[go: up one dir, main page]

CN106850191A - The encryption and decryption method and device of distributed memory system communication protocol - Google Patents

The encryption and decryption method and device of distributed memory system communication protocol Download PDF

Info

Publication number
CN106850191A
CN106850191A CN201710088017.0A CN201710088017A CN106850191A CN 106850191 A CN106850191 A CN 106850191A CN 201710088017 A CN201710088017 A CN 201710088017A CN 106850191 A CN106850191 A CN 106850191A
Authority
CN
China
Prior art keywords
field
message
storage system
receiving end
distributed storage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710088017.0A
Other languages
Chinese (zh)
Other versions
CN106850191B (en
Inventor
李强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201710088017.0A priority Critical patent/CN106850191B/en
Publication of CN106850191A publication Critical patent/CN106850191A/en
Application granted granted Critical
Publication of CN106850191B publication Critical patent/CN106850191B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)

Abstract

本发明涉及存储系统数据安全技术领域,公开了一种分布式存储系统通信协议的加密、解密方法及装置,其中加密方法包括:发送端获取待加密的原始数据;发送端构建分布式存储系统通信协议的报文;发送端获取加密算法的共享密钥;发送端通过加密算法,利用共享密钥对报文中的第二字段至第六字段进行加密;发送端通过加密算法,利用报文中的第五字段的临时请求密钥对报文中的第七字段进行加密,发送端将加密后的报文发送至接收端。本发明针对RC4加密算法的问题,设计了一种长度可变、无重复序列的加密方法,增加了加密后数据被破解的难度,提高了数据传输的安全性。

The invention relates to the technical field of storage system data security, and discloses an encryption and decryption method and device for a communication protocol of a distributed storage system, wherein the encryption method includes: the sending end obtains the original data to be encrypted; the sending end constructs a distributed storage system communication protocol message; the sender obtains the shared key of the encryption algorithm; the sender uses the encryption algorithm to encrypt the second field to the sixth field in the message with the shared key; the sender uses the encryption algorithm to use the shared key in the message The temporary request key in the fifth field of the message encrypts the seventh field in the message, and the sending end sends the encrypted message to the receiving end. Aiming at the problems of the RC4 encryption algorithm, the present invention designs an encryption method with variable length and no repeated sequence, which increases the difficulty of decrypting encrypted data and improves the security of data transmission.

Description

分布式存储系统通信协议的加密、解密方法及装置Encryption and decryption method and device for distributed storage system communication protocol

技术领域technical field

本发明涉及存储系统数据安全技术领域,尤其涉及一种分布式存储系统通信协议的加密、解密方法及装置。The invention relates to the technical field of storage system data security, in particular to an encryption and decryption method and device for a communication protocol of a distributed storage system.

背景技术Background technique

分布式存储系统,是将数据分散存储在多台独立的设备上。分布式存储系统往往有多个节点组成,大规模分布式存储会有跨机房、在公网上传输控制数据、文件数据的情况。特别是在互联网环境下,会有攻击者根据报文长度推测报文内容,进而破解存储通信装置,截取关键内容信息。如何保证在公网上安全、可靠传输数据就变成了构建分布式存储系统的基础性问题。A distributed storage system stores data dispersedly on multiple independent devices. Distributed storage systems often consist of multiple nodes, and large-scale distributed storage may transmit control data and file data across computer rooms and on the public network. Especially in the Internet environment, some attackers may infer the content of the message based on the length of the message, and then crack the storage communication device to intercept key content information. How to ensure safe and reliable data transmission on the public network has become a fundamental issue in building a distributed storage system.

分布式存储通信协议是构成分布式存储系统的基础,它保证了不同节点间状态、元数据信息的一致性,提供了用户访问、使用存储系统的基本条件。但其信息内容都暴露在公共网络上,信息安全收到极大的威胁,所以必须采取一定的措施才能保证彼此间信息传输的安全性。The distributed storage communication protocol is the basis of the distributed storage system. It ensures the consistency of state and metadata information between different nodes, and provides the basic conditions for users to access and use the storage system. However, its information content is exposed on the public network, and information security is greatly threatened. Therefore, certain measures must be taken to ensure the security of information transmission between each other.

RC4加密算法是一种对称加密算法(Symmetric Key Encryption),它是一个可变密钥长度、面向字节操作的流密码。流密码也属于对称密码,但与分组加密算法不同的是,流密码不对明文数据进行分组,而是用密钥生成与明文一样长短的密码流对明文进行加密,加解密使用相同的密钥。RC4加密算法被广泛应用于SSL/TLS(安全套接协议/传输层安全协议)标准,该标准是为网络浏览器和服务器间通信而制定的。The RC4 encryption algorithm is a symmetric encryption algorithm (Symmetric Key Encryption), which is a stream cipher with variable key length and byte-oriented operations. Stream ciphers are also symmetric ciphers, but unlike block encryption algorithms, stream ciphers do not group plaintext data, but use keys to generate cipher streams of the same length as plaintext to encrypt plaintext, and the same key is used for encryption and decryption. The RC4 encryption algorithm is widely used in the SSL/TLS (Secure Sockets Protocol/Transport Layer Security Protocol) standard, which is developed for communication between web browsers and servers.

RC4加密算法特点:(1)算法简洁易于软件实现,加密速度快,安全性比较高;(2)密钥长度可变,一般用256个字节。因为RC4加密算法具有实现简单,加密速度快,对硬件资源耗费低等优点,使其跻身于轻量级加密算法的行列。但是其简单的算法结构也容易遭到破解攻击,RC4加密算法的加密强度完全取决于密钥,即伪随机序列生成,而真正的随机序列是不可能实现,只能实现伪随机。这就不可避免出现密钥的重复。RC4加密算法不管是加密还是解密,都只进行了异或运算,这就意味着,一旦子密钥序列出现了重复,密文就极有可能被破解。Features of the RC4 encryption algorithm: (1) The algorithm is simple and easy to implement by software, the encryption speed is fast, and the security is relatively high; (2) The key length is variable, generally 256 bytes. Because the RC4 encryption algorithm has the advantages of simple implementation, fast encryption speed, and low consumption of hardware resources, it ranks among the ranks of lightweight encryption algorithms. However, its simple algorithm structure is also vulnerable to cracking attacks. The encryption strength of the RC4 encryption algorithm depends entirely on the key, that is, the pseudo-random sequence generation, and the real random sequence is impossible to achieve, only pseudo-random. This inevitably leads to duplication of keys. Whether it is encryption or decryption, the RC4 encryption algorithm only performs an XOR operation, which means that once the subkey sequence repeats, the ciphertext is very likely to be cracked.

