密分片进行哈希处理生成的;所述文件传输装置还包括:8. The file transmission device according to claim 7, characterized in that the additional information also includes a hash value of the original file; the hash value of the original file is generated by performing a hash process on the encrypted fragment before the original file is encrypted; the file transmission device also includes: 原始文件校验单元,用于在接收端得到原始文件后,对所述原始文件进行哈希校验,判断是否与原始文件哈希值匹配,若不匹配,则向发送端发送第二重传要求,发送端根据所述第二重传要求重新发送所述原始文件;若匹配,则确定得到真实的原始文件。The original file verification unit is used to perform hash verification on the original file after the receiving end obtains the original file to determine whether it matches the hash value of the original file. If it does not match, a second retransmission request is sent to the sending end, and the sending end resends the original file according to the second retransmission request; if it matches, it is determined that the real original file is obtained. 9.一种计算机存储介质,其上存储有计算机程序,其特征在于,该程序被处理器执行时实现如权利要求1-5中任意一项所述的方法。9. A computer storage medium having a computer program stored thereon, wherein when the program is executed by a processor, the method according to any one of claims 1 to 5 is implemented. 10.一种终端设备,包括存储器、处理器以及存储在所述存储器上并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现如权利要求1-5中任意一项所述的方法。10. A terminal device, comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the method according to any one of claims 1 to 5 when executing the computer program.
CN202411025935.5A 2024-07-30 2024-07-30 File transmission method, device, medium and equipment Pending CN118573672A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411025935.5A CN118573672A (en) 2024-07-30 2024-07-30 File transmission method, device, medium and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411025935.5A CN118573672A (en) 2024-07-30 2024-07-30 File transmission method, device, medium and equipment

Publications (1)

Publication Number Publication Date
CN118573672A true CN118573672A (en) 2024-08-30

Family

ID=92469119

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411025935.5A Pending CN118573672A (en) 2024-07-30 2024-07-30 File transmission method, device, medium and equipment

Country Status (1)

Country Link
CN (1) CN118573672A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119520512A (en) * 2025-01-15 2025-02-25 杭州半云科技有限公司 A distributed cross-segment file transmission method

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007173959A (en) * 2005-12-19 2007-07-05 Mitsubishi Electric Corp Encryption communication apparatus
CN104580359A (en) * 2014-11-26 2015-04-29 上海斐讯数据通信技术有限公司 Method for encrypting, storing, backuping and downloading file segments in router with storage function
CN107666491A (en) * 2017-11-15 2018-02-06 北京交通大学 The data transmission method of air-ground integrated network based on symmetric cryptography
CN111245818A (en) * 2020-01-08 2020-06-05 中国信息安全测评中心 File transmission method, system, sender device, and receiver device
CN111709038A (en) * 2020-05-07 2020-09-25 北京中科凡语科技有限公司 File encryption and decryption method, distributed storage system, equipment and storage medium
CN112615899A (en) * 2020-11-25 2021-04-06 北京中电普华信息技术有限公司 Large file transmission method, device and system
US20210111876A1 (en) * 2019-10-11 2021-04-15 Atakama LLC Secure session for decryption
CN113079008A (en) * 2021-04-26 2021-07-06 北京玻色量子科技有限公司 Data communication method, device and system
CN114338127A (en) * 2021-12-24 2022-04-12 北京天融信网络安全技术有限公司 Data transmission method and device for anonymous communication, electronic device and storage medium
CN115695278A (en) * 2021-07-12 2023-02-03 中国电信股份有限公司 Message forwarding method, controller and message forwarding system
CN116166749A (en) * 2023-02-13 2023-05-26 重庆新致金服信息技术有限公司 Data sharing method, device, electronic device and storage medium
CN116318665A (en) * 2023-02-21 2023-06-23 博思数采科技发展有限公司 File encryption method, storage medium and electronic equipment
CN116886268A (en) * 2023-08-10 2023-10-13 云海链控股股份有限公司 Data transmission verification method, device, equipment and computer readable storage medium
CN117857099A (en) * 2023-12-06 2024-04-09 福建师范大学 Anonymous computing method of man-machine object network primary and secondary transmission paths based on fragment encryption
CN118055444A (en) * 2022-11-17 2024-05-17 贵州白山云科技股份有限公司 Data transmission method, device and computer readable medium
CN118101195A (en) * 2024-04-02 2024-05-28 中国联合网络通信集团有限公司 Key transmission method and system

