CN106452771A - Method and device for calling cipher card by JCE (Java Cryptography Extension) to implement internal RSA secret key operation - Google Patents
Method and device for calling cipher card by JCE (Java Cryptography Extension) to implement internal RSA secret key operation Download PDFInfo
- Publication number
- CN106452771A CN106452771A CN201610885095.9A CN201610885095A CN106452771A CN 106452771 A CN106452771 A CN 106452771A CN 201610885095 A CN201610885095 A CN 201610885095A CN 106452771 A CN106452771 A CN 106452771A
- Authority
- CN
- China
- Prior art keywords
- key
- cipher
- jce
- cipher card
- rsa
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 230000005540 biological transmission Effects 0.000 claims description 16
- 238000004364 calculation method Methods 0.000 claims description 12
- 229910002056 binary alloy Inorganic materials 0.000 claims description 6
- 230000008569 process Effects 0.000 claims description 6
- 238000009795 derivation Methods 0.000 claims description 3
- 230000004044 response Effects 0.000 claims description 2
- 238000004891 communication Methods 0.000 abstract description 3
- 238000004422 calculation algorithm Methods 0.000 description 17
- 230000006870 function Effects 0.000 description 7
- 230000008901 benefit Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 238000004458 analytical method Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 239000011800 void material Substances 0.000 description 3
- 210000004247 hand Anatomy 0.000 description 2
- 238000001629 sign test Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 101000896740 Solanum tuberosum Cysteine protease inhibitor 9 Proteins 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013478 data encryption standard Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000032696 parturition Effects 0.000 description 1
- 238000007789 sealing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000002054 transplantation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a device for calling a cipher card by JCE (Java Cryptography Extension) to implement an internal RSA secret key operation. The device comprises terminal equipment and the cipher card; the terminal equipment comprises an application module, a JCE implementation module and a cipher card management tool; the cipher card is inserted on the terminal equipment, and is connected with the cipher card management tool for storing a generated RSA secret key pair; the application module is connected with the JCE implementation module for sending the RSA secret key pair lead-out or RSA secret key operation request; and the JCE implementation module is connected with the cipher card for sending the processed RSA secret key pair lead-out request or RSA secret key operation request to the cipher card, and the cipher card responds to the request of the JCE implementation module. The method and the device which are disclosed by the invention achieve an effect that the JCE calls an RSA secret key stored in the cipher card to carry out the secret key operation, and ensure safety storage of a private key and safety of communication.
Description
Technical field
The present invention relates to field of information security technology, more particularly to a kind of JCE call cipher card to realize built-in RSA key fortune
The method and device of calculation.
Background technology
Java is the object oriented program language that can write cross-platform software in, be by Sun
Java applet design language and the assembly of Java platform that Microsystems company was released in May nineteen ninety-five.Java technology has
There are versatility, high efficiency, platform transplantation and the safety of brilliance, be widely used in personal PC, data center, game control
Platform, science supercomputer, mobile phone and the Internet.Under the industrial environment of global cloud computing and mobile Internet, Java
More for significant advantage and bright prospects.
Java platform defines one group of API, crosses over main security field, including password, PKIX, certification, peace
Full communication and access control.These API enable developer to be easily integrated into the safety of their application code,
Launch mainly around the independence that implements, the extensibility for realizing interoperability and algorithm.
JCE is the abbreviation of Java Cryptography Extension, (Java Cryptographic Extensions) provide for encryption and decryption,
The framework and reality of key generation, key management and key agreement and Message Authentication Code (MAC) algorithm
Existing.It provides the encryption to symmetrical, asymmetric, block and stream cipher and supports, it also supports the object of secure flows and sealing.JCE is adopted
With the independence that realizes and the independence of algorithm, JCE security framework is made to be provided with good autgmentability.It uses supplier
(provider) theory is to manage and organize the realization of all cryptosecurities and provide service for application program.In JAVA environment
Can there are multiple different JCE simultaneously to realize, a set of standard interface defined in security.provider, all of
JCE realizes realizing this set of standard interface.