因此,需要设计一种安全性高的分布式存储通信协议加密、解密方法,防止攻击者根据报文长度及重复字段推算出通信报文格式。Therefore, it is necessary to design a highly secure distributed storage communication protocol encryption and decryption method to prevent attackers from deducing the communication message format based on the message length and repeated fields.

发明内容Contents of the invention

针对以上技术问题,本发明的目的是提供一种分布式存储系统通信协议的加密、解密方法及装置,针对RC4加密算法的问题,设计了一种长度可变、无重复序列的加密方法,增加了加密后数据被破解的难度,提高了数据传输的安全性。For the above technical problems, the purpose of the present invention is to provide a method and device for encrypting and decrypting the communication protocol of a distributed storage system. For the problem of the RC4 encryption algorithm, a variable-length, non-repetitive sequence encryption method is designed, increasing It reduces the difficulty of decrypting encrypted data and improves the security of data transmission.

为达到上述目的,本发明通过以下技术方案实现:In order to achieve the above object, the present invention is achieved through the following technical solutions:

本发明提供一种分布式存储系统通信协议的加密方法,包括以下步骤:The invention provides an encryption method of a distributed storage system communication protocol, comprising the following steps:

发送端获取待加密的原始数据;The sender obtains the original data to be encrypted;

发送端构建分布式存储系统通信协议的报文,所述分布式存储系统通信协议的报文包括七个字段,其中第一字段为占一个字节的随机数,第二字段为占四个字节的魔法数字,第三字段为占一个字节的第四字段的长度值,第四字段为随机长度、随机内容的垃圾文字,第五字段为临时请求密钥,第六字段为临时响应密钥,第七字段为发送端上待加密的原始数据;The sending end constructs a message of the distributed storage system communication protocol, and the message of the distributed storage system communication protocol includes seven fields, wherein the first field is a random number occupying one byte, and the second field is a four-word section, the third field is the length value of the fourth field, which occupies one byte, the fourth field is garbage text with random length and random content, the fifth field is the temporary request key, and the sixth field is the temporary response key Key, the seventh field is the original data to be encrypted on the sending end;

发送端获取加密算法的共享密钥;The sender obtains the shared key of the encryption algorithm;

发送端通过加密算法,利用共享密钥对报文中的第二字段至第六字段进行加密;The sending end encrypts the second field to the sixth field in the message with the shared key through an encryption algorithm;

发送端通过加密算法,利用报文中的第五字段的临时请求密钥对报文中的第七字段进行加密,发送端将加密后的报文发送至接收端。The sending end encrypts the seventh field in the message by using the temporary request key of the fifth field in the message through an encryption algorithm, and the sending end sends the encrypted message to the receiving end.

进一步地,所述分布式存储系统通信协议的报文的七个字段由分布式存储系统的多个存储节点生成。Further, the seven fields of the message of the distributed storage system communication protocol are generated by multiple storage nodes of the distributed storage system.

进一步地,所述临时请求密钥和临时响应密钥由分布式存储系统的每个存储节点每隔规定时间随机生成。Further, the temporary request key and the temporary response key are randomly generated by each storage node of the distributed storage system every specified time.

进一步地,所述加密算法为RC4加密算法。Further, the encryption algorithm is RC4 encryption algorithm.

本发明还提供一种分布式存储系统通信协议的解密方法,包括以下步骤:The present invention also provides a method for decrypting the communication protocol of the distributed storage system, comprising the following steps:

接收端接收来自发送端的加密后的报文;The receiving end receives the encrypted message from the sending end;

接收端构建分布式存储系统通信协议的报文,所述分布式存储系统通信协议的报文包括七个字段,其中第一字段为占一个字节的随机数,第二字段为占四个字节的魔法数字,第三字段为占一个字节的第四字段的长度值,第四字段为随机长度、随机内容的垃圾文字,第五字段为临时请求密钥,第六字段为临时响应密钥,第七字段为接收端上待解密的原始数据;The receiving end constructs a message of the distributed storage system communication protocol. The message of the distributed storage system communication protocol includes seven fields, wherein the first field is a random number occupying one byte, and the second field is a four-word section, the third field is the length value of the fourth field, which occupies one byte, the fourth field is garbage text with random length and random content, the fifth field is the temporary request key, and the sixth field is the temporary response key Key, the seventh field is the original data to be decrypted on the receiving end;

接收端获取加密算法的共享密钥;The receiving end obtains the shared key of the encryption algorithm;

接收端通过加密算法,利用共享密钥对报文中的第二字段至第六字段进行解密,并将第一字段至第四字段内容丢弃;The receiving end decrypts the second field to the sixth field in the message by using the shared key through the encryption algorithm, and discards the contents of the first field to the fourth field;

接收端通过加密算法,利用报文中第六字段的临时响应密钥对报文中第六字段之后的字节进行解密,得到解密后的原始数据。The receiving end decrypts the bytes after the sixth field in the message by using the temporary response key of the sixth field in the message through an encryption algorithm, and obtains the decrypted original data.

进一步地,所述接收端通过加密算法,利用共享密钥对报文中的第二字段至第六字段进行解密,并将第一字段至第四字段内容丢弃,进一步包括:Further, the receiving end uses an encryption algorithm to decrypt the second field to the sixth field in the message by using the shared key, and discards the contents of the first field to the fourth field, further comprising:

接收端读取报文中时,直接跳过并丢弃第一字段;When the receiving end reads the message, it directly skips and discards the first field;

接收端通过加密算法,利用共享密钥对报文中的第二字段进行解密,并验证第二字段解密后的明文是否是魔法数字,若是,则进行下一步,若否,则丢弃该报文;The receiving end uses the encryption algorithm to decrypt the second field in the message using the shared key, and verifies whether the decrypted plaintext of the second field is a magic number. If yes, proceed to the next step; if not, discard the message ;

接收端读取报文中的第三字段,得到报文中的第四字段垃圾文字的长度值;The receiving end reads the third field in the message, and obtains the length value of the garbage text in the fourth field in the message;

接收端通过加密算法,利用共享密钥对报文中的第四字段进行解密,丢弃解密后的第四字段的垃圾文字;The receiving end uses the shared key to decrypt the fourth field in the message through an encryption algorithm, and discards the decrypted junk text in the fourth field;

接收端通过加密算法,利用共享密钥对报文中的第五字段和第六字段进行解密。The receiving end decrypts the fifth field and the sixth field in the message by using the encryption algorithm and the shared key.

