CN106211108A - A kind of message encryption method based on RSA PKI - Google Patents

Abstract

The invention discloses a short message encryption method based on an RSA public key, comprising: a communication entity obtains a personal digital certificate and a corresponding private key through a third-party CA; the communication entity binds its own identity with the public key certificate and the private key Operation, specify the trust root of the certificate; communicate with the peer communication entity, specify the public key certificate of the peer communication entity, and make a one-to-one correspondence between the public key information and identity information of the peer communication entity, and the peer communication entity will Return the public key certificate information to the original communication entity. After obtaining the certificate, map the information of the peer communication entity and the certificate one by one; the communication entity uses the certificate of the peer communication entity to encrypt the SMS with RSA public key, and encrypt the encrypted SMS It is transmitted to the communication entity through the classic channel; after the peer-to-peer communication entity receives the information, it enters the RSA private key protection password to restore the plaintext sent by the sender.

Description

A Short Message Encryption Method Based on RSA Public Key

technical field

The invention belongs to the technical field of network space security, in particular to a short message encryption method based on an RSA public key.

Background technique

Due to the rapid popularization of the Internet and the rapid development of digital technology, the issue of cyberspace security has gradually entered people's field of vision and attracted people's attention. Facing the complex and changeable network environment, potential network threats and attacks, computer data security and encryption are getting more and more people's close attention. How to ensure the security of data during transmission, so that information is not stolen by illegal third parties, is particularly important; data encryption, as the most basic security technology in the network, is favored by people for its low cost and active and effective defense. The RSA algorithm is currently the most influential public key encryption algorithm and the most famous and widely used public key system. As early as 1978, it was proposed by Rivest, Shamir and Adleman of the Massachusetts Institute of Technology (MIT) in a paper entitled "Methods for Obtaining Digital Signatures and Public Key Cryptosystems". It is an asymmetric (public) algorithm based on number theory. key) cryptographic system, which is a block cipher system; its name comes from the initials of the three inventors; it has been recommended by ISO as a public key encryption standard; as long as the length of the key is long enough, the information encrypted with RSA is actually It cannot be cracked; at present, RSA can be divided into two types according to the key length: 1024 bits and 2048 bits. The RSA algorithm is based on the decomposition of large numbers: it is very easy to multiply two large prime numbers, but it is extremely difficult to factorize the product, so the product can be made public as an encryption key; the advantages of the RSA algorithm are: 1. An algorithm used for encryption and digital signature at the same time; 2. Easy to understand and operate; 3. The encryption key of the algorithm is separated from the encryption algorithm, which makes key distribution more convenient; 4. It is especially suitable for network environments. For a large number of users, the encryption key can be given in the form of a public key directory. In recent years, smart mobile terminals have taken over all aspects of people's lives. People use mobile phones, tablet computers and other devices for entertainment, socializing, shopping and other activities. Sending short messages as one of the basic functions has become an important part of daily life. According to statistics, in 2013 alone, 10.3 trillion text messages were sent worldwide. Although some instant messaging software has occupied half of the mobile phone market in recent years, it is undeniable that instant messaging software still has many disadvantages: 1. Excessive dependence on the network. If you leave the data network, instant messaging software cannot be used; 2. Instant messaging software needs to pre-install the client. If one of the communication parties does not install the client, then the communication cannot continue; For things, they tend to use text messages, phone calls and other means of communication.

However, the text messages that people use every day are facing threats from malware and other aspects. Symantec, a world-renowned security company, published a report stating that 17% of all Android applications are malicious applications. There is one malware in less than six Android apps, which shows the extent of its prevalence. Statistics also show that in 2013, there were about 700,000 malicious apps on the Android platform; by 2014, the number of malicious apps on Android had grown to 1 million. These malicious software will steal user privacy information, induce users to subscribe to paid services, and so on. One of the important goals of malware is to steal the content of users' text messages.

Contents of the invention

The purpose of the present invention is to provide a short message encryption method based on an RSA public key, aiming at solving the problem that the current daily short message has malicious software that will steal user privacy information and user privacy is leaked.

The present invention is achieved in that a kind of short message encryption method based on RSA public key, described short message encryption method based on RSA public key comprises the following steps:

Step 1: The communication entity submits the personal identity information application documents to the registration authority for review. After the registration agency passes the review, it submits the application documents to the CA center, and the CA center issues a personal digital certificate and corresponding private key based on the application documents. The CA center delivers the generated personal digital certificate and the corresponding private key to the communication entity through a storage device such as a USB flash drive. Using the personal digital certificate issued by the authoritative organization, the communication entity can effectively prove its identity, so as to realize the encryption protection of its own private data.