The ISP of JCE, it should which a set of basic security service is provided, wherein RSA Algorithm be current application the most
A kind of extensive asymmetric cryptographic algorithm.RSA public key is made up of two parts:
n:RSA closes digital-to-analogue, is a positive integer
e:RSA discloses close, is a positive integer
RSA private key can adopt the following two kinds method for expressing.
The first method for expressing, is made up of a pair of integer (n, d):
n:RSA closes digital-to-analogue, is a positive integer
d:The privately owned power of RSA, is a positive integer
Second method for expressing, is made up of a five-tuple (p, q, dP, dQ, qInv):
p:First factor, is a positive integer
q:Second factor, is a positive integer
dP:The CRT power of first factor, is a positive integer
dQ:The CRT power of second factor, is a positive integer
qInv:CRT coefficient, is a positive integer
RSA is current most influential public key encryption algorithm, and it can resist the up to the present known overwhelming majority
Cryptographic attack, is recommended as public key data encryption standard by ISO.RSA is public-key encryptosystem, and so-called public-key cryptography is close
Code system is exactly using different encryption keys and decruption key, is that one kind " goes out decruption key by known encryption key derivation to exist
It is infeasible in calculating " cipher system.In public-key encryptosystem, encryption key (i.e. public-key cryptography) is open letter
Breath, and decruption key (i.e. privacy key) is need for confidentiality.AES and decipherment algorithm are also all disclosed, although deciphering
Key is determined by public-key cryptography, but can not calculate decruption key according to public-key cryptography.So, the safety of RSA Algorithm
Property it is critical only that the safety of private key.
There is provided the relevant interface with regard to RSA Algorithm in JCE, the base such as generate, encrypt, deciphering, signing, verifying including key
Plinth function.Wherein, decipher and signature needs incoming corresponding private key pair as just specifically being deciphered and signature operation, but private
Key object is stored in application memory as the core of safety, is very easy to be stolen.
Content of the invention
It is an object of the invention to overcome the deficiencies in the prior art, propose one kind and overcome the problems referred to above or at least in part
A kind of JCE for solving the above problems calls the method that cipher card realizes built-in RSA key computing, it is achieved that JCE calls cipher card
The RSA key of middle storage carries out key computing, it is ensured that the safety storage of private key and the safety of communication.
The technical solution adopted for the present invention to solve the technical problems is:
A kind of JCE calls the method that cipher card realizes built-in RSA key computing, including key deriving step and key computing
Step;
The key deriving step includes:
Application program module is realized module to JCE and sends the first RSA key for including key identification to deriving request;
JCE realizes module and receives the first RSA key to deriving request, creates the stochastic source with key identification, by key
Mark is converted into cipher key number, and sends the second RSA key for including cipher key number to cipher card to deriving request;
Cipher card receives the second RSA key to deriving request, and realizes, to JCE, the specified cipher key number that module transmission has been stored
The public key data of corresponding RSA key pair;
JCE realizes the public key data that module receives cipher card transmission, tries to give a false impression private key number according to public key data and cipher key number group
According to, and public key data, false private key data are converted into key object and are sent to application program module;
The key calculation step includes:
Application program module realizes module transmission to JCE includes the first RSA key computing request of key object;
JCE realizes module and receives the first RSA key computing request, and the key object for receiving is parsed, and according to
Analysis result sends the second RSA key computing request for including public key or cipher key number to cipher card;
Cipher card receives the second RSA key computing request, and realizes module transmission operation result to JCE;
JCE realizes the operation result that module receives cipher card transmission, and operation result is sent to application program module.
Further, also include key generation step before the key deriving step, the key generation step includes:
Cipher card receives the key of cipher card management tool triggering and generates request, and it is close that acquisition cipher card management tool is specified
Key number and film are long;
Internal generation and the storage for completing RSA key pair according to the cipher key number that specifies and film length of cipher card.
Further, the private key of the RSA key pair for storing in cipher card is stored with ciphertext form and cannot be derived.
Further, the vacation private key is assembled according to the form of RSA key centering private key.