本发明提供了基于上述分布式存储系统通信协议的加密方法的分布式存储系统通信协议的加密装置,包括:The present invention provides an encryption device for a distributed storage system communication protocol based on the encryption method of the above-mentioned distributed storage system communication protocol, including:

原始数据获取单元,用于发送端获取待加密的原始数据;The original data acquisition unit is used for the sender to acquire the original data to be encrypted;

发送端报文构建单元,用于发送端构建分布式存储系统通信协议的报文,所述分布式存储系统通信协议的报文包括七个字段,其中第一字段为占一个字节的随机数,第二字段为占四个字节的魔法数字,第三字段为占一个字节的第四字段的长度值,第四字段为随机长度、随机内容的垃圾文字,第五字段为临时请求密钥,第六字段为临时响应密钥,第七字段为发送端上待加密的原始数据;The sending end message construction unit is used for the sending end to construct the message of the distributed storage system communication protocol, and the message of the distributed storage system communication protocol includes seven fields, wherein the first field is a random number occupying one byte , the second field is the magic number of four bytes, the third field is the length value of the fourth field of one byte, the fourth field is the garbage text of random length and random content, and the fifth field is the temporary request password key, the sixth field is the temporary response key, and the seventh field is the original data to be encrypted on the sender;

共享密钥获取单元,用于发送端获取加密算法的共享密钥;A shared key acquisition unit, used for the sender to acquire the shared key of the encryption algorithm;

第一加密单元,用于发送端通过加密算法,利用共享密钥对报文中的第二字段至第六字段进行加密;The first encryption unit is used for the sending end to encrypt the second field to the sixth field in the message by using an encryption algorithm with a shared key;

第二加密单元,用于发送端通过加密算法,利用报文中的第五字段的临时请求密钥对报文中的第七字段进行加密,发送端将加密后的报文发送至接收端。The second encryption unit is used for the sending end to encrypt the seventh field in the message by using the temporary request key of the fifth field in the message through an encryption algorithm, and the sending end sends the encrypted message to the receiving end.

本发明还提供了基于上述分布式存储系统通信协议的解密方法的分布式存储系统通信协议的解密装置,包括:The present invention also provides a decryption device for a distributed storage system communication protocol based on the decryption method of the above-mentioned distributed storage system communication protocol, including:

报文接收单元,用于接收端接收来自发送端的加密的报文;The message receiving unit is used for the receiving end to receive the encrypted message from the sending end;

接收端报文构建单元,接收端构建分布式存储系统通信协议的报文,所述分布式存储系统通信协议的报文包括七个字段,其中第一字段为占一个字节的随机数,第二字段为占四个字节的魔法数字,第三字段为占一个字节的第四字段的长度值,第四字段为随机长度、随机内容的垃圾文字,第五字段为临时请求密钥,第六字段为临时响应密钥,第七字段为接收端上待解密的原始数据;The receiving end message construction unit, the receiving end constructs the message of the distributed storage system communication protocol, and the message of the distributed storage system communication protocol includes seven fields, wherein the first field is a random number occupying one byte, and the second The second field is the magic number of four bytes, the third field is the length value of the fourth field of one byte, the fourth field is random length and random content of garbage text, the fifth field is the temporary request key, The sixth field is the temporary response key, and the seventh field is the original data to be decrypted on the receiving end;

获取单元,用于接收端获取加密算法的共享密钥;The acquisition unit is used for the receiving end to acquire the shared key of the encryption algorithm;

第一解密单元,用于接收端通过加密算法,利用共享密钥对报文中的第二字段至第六字段进行解密,并将第一字段至第四字段内容丢弃;The first decryption unit is used for the receiving end to use the shared key to decrypt the second field to the sixth field in the message through an encryption algorithm, and discard the contents of the first field to the fourth field;

第二解密单元,接收端通过加密算法,利用报文中第六字段的临时响应密钥对报文中第六字段之后的字节进行解密,得到解密后的原始数据。In the second decryption unit, the receiving end decrypts the bytes after the sixth field in the message by using the temporary response key in the sixth field in the message through an encryption algorithm, and obtains the decrypted original data.

进一步地,第一解密单元进一步包括:Further, the first decryption unit further includes:

第一读取单元,用于接收端读取报文中时,直接跳过并丢弃第一字段;The first reading unit is used for directly skipping and discarding the first field when the receiving end reads the message;

第一解密子单元,用于接收端通过加密算法,利用共享密钥对报文中的第二字段进行解密,并验证第二字段解密后的明文是否是魔法数字,若是,则进行下一步,若否,则丢弃该报文;The first decryption subunit is used for the receiving end to decrypt the second field in the message by using the shared key through an encryption algorithm, and verify whether the decrypted plaintext of the second field is a magic number, and if so, proceed to the next step, If not, discard the message;

第二读取单元,用于接收端读取报文中的第三字段,得到报文中的第四字段垃圾文字的长度值;The second reading unit is used for the receiving end to read the third field in the message to obtain the length value of the garbage text in the fourth field in the message;

第二解密子单元,用于接收端通过加密算法,利用共享密钥对报文中的第四字段进行解密,丢弃解密后的第四字段的垃圾文字;The second decryption subunit is used for the receiving end to decrypt the fourth field in the message by using the shared key through an encryption algorithm, and discard the junk text in the decrypted fourth field;

第三解密子单元,用于接收端通过加密算法,利用共享密钥对报文中的第五字段和第六字段进行解密。The third decryption subunit is used for the receiving end to decrypt the fifth field and the sixth field in the message by using the shared key through an encryption algorithm.

与现有技术相比,本发明一种分布式存储系统通信协议的加密、解密方法的有益效果如下:Compared with the prior art, the beneficial effects of the encryption and decryption method of a distributed storage system communication protocol of the present invention are as follows:

1.本发明构建的分布式存储系统通信协议的报文包括七个字段,其中第四字段为随机长度、随机内容的垃圾文字,这样的通信协议的报文没有固定长度,即使是相同类型的报文,甚至是同一个数据包,加密后的密文内容和长度均不一样,增加了加密后数据被破解的难度,提高了数据传输的安全性;1. The message of the communication protocol of the distributed storage system constructed by the present invention includes seven fields, wherein the fourth field is garbage text of random length and random content. The message of such a communication protocol has no fixed length, even if it is the same type For a message, even the same data packet, the content and length of the encrypted ciphertext are different, which increases the difficulty of decrypting the encrypted data and improves the security of data transmission;

2.由于分布式存储系统通信协议的报文中临时请求密钥和临时响应密钥的存在,并且是由分布式存储系统的每个节点每隔规定时间随机生成,有效时间范围是当前的请求-响应对,这样即使是相同的明文在不同时刻加密后生成的密文也不重复,同样增加了加密后数据被破解的难度,提高了数据传输的安全性;2. Due to the existence of the temporary request key and the temporary response key in the message of the distributed storage system communication protocol, and are randomly generated by each node of the distributed storage system every specified time, the valid time range is the current request - Response is correct, so even if the same plaintext is encrypted at different times, the ciphertext generated will not be repeated, which also increases the difficulty of decrypting encrypted data and improves the security of data transmission;

一种分布式存储系统通信协议的加密、解密装置的有益效果与一种分布式存储系统通信协议的加密、解密方法的有益效果类似,在此不再赘述。The beneficial effects of an encryption and decryption device for a distributed storage system communication protocol are similar to those of an encryption and decryption method for a distributed storage system communication protocol, and will not be repeated here.