Step 2: The communication entity binds its own identity with the public key certificate and private key, and specifies the trust root of the certificate;

Step 3: The communication entity communicates with the peer communication entity, specifies the public key certificate of the peer communication entity, and performs a one-to-one correspondence between the public key information and the identity information of the peer communication entity, and the peer communication entity returns the public key certificate to the original communication entity. Key certificate information, after obtaining the certificate, map the peer-to-peer communication entity information and the certificate one by one;

Step 4, the communication entity uses the certificate of the peer communication entity to perform RSA public key encryption on the short message, and transmits the encrypted short message to the communication entity through the classic channel;

Step 5: After receiving the information, the peer-to-peer communication entity inputs the RSA private key protection password to restore the plaintext sent by the sender.

Further, the bound content includes: the personal identity information corresponds to the certificate and the private key one by one; the personal identity information includes the phone number, unit and name.

Further, the trust root of the specified certificate browses and specifies the public key certificate file with the suffix cer and the private key file with the suffix pfx.

Further, in the process of mapping, call the API function provided by the Android native system to obtain the address book name and corresponding phone number, and use Shareparfence to perform key-value pair association operations on each attribute field.

Further, perform RSA public key encryption on the SMS, the encryption function will read the public key from the certificate file, encode the plaintext message with Base64, and then use the public key to encrypt the plaintext encoded plaintext message, and encrypt the encrypted plaintext message The encoded SMS is called back to the interactive interface for sending SMS through the original ecological interface provided by Android.

Another object of the present invention is to provide a short message encryption system based on the RSA public key short message encryption method, and the short message encryption system includes:

Issuing personal digital certificate CA center, which is used to issue personal digital certificates and corresponding private key files for new users according to the personal digital application files submitted by users;

The certificate private key binding module is used to specify the personal digital certificate and private key file path to bind with the user's mobile phone number to generate an identity attribute file;

The decryption message module is used to receive the message, obtain the private key file path according to the identity attribute file, and obtain the private key according to the input decryption password, thereby decrypting the message;

The SMS reading module is used to call the system SMS database and present the SMS information to the user;

The encrypted message module is used to send the message, and encrypts the message according to the personal digital certificate of the receiver;

Sending a short message module, used to call the system short message sending module to send a short message;

The signature message module is used to call the bound identity attribute file, obtain the private key file, and sign the message sent for the receiver to verify the integrity of the message.

Another object of the present invention is to provide an Android mobile platform applying the method for encrypting short messages based on the RSA public key.

Another object of the present invention is to provide a key sharing method applying the RSA public key-based short message encryption method.

Another object of the present invention is to provide a digital signature method applying the short message encryption method based on the RSA public key.

Another object of the present invention is to provide an email encryption method applying the RSA public key-based short message encryption method.

Compared with the prior art, the short message encryption method based on the RSA public key provided by the present invention has the following beneficial effects:

(1) The present invention can realize confidential communication without any external auxiliary hardware, has strong practicability, low development cost, and less energy consumption: specifically, the low development cost shows that the Android application adopts the Java language developed by SUN Company, The Java language is a high-level language. Since there are no pointers and no need to deliberately manage memory, it is very fast to get started. Second, Android itself has a rich API calling interface, which meets most of the development needs. In addition, there are a large number of functional open source libraries on the Internet. : The low energy consumption shows that the generated APK file runs independently on the Android system. It only needs to rely on the original virtual machine of Android, and can realize encryption and decryption without any auxiliary equipment, without causing any source code damage to the system itself. Change, without any modification of the source code for the function of sending text messages, the implementation is simple, and does not require ROOT authority.

(2) During the use of the present invention, the channel used to deliver information is a classic channel and does not rely too much on the network.

(3) The present invention adopts the RSA encryption algorithm, which has high security and relatively high efficiency. For example, in 1999, a Cray supercomputer took 5 months to decompose a 512-bit long key, and the time required to decompose a 768-bit RSA key is thousands of times that of 512 bits, and the time required for 1024-bit It is more than a thousand times that of 768 bits, so the 1024 bits commonly used now are relatively safe, and the use of 2048 bits is absolutely safe; it is suitable for real-world environments, one-to-many, many-to-one address book communication environments: Specifically, through the characteristics of the public key encryption system, users can associate multiple public keys with multiple users, and then encrypt each communicating entity according to the public key, and can also choose to associate the same public key with a The communication group satisfies the access control on the content of users between groups in multi-person communication.

(4) The present invention effectively solves the problem of key distribution in dual-card dual-standby. The corresponding numbers are tied to two pairs of public and private. It all depends on the user's needs for security; users do not need a strong cryptography background to use the software proficiently, and the user experience is relatively good.