Further, when private key is made up of a pair of integer (n, d), the assemble method of the vacation private key is specifically included:
Other components in addition to n are replaced with binary random number;
Embedded key information in other elements in element d or in addition to n;
Binary system random number after embedded key number is converted into positive integer and is assembled into false private key.
Further, in the key calculation step, when the key object that is resolved to includes public key, public key is converted into
Cipher card internal identification data form, is sent to cipher card and is encrypted computing.
Further, in the key calculation step, when the key object that is resolved to includes false private key, then by false private key
The element of middle storage cipher key number information is converted into binary system array by positive integer, and finds out embedded element d or its in addition to n
Cipher key number in his element, is sent to cipher card and is decrypted computing.
Further, it is sent to cipher card and is encrypted in the message of computing the data for also including to need to be encrypted.
Further, after cipher card is encrypted computing, the ciphertext after encryption is sent to JCE and realizes module.
Further, it is sent to cipher card and is decrypted in the message of close computing the data for also including to need to be decrypted.
Further, after cipher card is decrypted computing, the plaintext after deciphering is sent to JCE and realizes module.
A kind of JCE calls cipher card to realize the device of built-in RSA key computing, including terminal unit and cipher card;Described
Terminal unit includes that application program module, JCE realize module and for generating RSA key to specifying cipher key number and film for cipher card
Long cipher card management tool;The cipher card is plugged on the terminal unit, is connected use with the cipher card management tool
In the RSA key pair for generating and storing specified cipher key number and film length;The application program module is realized module with the JCE and is connected
For sending RSA key to derivation or RSA key computing request;The JCE realize module and the cipher card be connected to by
RSA key after process is sent to the cipher card to deriving request or RSA key computing request, and the cipher card response is described
JCE realizes the request of module.
Further, the cipher card is plugged into the terminal unit by pci interface, PCI_E interface or usb interface.
The beneficial effect brought of technical scheme that the present invention is provided is:
1st, generate and encrypt storage RSA key pair within hardware using cipher card, it is achieved that the safeguard protection of private key;
2nd, module being realized using JCE and call the internal RSA key pair of cipher card, and carries out password fortune using cipher card hardware
Calculate, solve the problems, such as private key store in internal memory or using when be easily acquired;
3rd, long using cipher card management tool configuring cipher key number and film, cipher card is according to the cipher key number for being configured and film progress
Row RSA key is to generating and storing;As cipher card management tool is to operate when interface tool, user need to generate RSA key pair
Simple and convenient.
Described above is only the general introduction of technical solution of the present invention, in order to more clearly understand the technology handss of the present invention
Section, so as to being practiced according to the content of description, and in order to allow the above and other objects, features and advantages of the present invention
Can become apparent, be exemplified below the specific embodiment of the present invention.
According to the detailed description below in conjunction with accompanying drawing to the specific embodiment of the invention, those skilled in the art will be brighter
The above-mentioned and other purpose of the present invention, advantages and features.
Description of the drawings
Fig. 1 is the entire block diagram of apparatus of the present invention;
Fig. 2 generates interaction figure for the key of apparatus of the present invention;
Fig. 3 derives interaction figure for the key of apparatus of the present invention;
Fig. 4 is the key computing interaction figure of apparatus of the present invention;
Fig. 5 is the overall flow figure of the inventive method;
Fig. 6 is the key product process figure of the inventive method;
Fig. 7 derives flow chart for the key of the inventive method;
Fig. 8 is the key operational flowchart of the inventive method.
Specific embodiment
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing to embodiment party of the present invention
Formula is described in further detail.
It should be noted that the executive agent of the method for present embodiment be terminal unit, the terminal can be mobile phone,
The equipment such as panel computer, palm PC PDA, notebook or desktop computer, it is, of course, also possible to have setting for identity function for other
Standby, present embodiment is not any limitation as.