附图说明Description of drawings

图1为本发明分布式存储系统通信协议的加密方法的流程示意图。FIG. 1 is a schematic flowchart of an encryption method of a communication protocol of a distributed storage system according to the present invention.

图2为本发明分布式存储系统通信协议的解密方法的流程示意图。FIG. 2 is a schematic flowchart of a decryption method for a communication protocol of a distributed storage system according to the present invention.

图3为本发明分布式存储系统通信协议的加密装置的结构示意图。FIG. 3 is a schematic structural diagram of an encryption device for a communication protocol of a distributed storage system according to the present invention.

图4为本发明分布式存储系统通信协议的解密装置的结构示意图。FIG. 4 is a schematic structural diagram of a decryption device for a communication protocol of a distributed storage system according to the present invention.

具体实施方式detailed description

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

下面对下列实施例中出现的名词及概念进行解释说明:The nouns and concepts appearing in the following examples are explained below:

分布式存储系统,是将数据分散存储在多台独立的设备上,其采用可扩展的系统结构,利用多台存储服务器分担存储负荷,利用位置服务器定位存储信息,它不但提高了系统的可靠性、可用性和存取效率,还易于扩展。分布式存储系统包含多个存储节点,存储节点一般是一个存储服务器(必然带控制器),服务器之间通过高速网络互连。Distributed storage system is to disperse and store data on multiple independent devices. It adopts a scalable system structure, uses multiple storage servers to share the storage load, and uses location servers to locate and store information. It not only improves the reliability of the system , usability and access efficiency, and easy to expand. A distributed storage system includes multiple storage nodes. A storage node is generally a storage server (must have a controller), and the servers are interconnected through a high-speed network.

分布式存储系统中目前常用的通信协议有安全外壳SSH(Secure Shell)协议、安全套接层SSL(Security Socket Layer)协议和安全电子交易SET(Secure ElectronicTransaction)协议。Currently commonly used communication protocols in distributed storage systems include Secure Shell (SSH) protocol, Secure Socket Layer SSL (Security Socket Layer) protocol and Secure Electronic Transaction SET (Secure Electronic Transaction) protocol.

分布式存储系统中数据的安全需要采用密码技术进行保护,数据加密是所有数据安全技术的核心。常见的加密算法可以分成三类:对称加密算法(Symmetric KeyEncryption)、非对称加密算法(Asymmetric Key Encryption)和哈希算法。加密算法的效能通常可以按照算法本身的复杂程度、密钥长度(密钥越长越安全)、加解密速度等来衡量。对称加密算法要求加密和解密双方用于相同的密钥,典型的对称加密算法包括DES(DataEncryption Standard)、3DES、Bloefish、IDEA、RC4、RC5、RC6和AES(Advanced EncryptionStandard)。而非对称加密算法是加密和解密双方采用互不相同的密钥,在不知道陷门信息的情况下,加密密钥和解密密钥是不能相互导出的,典型的非对称加密算法包括RSA,ECC、DSA。哈希算法用来校验数据的完整性,典型的哈希算法包括MD2、MD4、MD5(Message-DigestAlgorithm 5)和SHA-1。The security of data in a distributed storage system needs to be protected by cryptographic technology, and data encryption is the core of all data security technologies. Common encryption algorithms can be divided into three categories: symmetric encryption algorithm (Symmetric Key Encryption), asymmetric encryption algorithm (Asymmetric Key Encryption) and hash algorithm. The performance of an encryption algorithm can usually be measured in terms of the complexity of the algorithm itself, the length of the key (the longer the key, the more secure it is), the speed of encryption and decryption, etc. The symmetric encryption algorithm requires both encryption and decryption to use the same key. Typical symmetric encryption algorithms include DES (Data Encryption Standard), 3DES, Bloefish, IDEA, RC4, RC5, RC6, and AES (Advanced Encryption Standard). The asymmetric encryption algorithm uses different keys for encryption and decryption. Without knowing the trapdoor information, the encryption key and decryption key cannot be derived from each other. Typical asymmetric encryption algorithms include RSA, ECC, DSA. Hash algorithms are used to verify the integrity of data. Typical hash algorithms include MD2, MD4, MD5 (Message-Digest Algorithm 5) and SHA-1.

下面结合附图和具体实施方式对本发明一种分布式存储系统通信协议的加密、解密方法及装置作进一步地说明:The encryption and decryption method and device of a distributed storage system communication protocol of the present invention will be further described below in conjunction with the accompanying drawings and specific implementation methods:

实施例1Example 1

请参考图1,一种分布式存储系统通信协议的加密方法,包括以下步骤:Please refer to Figure 1, an encryption method for a distributed storage system communication protocol, including the following steps:

步骤S101:发送端获取待加密的原始数据。Step S101: The sender obtains the original data to be encrypted.

步骤S102:发送端构建分布式存储系统通信协议的报文,所述分布式存储系统通信协议的报文包括七个字段,其中第一字段为占一个字节的随机数,第二字段为占四个字节的魔法数字,第三字段为占一个字节的第四字段的长度值,第四字段为随机长度、随机内容的垃圾文字,第五字段为临时请求密钥,第六字段为临时响应密钥,第七字段为发送端上待加密的原始数据。Step S102: The sender constructs a message of the communication protocol of the distributed storage system, and the message of the communication protocol of the distributed storage system includes seven fields, wherein the first field is a random number occupying one byte, and the second field is a random number occupying one byte. A four-byte magic number, the third field is the length value of the fourth field, which occupies one byte, the fourth field is random length and random content garbage text, the fifth field is the temporary request key, and the sixth field is Temporary response key, the seventh field is the original data to be encrypted on the sender.