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007173959A (en) * 2005-12-19 2007-07-05 Mitsubishi Electric Corp Encryption communication apparatus
CN104580359A (en) * 2014-11-26 2015-04-29 上海斐讯数据通信技术有限公司 Method for encrypting, storing, backuping and downloading file segments in router with storage function
CN107666491A (en) * 2017-11-15 2018-02-06 北京交通大学 The data transmission method of air-ground integrated network based on symmetric cryptography
US20210111876A1 (en) * 2019-10-11 2021-04-15 Atakama LLC Secure session for decryption
CN111245818A (en) * 2020-01-08 2020-06-05 中国信息安全测评中心 File transmission method, system, sender device, and receiver device
CN111709038A (en) * 2020-05-07 2020-09-25 北京中科凡语科技有限公司 File encryption and decryption method, distributed storage system, equipment and storage medium
CN112615899A (en) * 2020-11-25 2021-04-06 北京中电普华信息技术有限公司 Large file transmission method, device and system
CN113079008A (en) * 2021-04-26 2021-07-06 北京玻色量子科技有限公司 Data communication method, device and system
CN115695278A (en) * 2021-07-12 2023-02-03 中国电信股份有限公司 Message forwarding method, controller and message forwarding system
CN114338127A (en) * 2021-12-24 2022-04-12 北京天融信网络安全技术有限公司 Data transmission method and device for anonymous communication, electronic device and storage medium
CN118055444A (en) * 2022-11-17 2024-05-17 贵州白山云科技股份有限公司 Data transmission method, device and computer readable medium
CN116166749A (en) * 2023-02-13 2023-05-26 重庆新致金服信息技术有限公司 Data sharing method, device, electronic device and storage medium
CN116318665A (en) * 2023-02-21 2023-06-23 博思数采科技发展有限公司 File encryption method, storage medium and electronic equipment
CN116886268A (en) * 2023-08-10 2023-10-13 云海链控股股份有限公司 Data transmission verification method, device, equipment and computer readable storage medium
CN117857099A (en) * 2023-12-06 2024-04-09 福建师范大学 Anonymous computing method of man-machine object network primary and secondary transmission paths based on fragment encryption
CN118101195A (en) * 2024-04-02 2024-05-28 中国联合网络通信集团有限公司 Key transmission method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
段桂华, 杨路明, 王伟平, 宋虹: "一种基于洋葱路由的可撤销匿名通信方案", 计算机工程与应用, no. 13, 1 January 2006 (2006-01-01), pages 2 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119520512A (en) * 2025-01-15 2025-02-25 杭州半云科技有限公司 A distributed cross-segment file transmission method

Similar Documents

Publication Publication Date Title
Moskowitz et al. Host identity protocol version 2 (HIPv2)
Moskowitz et al. Host identity protocol
US10419406B2 (en) Efficient forwarding of encrypted TCP retransmissions
Donenfeld WireGuard: Next Generation Kernel Network Tunnel.
US7774594B2 (en) Method and system for providing strong security in insecure networks
EP2329621B1 (en) Key distribution to a set of routers
WO2016070538A1 (en) Secure shell (ssh2) protocol data collection method and device
JP2004515117A (en) Encrypted data security system and method
WO2018075965A1 (en) Dark virtual private networks and secure services
CN107078898A (en) A kind of method that the private interconnection of safety is set up on multi-path network
Chen et al. Secure communication channel establishment: TLS 1.3 (over TCP fast open) versus QUIC
CN118573672A (en) File transmission method, device, medium and equipment
Moskowitz et al. Rfc 5201: Host identity protocol
Haase et al. Secure communication protocol for network-on-chip with authenticated encryption and recovery mechanism
CN114553420B (en) Digital envelope packaging method based on quantum key and data secret communication network
CN118214558B (en) Data circulation processing method, system, device and storage medium
CN118784317A (en) A method for encrypting IP messages
CN118233192A (en) A method, system and computer-readable storage medium for constructing an IPv6 dedicated network
Hayden et al. Multi-channel security through data fragmentation
Schwenk Attacks on SSL and TLS
Liu et al. Design of data security transmission scheme based on sharding technology
CN111884816A (en) A routing method capable of metadata privacy protection and source accountability
Bernardo et al. A pragmatic approach: Achieving acceptable security mechanisms for high speed data transfer protocol-UDT
Dowling et al. Cryptography is Rocket Science: Analysis of BPSec
Dowling et al. Cryptography is rocket science

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20240830