As shown in Figures 1 to 4, a kind of JCE calls cipher card to realize the device of built-in RSA key computing, including terminal unit
10 and cipher card 20;The terminal unit 10 includes that application program module 101, JCE realizes module 102 and for giving birth to for cipher card
Become RSA key to specifying the cipher card management tool 103 of cipher key number and film length;The cipher card 20 is plugged on the terminal unit
On 10, it is connected to generate and store the RSA key pair of specified cipher key number and film length with the cipher card management tool 103;Institute
State application program module 101 and the JCE and realize module 102 and be connected to send RSA key to deriving or RSA key computing please
Ask;The JCE realizes that module 102 and the cipher card 20 be connected to will be close to deriving request or RSA for the RSA key after process
Key computing request is sent to the cipher card 20, and the cipher card 20 responds the request that the JCE realizes module 102.
Further, the cipher card 20 is plugged into the terminal unit by pci interface, PCI_E interface or usb interface
10.
Specifically, the cipher card 20 is a kind of hardware device for realizing key generation, key storage and crypto-operation.
Key storage inside cipher card is in hardware, and should be stored in the form of ciphertext, prevents from being stolen.For RSA key pair, by
It is disclosed in public key, so storage need not be encrypted, is stored with plaintext version, and can export to outside cipher card.
And private key then should be in the form of the ciphertext inside storage and cipher card, and private key can not be exported to outside cipher card in the form of plaintext
Portion.Cipher card 20 in the present embodiment, can realize the generation of RSA key pair, derive public key, rsa encryption/deciphering, RSA label
The functions such as name/sign test.The cipher card management tool 103 be for the convenience of the user cipher card is carried out initializing, key is generated, is deleted
The interface tool of management function such as remove, back up, recovering, being realized by software programming;The cipher card management tool 103 is by corresponding to
Cipher card manufacturer provide.
The application program module 101 is realized needing the application of function for user, and the JCE realizes module 102 and realizes one
The function of the ISP of individual JCE, application program module 101 and JCE are realized module 102 and are all realized by software programming, this
In embodiment, by JAVA programming realization.The application program module 101, JCE realizes module 102 and cipher card management tool
103 are installed on the terminal unit 10, are also equipped with password card driver on the terminal unit 10.
As shown in figure 5, a kind of JCE calls the method that cipher card realizes built-in RSA key computing, including key generation step
60th, key deriving step 70 and key calculation step 80.
As shown in fig. 6, the key generation step 60 includes:
Step 601:Cipher card management tool generates RSA key pair according to the cipher key number that specifies and film length, and by the RSA
Key is to being sent to supporting cipher card;
Step 602, cipher card receive the RSA key to and store.
Specifically, the cipher key number is the unique mark of cipher key index number or key.Cipher card can be allowed by cipher key number
Management tool generate internal key to and store specified location in cipher card, the cipher card can derive public key, using internal
Counterpart keys are encrypted/decipher and the computings such as RSA signature/sign test.
As shown in fig. 7, the key deriving step 70 includes:
Step 701, application program module is realized module to JCE and sends the first RSA key for including key identification to deriving
Request;
Step 702, JCE realizes module and receives the first RSA key to deriving request, creates with the random of key identification
Source, key identification is converted into cipher key number, and sends the second RSA key for including cipher key number to cipher card to deriving request;
Step 703, cipher card receives the second RSA key to deriving request, and realizes, to JCE, the finger that module transmission has been stored
Determine the public key data of the corresponding RSA key pair of cipher key number;
Step 704, JCE realizes the public key data that module receives cipher card transmission, is assembled according to public key data and cipher key number
False private key data, and public key data, false private key data are converted into key object and are sent to application program module.
Specifically, the SecureRandom class that JCE is realized in module can pass through getInstance (String
Algorithm, Provider provider) one random number object of method instantiation, wherein algorithm parameter is random
The algorithm that number is generated.In the present embodiment, as the parameter of mark internal key;Provider parameter is the name of service provider
Claim, such as " FishermanJCE " is a set of JCE supplier title from realization.Algorithm when implementing, in building method
Parameter is input into corresponding key identification, and such as " RandomRSAx ", " x " represents corresponding cipher key number, be specifically represented by
SecureRandom ran=SecureRandom.getInstance (" RandomRSA1 ", " FishermanJCE ").