值得说明的是,分布式存储系统通信协议的报文的七个字段由分布式存储系统的多个存储节点生成,临时请求密钥和临时响应密钥为每隔规定时间由分布式存储系统的每个存储节点随机生成,规定时间建议为2小时。第一字段的随机数用于逃避协议识别,攻击者不能利用报文头来断定该报文是分布式存储系统的通信协议。第二字段的魔法数字为0x195E8FF1,用于给分布式存储系统的通信协议自己判断,这是否是一个通信协议报文,如果要加强防护,魔法数字可以有多个。为了防御有的网络管理人员或攻击者根据报文长度封堵我们的报文,协议在第四字段填充了一段随机长度、随机内容的垃圾文字,垃圾文字可以是纯数字,长度为10~100字节。第三字段是随机填充内容的长度。第五和第六字段是加解密的密钥之一,这个加解密密钥是每个存储节点自己随机生成,有效范围是当前请求-响应对,这样即使是相同的报文在不同时刻生成的密文内容也不相同。It is worth noting that the seven fields of the message of the distributed storage system communication protocol are generated by multiple storage nodes of the distributed storage system, and the temporary request key and temporary response key are generated by the distributed storage system at regular intervals. Each storage node is randomly generated, and the recommended time is 2 hours. The random number in the first field is used to evade protocol identification, and the attacker cannot use the packet header to conclude that the packet is a communication protocol of the distributed storage system. The magic number in the second field is 0x195E8FF1, which is used for the communication protocol of the distributed storage system to judge whether this is a communication protocol message. If protection is required, there can be multiple magic numbers. In order to prevent some network managers or attackers from blocking our messages according to the length of the message, the protocol fills a piece of garbage text with random length and random content in the fourth field. The garbage text can be pure numbers, and the length is 10~100 byte. The third field is the length of the random pad content. The fifth and sixth fields are one of the keys for encryption and decryption. This encryption and decryption key is randomly generated by each storage node. The valid range is the current request-response pair, so that even if the same message is generated at different times The ciphertext content is also different.

所述临时请求密钥用于对请求消息的发送端加密,发送请求消息接收端解密;所述临时响应密钥用于给响应消息的发送端加密,接收响应消息的接收端解密。The temporary request key is used to encrypt the sender of the request message, and decrypted by the receiver of the request message; the temporary response key is used to encrypt the sender of the response message, and decrypted by the receiver of the response message.

步骤S103:发送端获取加密算法的共享密钥。Step S103: The sender obtains the shared key of the encryption algorithm.

共享密钥是一串参与加密的字符串,加密算法在共享密钥的控制下进行操作,对应不同的密钥,相同的加密算法和相同的明文可以产生完全不同的密文。The shared key is a string of strings involved in encryption. The encryption algorithm operates under the control of the shared key. Corresponding to different keys, the same encryption algorithm and the same plaintext can produce completely different ciphertexts.

加密算法的共享密钥的获取方式可以是密钥服务器、U盘或Email。The way to obtain the shared key of the encryption algorithm can be a key server, U disk or Email.

本发明所采用的加密算法是RC4加密算法。RC4加密算法与待加密的数据采用异或(XOR)运算生成密文,如共享密钥的字节为01101100,待加密数据的明文字节为11001100,则得出的密文字节为10100000。同样解密过程也是密文和共享密钥进行异或(XOR)运算,得到相应的原始数据明文。The encryption algorithm adopted in the present invention is the RC4 encryption algorithm. The RC4 encryption algorithm and the data to be encrypted use exclusive OR (XOR) operation to generate ciphertext. For example, the byte of the shared key is 01101100, and the plaintext byte of the data to be encrypted is 11001100, then the obtained ciphertext byte is 10100000. Similarly, the decryption process is to perform exclusive OR (XOR) operation on the ciphertext and the shared key to obtain the corresponding plaintext of the original data.

步骤S104:发送端通过加密算法,利用共享密钥对报文中的第二字段至第六字段进行加密。Step S104: The sending end encrypts the second field to the sixth field in the message by using an encryption algorithm and a shared key.

值得说明的是,第一字段的随机数不需要加密。It is worth noting that the random number in the first field does not need to be encrypted.

步骤S105:发送端通过加密算法,利用报文中的第五字段的临时请求密钥对报文中的第七字段进行加密,发送端将加密后的报文发送至接收端。Step S105: The sending end encrypts the seventh field in the message by using the temporary request key in the fifth field in the message through an encryption algorithm, and the sending end sends the encrypted message to the receiving end.

这样以来,通过该加密方法加密后,除了第一字段是明文外,第二至第七字段都是密文。In this way, after being encrypted by this encryption method, except the first field is plaintext, the second to seventh fields are all ciphertext.

实施例2Example 2

请参考图2,一种分布式存储系统通信协议的解密方法,包括以下步骤:Please refer to Fig. 2, a decryption method of a distributed storage system communication protocol, comprising the following steps:

步骤S201:接收端接收来自发送端的加密的报文。Step S201: the receiving end receives the encrypted message from the sending end.

步骤S202:接收端构建分布式存储系统通信协议的报文,所述分布式存储系统通信协议的报文包括七个字段,其中第一字段为占一个字节的随机数,第二字段为占四个字节的魔法数字0x195E8FF1,第三字段为占一个字节的第四字段的长度值,第四字段为随机长度、随机内容的垃圾文字,第五字段为临时请求密钥,第六字段为临时响应密钥,第七字段为接收端上待解密的原始数据。Step S202: The receiving end constructs a message of the distributed storage system communication protocol. The message of the distributed storage system communication protocol includes seven fields, wherein the first field is a random number occupying one byte, and the second field is a random number occupying one byte. The four-byte magic number 0x195E8FF1, the third field is the length value of the fourth field, which occupies one byte, the fourth field is garbage text with random length and random content, the fifth field is the temporary request key, and the sixth field It is the temporary response key, and the seventh field is the original data to be decrypted on the receiving end.

步骤S203:接收端获取加密算法的共享密钥。Step S203: the receiving end obtains the shared key of the encryption algorithm.

步骤S204:接收端通过加密算法,利用共享密钥对报文中的第二字段至第六字段进行解密,并将第一字段至第四字段内容丢弃。Step S204: The receiving end decrypts the second field to the sixth field in the message by using the shared key through an encryption algorithm, and discards the contents of the first field to the fourth field.

步骤S205:接收端通过加密算法,利用第六字段的临时响应密钥对第六字段之后的字节进行解密,得到解密后的原始数据。Step S205: The receiving end uses the temporary response key in the sixth field to decrypt the bytes after the sixth field through an encryption algorithm to obtain the decrypted original data.

接收端同时保存临时请求密钥,用于供发送响应请求时使用。The receiving end also saves the temporary request key for use when sending the response request.

上述步骤S204进一步包括:The above step S204 further includes:

步骤S2041:接收端读取报文中时,直接跳过并丢弃第一字段;Step S2041: When the receiving end reads the message, directly skip and discard the first field;

步骤S2042:接收端通过加密算法,利用共享密钥对报文中的第二字段进行解密,并验证第二字段解密后的明文是否是魔法数字0x195E8FF1,若是,则进行下一步步骤S2043,若否,则丢弃该报文;Step S2042: The receiving end uses the encryption algorithm to decrypt the second field in the message using the shared key, and verifies whether the decrypted plaintext of the second field is the magic number 0x195E8FF1, if yes, proceed to the next step S2043, if not , the message is discarded;

步骤S2043:接收端读取报文中的第三字段,得到报文中的第四字段垃圾文字的长度值,如垃圾文字的长度为k字节;Step S2043: the receiving end reads the third field in the message, and obtains the length value of the garbage text in the fourth field in the message, for example, the length of the junk text is k bytes;

步骤S2044:接收端通过加密算法,利用共享密钥对报文中k字节的第四字段进行解密,丢弃解密后的第四字段的垃圾文字;Step S2044: The receiving end uses the shared key to decrypt the fourth field of k bytes in the message through an encryption algorithm, and discards the decrypted junk text in the fourth field;

步骤S2045:接收端通过加密算法,利用共享密钥对报文中的第五字段和第六字段进行解密。Step S2045: The receiving end decrypts the fifth field and the sixth field in the message by using the encryption algorithm and the shared key.