(5) The present invention has really realized the correspondence and binding operation technically, and most of the interfaces and functions are the original ecological functions of the Android system, such as sending short messages, address books, etc., so the volume is small and exquisite, and the installation package is less than 2M; RSA It is currently the most influential public key encryption algorithm and is recommended by ISO as a public key data encryption standard. In addition to being used for encryption, RSA can also be used in the field of cryptography such as key sharing and digital signature. RSA-based public key encryption technology can be applied to email encryption systems, enterprise internal privacy file protection and other fields.

Description of drawings

Fig. 1 is the flow chart of the short message encryption method based on the RSA public key provided by the present invention.

FIG. 2 is a schematic structural diagram of the RSA public key-based short message encryption system provided by the present invention.

detailed description

In order to make the object, technical solution and advantages of the present invention more clear, the present invention will be further described in detail below in conjunction with the examples. It should be understood that the specific implementations described here are only used to explain the present invention, not to limit the present invention.

The present invention can guarantee the safe communication between the communication entity A and the communication entity B by means of the certificate issued by the third-party trusted organization CA. The information sent by communication entity A to B can only be decrypted by communication entity B, and any man-made eavesdropping or malicious software theft cannot spy on the content of the short message itself.

The application principle of the present invention will be described in detail below in conjunction with the accompanying drawings.

As shown in Figure 1, the short message encryption method based on the RSA public key that the present invention realizes provided comprises the following steps:

S101: The communication entity obtains a personal digital certificate and a corresponding private key through a third-party CA;

S102: The communication entity (sender) binds its own identity with the public key certificate and private key; the binding content includes: personal identity information (including phone number, unit, name) corresponds to the certificate and private key one by one , such as A binds A's certificate and private key; at the same time, specify the trust root of the certificate;

S103: The communication entity (sender) communicates with the peer communication entity (receiver), specifies the public key certificate of the peer communication entity, and performs one-to-one correspondence between the public key information and identity information of the peer communication entity, and peer-to-peer communication The entity (receiver) will return a public key certificate information to the original communication entity (sender), and the sender will map the receiver information (phone number, name, unit) with the certificate after obtaining the certificate;

S104: The sender uses the receiver's certificate to encrypt the short message with the RSA public key, and transmits the encrypted short message to the receiver through the classic channel;

S105: After receiving the information, the receiver inputs the RSA private key protection password to restore the plaintext sent by the sender.

As shown in Figure 2, the short message encryption system based on the RSA public key that the present invention realizes to provide includes:

Issuing personal digital certificate CA center: The CA center is a personal digital certificate issuing system designed and implemented according to the X509 standard. The CA center issues the digital certificate and corresponding private key file for the new user according to the personal digital application file submitted by the user.

Certificate private key binding module: Specify the personal digital certificate and private key file path to bind with the user's mobile phone number to generate an identity attribute file.

Decryption SMS module: used to receive SMS, obtain the private key file path according to the identity attribute file, and obtain the private key according to the input decryption password, thereby decrypting the SMS.

Read short message module: call the system short message database, and present the short message information to the user.

Encrypted SMS module: used to send SMS, according to the receiver's personal digital certificate, encrypted SMS.

Send SMS module: call the system SMS sending module to send SMS.

Signature SMS module: call the bound identity attribute file, obtain the private key file, and sign the sent SMS for the recipient to verify the integrity of the SMS. The application principle of the present invention will be further described below in combination with specific embodiments.

The present invention realizes that the short message encryption method based on the RSA public key provided comprises the following steps:

Step 1. Communication entities A and B obtain personal digital certificates and corresponding private keys through a third-party CA. The specific acquisition process is to submit personal identity information application documents to the registration agency for review. After the registration agency passes the review, submit the application documents To the CA center, the CA center issues a personal digital certificate and corresponding private key based on this application file. The CA center delivers the generated personal digital certificate and corresponding private key to the user through a storage device such as a U disk, and then the user obtains the personal digital certificate and corresponding private key.

Step 2, the communication entity A binds its own identity with the public key certificate and private key; the bound content includes: personal identity information (including phone number, unit and name) corresponds to the certificate and private key one by one. For example, A binds the certificate and private key of A; at the same time, specify the trust root of the certificate. In the process of specifying, the software has a built-in file browsing function, which can compare the public key certificate file with the suffix cer and the public key certificate file with the suffix pfx Browse and specify the private key file; other files will be ignored by the software; during the binding process, we use the Shareparfence provided by the Android native system for developers to perform key-value pair association operations on each attribute field; use code synchronization and internal Techniques such as class constructors ensure the thread safety of associated operations.