Specifically, realize the KeyPairGenerator class of module to obtain public key and vacation inside cipher card by JCE
Private key.KeyPairGenerator class can pass through public static KeyPairGenerator getInstance
(String algorithm, Provider provider) one object of method instantiation, wherein algorithm parameter are specified
The algorithm of key pair, provider parameter specified services provider.public void initialize(int keysize,
SecureRandom random) method, the key pair generator of cipher key size is determined using given stochastic source initialization, its
Middle keysize is long come the film for determining key pair, and random is the random source object that specifies, in the present embodiment in incoming previous step
The stochastic source SecureRandom object ran of establishment.Public KeyPair generateKeyPair () method, according to
The initialized content of initialize carries out key generation work, returns the object of a pair of unsymmetrical key pair.Public key is true
, can directly enter row operation;The private key of cipher key pair is false private key, and corresponding parameter is vacation, and embedded key number internally
Information " RSA_x ", wherein x is cipher key number.
Specifically, inside public KeyPair generateKeyPair () method, according to cipher key number, cipher card is derived
The public key of storage inside, and other components in addition to n are then replaced by private key with binary random number, and in element d
Embedded key information in (or the other elements in addition to n), such as " RSA_x ", x is cipher key number.Binary system after will be embedded
Random number is converted into positive integer and is assembled into false private key.Finally public key and corresponding vacation private key are returned.
Concrete product process is as follows:
KeyPairGenerator kpg=KeyPairGenerator.getInstance (" RSA ", "
FishermanJCE");
kpg.initialize(2048,ran);
KeyPair kp=kpg.generateKeyPair ();
PublicKey pubkey=kp.getPublic ();
PrivateKey prikey=kp.getPrivate().
As shown in figure 8, the key calculation step 80 includes:
Step 801, application program module realizes module transmission to JCE includes that the first RSA key computing of key object please
Ask;
Step 802, JCE realizes module and receives the first RSA key computing request, and the key object for receiving is solved
Analysis, and include the second RSA key computing request of public key or cipher key number to cipher card transmission according to analysis result;
Step 803, cipher card receives the second RSA key computing request, and realizes module transmission operation result to JCE;
Step 804, JCE realizes the operation result that module receives cipher card transmission, and operation result is sent to application journey
Sequence module.
Specifically, JCE realizes defined in module Cipher class to realize the cryptographic function of encryption and decryption.
public static final Cipher getInstance(String transformation,Provider
Provider) method can one Cipher object of instantiation, wherein, the incoming corresponding algorithm name of transformation parameter
Claim, the incoming service provider for specifying of provider.public final void init(int opmode,Key key,
SecureRandom random) method carries out the initialization of Cipher class, and wherein, opmod is encrypted operation still to specify
Decryption oprerations, cryptographic calculation needs incoming " Cipher.ENCRYPT_MODE ", the incoming " Cipher.DECRYPT_ of deciphering computing
MODE”;Key is the key object for participating in computing, and random is the stochastic source that specifies.When being encrypted computing, incoming obtain
True public key pubkey, when being decrypted computing, incoming acquired vacation private key prikey.public final byte[]
DoFinal (byte [] input) method carries out specific encryption and decryption work, wherein, input parameter be input data, when carrying out
During cryptographic calculation, input is the clear data for needing encryption, returns the ciphertext data after encryption;When computing is decrypted,
Input is the ciphertext data for needing deciphering, returns the clear data after deciphering.
Specifically, public final void init (int opmode, Key key, SecureRandom random)
In realizing inside method, when the key for parsing is a public key, then directly to store, if a private key, then cipher key number will be stored
The element of information is converted into binary system array by positive integer, and finds out embedded cipher key number information Store and get off.public
In realizing inside final byte [] doFinal (byte [] input) method, if being encrypted operation, by input data
Input, public key are passed in cipher card, and cipher card carries out the ciphertext after rsa encryption computing can be encrypted;If being decrypted behaviour
Make, then by input data input, cipher key number, be passed in cipher card, cipher card carries out RSA deciphering computing and finally gives deciphering
Plaintext afterwards.