实施例3Example 3

请参考图3,一种分布式存储系统通信协议的加密装置,包括以下单元:Please refer to Figure 3, an encryption device for a distributed storage system communication protocol, including the following units:

原始数据获取单元301,用于发送端获取待加密的原始数据;An original data obtaining unit 301, configured for the sending end to obtain the original data to be encrypted;

发送端报文构建单元302,用于发送端构建分布式存储系统通信协议的报文,所述分布式存储系统通信协议的报文包括七个字段,其中第一字段为占一个字节的随机数,第二字段为占四个字节的魔法数字,第三字段为占一个字节的第四字段的长度值,第四字段为随机长度、随机内容的垃圾文字,第五字段为临时请求密钥,第六字段为临时响应密钥,第七字段为发送端上待加密的原始数据;The message construction unit 302 at the sending end is used for the sending end to construct a message of the distributed storage system communication protocol. The message of the distributed storage system communication protocol includes seven fields, wherein the first field is a random field occupying one byte. number, the second field is a magic number that occupies four bytes, the third field is the length value of the fourth field that occupies one byte, the fourth field is garbage text with random length and random content, and the fifth field is a temporary request key, the sixth field is the temporary response key, and the seventh field is the original data to be encrypted on the sender;

共享密钥获取单元303,用于发送端获取加密算法的共享密钥;Shared key acquisition unit 303, used for the sender to acquire the shared key of the encryption algorithm;

第一加密单元304,用于发送端通过加密算法,利用共享密钥对报文中的第二字段至第六字段进行加密;The first encryption unit 304 is configured to encrypt the second field to the sixth field in the message by using an encryption algorithm at the sending end;

第二加密单元305,用于发送端通过加密算法,利用报文中的第五字段的临时请求密钥对报文中的第七字段进行加密,发送端将加密后的报文发送至接收端。The second encryption unit 305 is used for the sending end to encrypt the seventh field in the message by using the temporary request key of the fifth field in the message through an encryption algorithm, and the sending end sends the encrypted message to the receiving end .

上述原始数据获取单元301依次顺序连接发送端报文构建单元302、共享密钥获取单元303、第一加密单元304和第二加密单元305。The original data acquisition unit 301 is sequentially connected to the sending end message construction unit 302 , the shared key acquisition unit 303 , the first encryption unit 304 and the second encryption unit 305 .

实施例4Example 4

请参考图4,一种分布式存储系统通信协议的解密装置,包括以下单元:Please refer to Figure 4, a decryption device for a distributed storage system communication protocol, including the following units:

报文接收单元401,用于接收端接收来自发送端的加密的报文;A message receiving unit 401, configured for the receiving end to receive the encrypted message from the sending end;

接收端报文构建单元402,接收端构建分布式存储系统通信协议的报文,所述分布式存储系统通信协议的报文包括七个字段,其中第一字段为占一个字节的随机数,第二字段为占四个字节的魔法数字,第三字段为占一个字节的第四字段的长度值,第四字段为随机长度、随机内容的垃圾文字,第五字段为临时请求密钥,第六字段为临时响应密钥,第七字段为接收端上待解密的原始数据;The receiving end message construction unit 402, the receiving end constructs a message of the distributed storage system communication protocol, the message of the distributed storage system communication protocol includes seven fields, wherein the first field is a random number occupying one byte, The second field is a four-byte magic number, the third field is the length value of the one-byte fourth field, the fourth field is garbage text with random length and random content, and the fifth field is a temporary request key , the sixth field is the temporary response key, and the seventh field is the original data to be decrypted on the receiving end;

获取单元403,用于接收端获取加密算法的共享密钥;The obtaining unit 403 is used for the receiving end to obtain the shared key of the encryption algorithm;

第一解密单元404,用于接收端通过加密算法,利用共享密钥对报文中的第二字段至第四字段进行解密,并将第一字段至第四字段内容丢弃;The first decryption unit 404 is used for the receiving end to decrypt the second field to the fourth field in the message by using the shared key through an encryption algorithm, and discard the contents of the first field to the fourth field;

第二解密单元405,用于接收端通过加密算法,利用第六字段的临时响应密钥对第六字段之后的字节进行解密,得到解密后的原始数据。The second decryption unit 405 is used for the receiving end to use the temporary response key in the sixth field to decrypt the bytes after the sixth field through an encryption algorithm to obtain the decrypted original data.

所述第一解密单元404进一步包括:The first decryption unit 404 further includes:

第一读取单元4041,用于接收端读取报文中时,直接跳过并丢弃第一字段;The first reading unit 4041 is used for directly skipping and discarding the first field when the receiving end reads the message;

第一解密子单元4042,用于接收端通过加密算法,利用共享密钥对报文中的第二字段进行解密,并验证第二字段解密后的明文是否是魔法数字,若是,则进行第二读取单元4043,若否,则丢弃该报文;The first decryption subunit 4042 is used for the receiving end to decrypt the second field in the message by using the shared key through the encryption algorithm, and verify whether the decrypted plaintext of the second field is a magic number, and if so, perform the second The reading unit 4043, if not, discard the message;

第二读取单元4043,用于接收端读取报文中的第三字段,得到报文中的第四字段垃圾文字的长度值;The second reading unit 4043 is used for the receiving end to read the third field in the message to obtain the length value of the garbage text in the fourth field in the message;

第二解密子单元4044,用于接收端通过加密算法,利用共享密钥对报文中的第四字段进行解密,丢弃解密后的第四字段的垃圾文字;The second decryption subunit 4044 is used for the receiving end to use the shared key to decrypt the fourth field in the message through an encryption algorithm, and discard the decrypted junk text in the fourth field;

第三解密子单元4045,用于接收端通过加密算法,利用共享密钥对报文中的第五字段和第六字段进行解密。The third decryption subunit 4045 is used for the receiving end to decrypt the fifth field and the sixth field in the message by using the shared key through an encryption algorithm.