Step 3: The communication entity (sender A) communicates with the peer-to-peer communication entity (receiver B), and the sender A specifies the public key certificate of the receiver B, and checks the public key information and identity information of the peer-to-peer communication entity Correspondence; Specifically, the peer-to-peer communication entity (receiver) will return a public key certificate information to the original communication entity (sender). One-to-one mapping of certificates; in the process of mapping, call the API function provided by the Android native system to obtain the address book name and corresponding phone number, and use the Shareparfence provided by the Android native system for developers to perform key-value pair association operations on each attribute field ; Make use of technologies such as code synchronization and internal class constructors to ensure the thread safety of associated operations.

Step 4: The sender uses the receiver's certificate to encrypt the SMS with the RSA public key. The encryption function will read the public key from the certificate file, and at the same time encode the plaintext message with Base64, and then use the public key to encode the plaintext encoded plaintext The message is encrypted, and the encrypted encoded text message is called back to the interactive interface for sending text messages through the original ecological interface provided by Android, and then transmitted to the receiver through the classic channel; the reason for choosing to use the interactive interface instead of directly background sending is due to many The Android system has made a lot of changes to the original system, and has added API hooks and other interfaces that constrain the application to send SMS directly. Direct sending may cause the software to fail to call during the sending process.

Step 5: After receiving the information, the receiver enters the RSA private key protection password to recover the plaintext sent by the sender. After the reply, encode it with Base64, and finally recover the plaintext information.

The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention should be included in the protection of the present invention. within range.

Claims (10)

1. a kind of note encryption method based on RSA public key, it is characterized in that, described note encryption method based on RSA public key comprises the following steps: Step 1, the communication entity obtains the personal digital certificate and the corresponding private key through the third-party CA; Step 2: The communication entity binds its own identity with the public key certificate and private key, and specifies the trust root of the certificate; Step 3: The communication entity communicates with the peer communication entity, specifies the public key certificate of the peer communication entity, and performs a one-to-one correspondence between the public key information and the identity information of the peer communication entity, and the peer communication entity returns the public key certificate to the original communication entity. Key certificate information, after obtaining the certificate, map the peer-to-peer communication entity information and the certificate one by one; Step 4, the communication entity uses the certificate of the peer communication entity to perform RSA public key encryption on the short message, and transmits the encrypted short message to the communication entity through the classic channel; Step 5: After receiving the information, the peer-to-peer communication entity inputs the RSA private key protection password to restore the plaintext sent by the sender. 2. the short message encryption method based on RSA public key as claimed in claim 1, is characterized in that, the content of described binding comprises: personal identity information and certificate, private key one-to-one correspondence; Personal identity information comprises telephone number, unit ,Name. 3. the short message encryption method based on RSA public key as claimed in claim 1, is characterized in that, the root of trust of the specified certificate, to the public key certificate file with suffix name cer, and the private key with suffix name pfx Files can be browsed and specified. 4. the short message encryption method based on RSA public key as claimed in claim 1, it is characterized in that, in the process of mapping, call the API function that Android native system provides, obtain address book name and corresponding phone, utilize Shareparfence to each Attribute fields perform key-value pair association operations. 5. the short message encryption method based on RSA public key as claimed in claim 1, it is characterized in that, carry out RSA public key encryption to short message, encryption function can read public key from certificate file, and plaintext message is encoded with Base64 , and then use the public key to encrypt the encoded plaintext message, and call back the encrypted encoded text message to the interactive interface for sending text messages through the original ecological interface provided by Android. 6. a kind of short message encryption system based on the short message encryption method of RSA public key as claimed in claim 1, is characterized in that, described short message encryption system comprises: The digital certificate CA center is used to issue personal digital certificates and corresponding private key files to new users according to the personal digital application files submitted by users; The certificate private key binding module is used to specify the personal digital certificate and private key file path to bind with the user's mobile phone number to generate an identity attribute file; The decryption message module is used to receive the message, obtain the private key file path according to the identity attribute file, and obtain the private key according to the input decryption password, thereby decrypting the message; The SMS reading module is used to call the system SMS database and present the SMS information to the user; The encrypted message module is used to send the message, and encrypts the message according to the personal digital certificate of the recipient; Sending a short message module, used to call the system short message sending module to send a short message; The signature message module is used to call the bound identity attribute file, obtain the private key file, and sign the message sent for the receiver to verify the integrity of the message. 7. an Android mobile platform using any one of claim 1-5 based on the short message encryption method based on the RSA public key. 8. A key sharing method applying the short message encryption method based on the RSA public key according to any one of claims 1-5. 9. A digital signature method applying the RSA public key-based short message encryption method according to any one of claims 1-5. 10. An email encryption method using any one of claims 1-5 based on the RSA public key encryption method for short messages.