Specific encryption and decryption flow process is as follows:
Described above is only the general introduction of technical solution of the present invention, in order to more clearly understand the technology handss of the present invention
Section, so as to being practiced according to the content of description, and in order to allow the above and other objects, features and advantages of the present invention
Can become apparent, be exemplified below the specific embodiment of the present invention.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all spirit in the present invention and
Within principle, any modification, equivalent substitution and improvement that is made etc., should be included within the scope of the present invention.
Claims (10)
1. a kind of JCE calls the method that cipher card realizes built-in RSA key computing, it is characterised in that including key deriving step
With key calculation step;
The key deriving step includes:
Application program module is realized module to JCE and sends the first RSA key for including key identification to deriving request;
JCE realizes module and receives the first RSA key to deriving request, creates the stochastic source with key identification, by key identification
Cipher key number is converted into, and sends the second RSA key for including cipher key number to cipher card to deriving request;
Cipher card receives the second RSA key to deriving request, and realizes, to JCE, the specified cipher key number correspondence that module transmission has been stored
RSA key pair public key data;
JCE realizes the public key data that module receives cipher card transmission, tries to give a false impression private key data according to public key data and cipher key number group, and
Public key data, false private key data are converted into key object and are sent to application program module;
The key calculation step includes:
Application program module realizes module transmission to JCE includes the first RSA key computing request of key object;
JCE realizes module and receives the first RSA key computing request, and the key object for receiving is parsed, and according to parsing
As a result sending to cipher card includes the second RSA key computing request of public key or cipher key number;
Cipher card receives the second RSA key computing request, and realizes module transmission operation result to JCE;
JCE realizes the operation result that module receives cipher card transmission, and operation result is sent to application program module.
2. JCE according to claim 1 calls the method that cipher card realizes built-in RSA key computing, it is characterised in that institute
Also include key generation step before stating key deriving step, the key generation step includes:
Cipher card receives the key of cipher card management tool triggering and generates request, obtains the cipher key number that cipher card management tool is specified
Long with film;
Internal generation and the storage for completing RSA key pair according to the cipher key number that specifies and film length of cipher card.
3. JCE according to claim 1 calls the method that cipher card realizes built-in RSA key computing, it is characterised in that institute
State false private key to be assembled according to the form of RSA key centering private key.
4. JCE according to claim 3 calls the method that cipher card realizes built-in RSA key computing, it is characterised in that private
When key is made up of a pair of integer (n, d), the assemble method of the vacation private key is specifically included:
Other components in addition to n are replaced with binary random number;
Embedded key information in other elements in element d or in addition to n;
Binary system random number after embedded key number is converted into positive integer and is assembled into false private key.
5. JCE according to claim 1 calls the method that cipher card realizes built-in RSA key computing, it is characterised in that institute
State in key calculation step, when the key object being resolved to includes public key, public key is converted into cipher card internal identification data
Form, is sent to cipher card and is encrypted computing.
6. JCE according to claim 1 calls the method that cipher card realizes built-in RSA key computing, it is characterised in that institute
State in key calculation step, when the key object being resolved to includes false private key, then by storage cipher key number information in false private key
Element is converted into binary system array by positive integer, and finds out embedded element d or the cipher key number in the other elements in addition to n,
It is sent to cipher card and is decrypted computing.
7. JCE according to claim 5 calls the method that cipher card realizes built-in RSA key computing, it is characterised in that send out
Give the data for also including in the message that cipher card is encrypted computing to need to be encrypted.
8. JCE according to claim 5 calls the method that cipher card realizes built-in RSA key computing, it is characterised in that send out
Give the data for also including in the message that cipher card is decrypted close computing to need to be decrypted.
9. a kind of JCE calls cipher card to realize the device of built-in RSA key computing, it is characterised in that including terminal unit and close
Code card;The terminal unit includes that application program module, JCE realize module and for generating RSA key to specifying for cipher card
The cipher card management tool of cipher key number and film length;The cipher card is plugged on the terminal unit, is managed with the cipher card
Instrument is connected to generate and store the RSA key pair of specified cipher key number and film length;The application program module and the JCE reality
Existing module is connected to send RSA key to derivation or RSA key computing request;The JCE realizes module with the cipher card
It is connected to send to the cipher card, the password RSA key after process to deriving request or RSA key computing request
The card response JCE realizes the request of module.