上述报文接收单元401依次顺序连接接收端报文构建单元402、获取单元403、第一解密单元404和第二解密单元405,其中第一解密单元404进一步包括第一读取单元4041、第一解密子单元4042、第二读取单元4043、第二解密子单元4044和第三解密子单元4045。The above message receiving unit 401 is sequentially connected to the receiving end message building unit 402, the obtaining unit 403, the first decrypting unit 404 and the second decrypting unit 405, wherein the first decrypting unit 404 further includes a first reading unit 4041, a first The decryption subunit 4042 , the second reading unit 4043 , the second decryption subunit 4044 and the third decryption subunit 4045 .

对于本发明实施例公开的装置而言,由于其与实施例公开的方法相对应,所以描述比较简单,相关之处参见方法部分说明即可。As for the device disclosed in the embodiment of the present invention, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and for relevant details, please refer to the description of the method part.

专业人员还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。而这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。Professionals can further realize that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, computer software or a combination of the two. In order to clearly illustrate the possible For interchangeability, in the above description, the composition and steps of each example have been generally described according to their functions. Whether these functions are performed by hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present invention.

以上所述仅为本发明示意性的具体实施方式,并非用以限定本发明的范围,任何本领域的技术人员在不脱离本发明构思和原则的前提下所做出的等同变化与修改,均应属于本发明保护的范围。The above descriptions are only illustrative specific implementations of the present invention, and are not intended to limit the scope of the present invention. Any equivalent changes and modifications made by those skilled in the art without departing from the concepts and principles of the present invention are acceptable. Should belong to the protection scope of the present invention.

Claims (9)