10. JCE according to claim 9 calls cipher card to realize the device of built-in RSA key computing, it is characterised in that
The cipher card is plugged into the terminal unit by pci interface, PCI_E interface or usb interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610885095.9A CN106452771B (en) | 2016-10-10 | 2016-10-10 | JCE calls the method and device of the built-in RSA key operation of cipher card realization |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610885095.9A CN106452771B (en) | 2016-10-10 | 2016-10-10 | JCE calls the method and device of the built-in RSA key operation of cipher card realization |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106452771A true CN106452771A (en) | 2017-02-22 |
| CN106452771B CN106452771B (en) | 2018-09-18 |
Family
ID=58172438
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610885095.9A Active CN106452771B (en) | 2016-10-10 | 2016-10-10 | JCE calls the method and device of the built-in RSA key operation of cipher card realization |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106452771B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107368746A (en) * | 2017-07-26 | 2017-11-21 | 成都三零盛安信息系统有限公司 | Cryptographic algorithm call method and device based on encrypted card |
| CN107392036A (en) * | 2017-07-26 | 2017-11-24 | 成都三零盛安信息系统有限公司 | Cryptographic algorithm call method and device based on encrypted card |
| CN108199841A (en) * | 2018-02-08 | 2018-06-22 | 山东渔翁信息技术股份有限公司 | A kind of SM2 keys operation method realized based on JCE frames and device |
| CN109347625A (en) * | 2018-08-31 | 2019-02-15 | 阿里巴巴集团控股有限公司 | Crypto-operation, method, cryptographic service platform and the equipment for creating working key |
| CN111580956A (en) * | 2020-04-13 | 2020-08-25 | 北京三未信安科技发展有限公司 | Cipher card and its key space configuration method and key use method |
| CN113329030A (en) * | 2020-07-08 | 2021-08-31 | 支付宝(杭州)信息技术有限公司 | Block chain all-in-one machine, password acceleration card thereof, and key management method and device |
| CN115378584A (en) * | 2022-08-16 | 2022-11-22 | 北京国领科技有限公司 | A method of invoking a cryptographic module using a ciphertext private key in a VPN |
| CN115514472A (en) * | 2022-08-15 | 2022-12-23 | 北京国领科技有限公司 | Method for calling password card by using false private key in VPN |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8320556B1 (en) * | 2006-09-28 | 2012-11-27 | Rockwell Collins, Inc. | Method to allow cryptographic processing of messages without sanitizing the cryptographic processor between messages |
| CN103425939A (en) * | 2013-08-07 | 2013-12-04 | 成都卫士通信息产业股份有限公司 | Implementation method and system for SM3 algorithm in JAVA environment |
-
2016
- 2016-10-10 CN CN201610885095.9A patent/CN106452771B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8320556B1 (en) * | 2006-09-28 | 2012-11-27 | Rockwell Collins, Inc. | Method to allow cryptographic processing of messages without sanitizing the cryptographic processor between messages |
| CN103425939A (en) * | 2013-08-07 | 2013-12-04 | 成都卫士通信息产业股份有限公司 | Implementation method and system for SM3 algorithm in JAVA environment |
Non-Patent Citations (4)
| Title |
|---|
| 国家质量监督检验检疫总局: "《中华人民共和国国家标准》", 31 December 2008 * |
| 山东渔翁信息技术股份有限公司: "渔翁信息PCI-E密码卡系列产品", 《百度文库》 * |
| 无名: "关于RSA加密算法的工具类", 《HTTP://C610367182.ITEYE.COM/BLOG/1983387》 * |
| 汪永好等: "基于加密卡的JCE 的研究与实现", 《计算机工程与设计》 * |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107368746A (en) * | 2017-07-26 | 2017-11-21 | 成都三零盛安信息系统有限公司 | Cryptographic algorithm call method and device based on encrypted card |
| CN107392036A (en) * | 2017-07-26 | 2017-11-24 | 成都三零盛安信息系统有限公司 | Cryptographic algorithm call method and device based on encrypted card |
| CN108199841A (en) * | 2018-02-08 | 2018-06-22 | 山东渔翁信息技术股份有限公司 | A kind of SM2 keys operation method realized based on JCE frames and device |
| CN109347625A (en) * | 2018-08-31 | 2019-02-15 | 阿里巴巴集团控股有限公司 | Crypto-operation, method, cryptographic service platform and the equipment for creating working key |
| CN109347625B (en) * | 2018-08-31 | 2020-04-24 | 阿里巴巴集团控股有限公司 | Password operation method, work key creation method, password service platform and equipment |
| CN111580956A (en) * | 2020-04-13 | 2020-08-25 | 北京三未信安科技发展有限公司 | Cipher card and its key space configuration method and key use method |
| CN113329030A (en) * | 2020-07-08 | 2021-08-31 | 支付宝(杭州)信息技术有限公司 | Block chain all-in-one machine, password acceleration card thereof, and key management method and device |
| US11626984B2 (en) | 2020-07-08 | 2023-04-11 | Alipay (Hangzhou) Information Technology Co., Ltd. | Blockchain integrated station and cryptographic acceleration card, key management methods and apparatuses |
| CN115514472A (en) * | 2022-08-15 | 2022-12-23 | 北京国领科技有限公司 | Method for calling password card by using false private key in VPN |
| CN115378584A (en) * | 2022-08-16 | 2022-11-22 | 北京国领科技有限公司 | A method of invoking a cryptographic module using a ciphertext private key in a VPN |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106452771B (en) | 2018-09-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106452771B (en) | JCE calls the method and device of the built-in RSA key operation of cipher card realization | |
| US10595201B2 (en) | Secure short message service (SMS) communications | |
| US10009173B2 (en) | System, device, and method of secure entry and handling of passwords | |
| JP4866863B2 (en) | Security code generation method and user device | |
| EP2095288B1 (en) | Method for the secure storing of program state data in an electronic device | |
| US20170195121A1 (en) | Token binding using trust module protected keys | |
| CN105722067B (en) | Data method for encryption/decryption and device on mobile terminal | |
| CN108566381A (en) | A kind of security upgrading method, device, server, equipment and medium | |
| CN106063183A (en) | Method and apparatus for cloud-assisted cryptography | |
| CN204360381U (en) | mobile device | |
| CN115348077B (en) | A virtual machine encryption method, device, equipment, and storage medium | |
| CN110889696A (en) | Storage method, device, equipment and medium for alliance block chain secret key based on SGX technology | |
| CN110061957A (en) | Data encryption, decryption method, user terminal, server and data management system | |
| Zhou et al. | Implementation of cryptographic algorithm in dynamic QR code payment system and its performance | |
| CN108718233B (en) | Encryption method, computer equipment and storage medium | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| CN113067823A (en) | Mail user identity authentication and key distribution method, system, device and medium | |
| CN115499118A (en) | Message key generation method, message key generation device, file encryption method, message key decryption method, file encryption device, file decryption device and medium | |
| CN118400098B (en) | A private key security management method and system based on random number encryption key | |
| CN113722741A (en) | Data encryption method and device and data decryption method and device | |
| CN103425939B (en) | A kind of SM3 algorithm realization method and system in JAVA environment | |
| Ouyang et al. | SCB: Flexible and efficient asymmetric computations utilizing symmetric cryptosystems implemented with Intel SGX | |
| CN115987597A (en) | Key updating method and system based on software, terminal equipment and virtual server | |
| CN110515640A (en) | Firmware upgrading method, device, equipment and storage medium of security chip | |
| CN109492359A (en) | A kind of secure network middleware and its implementation and device for authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 264200 No. 12-1, Chuhe North Road, chucun Town, gaoqu District, Weihai City, Shandong Province Patentee after: Yuweng Information Technology Co.,Ltd. Address before: No.12, Chuhe North Road, gaoqu District, Weihai City, Shandong Province Patentee before: SHANDONG FISHERMAN INFORMATION TECHNOLOGY Co.,Ltd. |
|
| CP03 | Change of name, title or address |