1.一种分布式存储系统通信协议的加密方法,其特征在于,包括以下步骤:1. An encryption method of a distributed storage system communication protocol, characterized in that, comprising the following steps: 发送端获取待加密的原始数据;The sender obtains the original data to be encrypted; 发送端构建分布式存储系统通信协议的报文,所述分布式存储系统通信协议的报文包括七个字段,其中第一字段为占一个字节的随机数,第二字段为占四个字节的魔法数字,第三字段为占一个字节的第四字段的长度值,第四字段为随机长度、随机内容的垃圾文字,第五字段为临时请求密钥,第六字段为临时响应密钥,第七字段为发送端上待加密的原始数据;The sending end constructs a message of the distributed storage system communication protocol, and the message of the distributed storage system communication protocol includes seven fields, wherein the first field is a random number occupying one byte, and the second field is a four-word section, the third field is the length value of the fourth field, which occupies one byte, the fourth field is garbage text with random length and random content, the fifth field is the temporary request key, and the sixth field is the temporary response key Key, the seventh field is the original data to be encrypted on the sending end; 发送端获取加密算法的共享密钥;The sender obtains the shared key of the encryption algorithm; 发送端通过加密算法,利用共享密钥对报文中的第二字段至第六字段进行加密;The sending end encrypts the second field to the sixth field in the message with the shared key through an encryption algorithm; 发送端通过加密算法,利用报文中的第五字段的临时请求密钥对报文中的第七字段进行加密,发送端将加密后的报文发送至接收端。The sending end encrypts the seventh field in the message by using the temporary request key of the fifth field in the message through an encryption algorithm, and the sending end sends the encrypted message to the receiving end. 2.根据权利要求1所述的分布式存储系统通信协议的加密方法,其特征在于,所述分布式存储系统通信协议的报文的七个字段由分布式存储系统的多个存储节点生成。2. The encryption method of the distributed storage system communication protocol according to claim 1, wherein the seven fields of the message of the distributed storage system communication protocol are generated by a plurality of storage nodes of the distributed storage system. 3.根据权利要求1所述的分布式存储系统通信协议的加密方法,其特征在于,所述临时请求密钥和临时响应密钥由分布式存储系统的每个存储节点每隔规定时间随机生成。3. The encryption method of the distributed storage system communication protocol according to claim 1, wherein the temporary request key and the temporary response key are randomly generated by each storage node of the distributed storage system at regular intervals . 4.根据权利要求1所述的分布式存储系统通信协议的加密方法,其特征在于,所述加密算法为RC4加密算法。4. The encryption method of the distributed storage system communication protocol according to claim 1, wherein the encryption algorithm is an RC4 encryption algorithm. 5.一种分布式存储系统通信协议的解密方法,其特征在于,包括以下步骤:5. A method for decrypting a distributed storage system communication protocol, comprising the following steps: 接收端接收来自发送端的加密后的报文;The receiving end receives the encrypted message from the sending end; 接收端构建分布式存储系统通信协议的报文,所述分布式存储系统通信协议的报文包括七个字段,其中第一字段为占一个字节的随机数,第二字段为占四个字节的魔法数字,第三字段为占一个字节的第四字段的长度值,第四字段为随机长度、随机内容的垃圾文字,第五字段为临时请求密钥,第六字段为临时响应密钥,第七字段为接收端上待解密的原始数据;The receiving end constructs a message of the distributed storage system communication protocol. The message of the distributed storage system communication protocol includes seven fields, wherein the first field is a random number occupying one byte, and the second field is a four-word section, the third field is the length value of the fourth field, which occupies one byte, the fourth field is garbage text with random length and random content, the fifth field is the temporary request key, and the sixth field is the temporary response key Key, the seventh field is the original data to be decrypted on the receiving end; 接收端获取加密算法的共享密钥;The receiving end obtains the shared key of the encryption algorithm; 接收端通过加密算法,利用共享密钥对报文中的第二字段至第六字段进行解密,并将第一字段至第四字段内容丢弃;The receiving end decrypts the second field to the sixth field in the message by using the shared key through the encryption algorithm, and discards the contents of the first field to the fourth field; 接收端通过加密算法,利用报文中的第六字段的临时响应密钥对报文中第六字段之后的字节进行解密,得到解密后的原始数据。The receiving end decrypts the bytes after the sixth field in the message by using the temporary response key of the sixth field in the message through an encryption algorithm, and obtains the decrypted original data. 6.根据权利要求5所述的分布式存储系统通信协议的解密方法,其特征在于,所述接收端通过加密算法,利用共享密钥对报文中的第二字段至第六字段进行解密,并将第一字段至第四字段内容丢弃,进一步包括:6. The decryption method of the distributed storage system communication protocol according to claim 5, wherein the receiving end uses an encryption algorithm to decrypt the second field to the sixth field in the message using a shared key, And discard the contents of the first field to the fourth field, further including: 接收端读取报文中时,直接跳过并丢弃第一字段;When the receiving end reads the message, it directly skips and discards the first field; 接收端通过加密算法,利用共享密钥对报文中的第二字段进行解密,并验证第二字段解密后的明文是否是魔法数字,若是,则进行下一步,若否,则丢弃该报文;The receiving end uses the encryption algorithm to decrypt the second field in the message using the shared key, and verifies whether the decrypted plaintext of the second field is a magic number. If yes, proceed to the next step; if not, discard the message ; 接收端读取报文中的第三字段,得到报文中的第四字段垃圾文字的长度值;The receiving end reads the third field in the message, and obtains the length value of the garbage text in the fourth field in the message; 接收端通过加密算法,利用共享密钥对报文中的第四字段进行解密,丢弃解密后的第四字段的垃圾文字;The receiving end uses the shared key to decrypt the fourth field in the message through an encryption algorithm, and discards the decrypted junk text in the fourth field; 接收端通过加密算法,利用共享密钥对报文中的第五字段和第六字段进行解密。The receiving end decrypts the fifth field and the sixth field in the message by using the encryption algorithm and the shared key. 7.基于权利要求1~4中任一项所述的分布式存储系统通信协议的加密方法的分布式存储系统通信协议的加密装置,其特征在于,包括:7. The encryption device of the distributed storage system communication protocol based on the encryption method of the distributed storage system communication protocol described in any one of claims 1 to 4, characterized in that, comprising: 原始数据获取单元,用于发送端获取待加密的原始数据;The original data acquisition unit is used for the sender to acquire the original data to be encrypted; 发送端报文构建单元,用于发送端构建分布式存储系统通信协议的报文,所述分布式存储系统通信协议的报文包括七个字段,其中第一字段为占一个字节的随机数,第二字段为占四个字节的魔法数字,第三字段为占一个字节的第四字段的长度值,第四字段为随机长度、随机内容的垃圾文字,第五字段为临时请求密钥,第六字段为临时响应密钥,第七字段为发送端上待加密的原始数据;The sending end message construction unit is used for the sending end to construct the message of the distributed storage system communication protocol, and the message of the distributed storage system communication protocol includes seven fields, wherein the first field is a random number occupying one byte , the second field is the magic number of four bytes, the third field is the length value of the fourth field of one byte, the fourth field is the garbage text of random length and random content, and the fifth field is the temporary request password key, the sixth field is the temporary response key, and the seventh field is the original data to be encrypted on the sender; 共享密钥获取单元,用于发送端获取加密算法的共享密钥;A shared key acquisition unit, used for the sender to acquire the shared key of the encryption algorithm; 第一加密单元,用于发送端通过加密算法,利用共享密钥对报文中的第二字段至第六字段进行加密;The first encryption unit is used for the sending end to encrypt the second field to the sixth field in the message by using an encryption algorithm using a shared key; 第二加密单元,用于发送端通过加密算法,利用报文中的第五字段的临时请求密钥对报文中的第七字段进行加密,发送端将加密后的报文发送至接收端。The second encryption unit is used for the sending end to encrypt the seventh field in the message by using the temporary request key of the fifth field in the message through an encryption algorithm, and the sending end sends the encrypted message to the receiving end. 8.基于权利要求5~6中任一项所述的分布式存储系统通信协议的解密方法的分布式存储系统通信协议的解密装置,其特征在于,包括:8. The decryption device of the distributed storage system communication protocol based on the decryption method of the distributed storage system communication protocol described in any one of claims 5 to 6, characterized in that it comprises: 报文接收单元,用于接收端接收来自发送端的加密后的报文;The message receiving unit is used for the receiving end to receive the encrypted message from the sending end; 接收端报文构建单元,接收端构建分布式存储系统通信协议的报文,所述分布式存储系统通信协议的报文包括七个字段,其中第一字段为占一个字节的随机数,第二字段为占四个字节的魔法数字,第三字段为占一个字节的第四字段的长度值,第四字段为随机长度、随机内容的垃圾文字,第五字段为临时请求密钥,第六字段为临时响应密钥,第七字段为接收端上待解密的原始数据;The receiving end message construction unit, the receiving end constructs the message of the distributed storage system communication protocol, and the message of the distributed storage system communication protocol includes seven fields, wherein the first field is a random number occupying one byte, and the second The second field is the magic number of four bytes, the third field is the length value of the fourth field of one byte, the fourth field is random length and random content of garbage text, the fifth field is the temporary request key, The sixth field is the temporary response key, and the seventh field is the original data to be decrypted on the receiving end; 获取单元,用于接收端获取加密算法的共享密钥;The acquisition unit is used for the receiving end to acquire the shared key of the encryption algorithm; 第一解密单元,用于接收端通过加密算法,利用共享密钥对报文中的第二字段至第六字段进行解密,并将第一字段至第四字段内容丢弃;The first decryption unit is used for the receiving end to use the shared key to decrypt the second field to the sixth field in the message through an encryption algorithm, and discard the contents of the first field to the fourth field; 第二解密单元,接收端通过加密算法,利用报文中的第六字段的临时响应密钥对报文中的第六字段之后的字节进行解密,得到解密后的原始数据。In the second decryption unit, the receiving end uses the temporary response key of the sixth field in the message to decrypt the bytes after the sixth field in the message through an encryption algorithm to obtain decrypted original data. 9.根据权利要求8所述的分布式存储系统通信协议的解密装置,其特征在于,第一解密单元进一步包括:9. The decryption device of the distributed storage system communication protocol according to claim 8, wherein the first decryption unit further comprises: 第一读取单元,用于接收端读取报文中时,直接跳过并丢弃第一字段;The first reading unit is used for directly skipping and discarding the first field when the receiving end reads the message; 第一解密子单元,用于接收端通过加密算法,利用共享密钥对报文中的第二字段进行解密,并验证第二字段解密后的明文是否是魔法数字,若是,则进行下一步,若否,则丢弃该报文;The first decryption subunit is used for the receiving end to decrypt the second field in the message by using the shared key through an encryption algorithm, and verify whether the decrypted plaintext of the second field is a magic number, and if so, proceed to the next step, If not, discard the message; 第二读取单元,用于接收端读取报文中的第三字段,得到报文中的第四字段垃圾文字的长度值;The second reading unit is used for the receiving end to read the third field in the message to obtain the length value of the garbage text in the fourth field in the message; 第二解密子单元,用于接收端通过加密算法,利用共享密钥对报文中的第四字段进行解密,丢弃解密后的第四字段的垃圾文字;The second decryption subunit is used for the receiving end to decrypt the fourth field in the message by using the shared key through an encryption algorithm, and discard the junk text in the decrypted fourth field; 第三解密子单元,用于接收端通过加密算法,利用共享密钥对报文中的第五字段和第六字段进行解密。The third decryption subunit is used for the receiving end to decrypt the fifth field and the sixth field in the message by using the shared key through an encryption algorithm.
CN201710088017.0A 2017-02-19 2017-02-19 Encryption and decryption method and device for communication protocol of distributed storage system Active CN106850191B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710088017.0A CN106850191B (en) 2017-02-19 2017-02-19 Encryption and decryption method and device for communication protocol of distributed storage system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710088017.0A CN106850191B (en) 2017-02-19 2017-02-19 Encryption and decryption method and device for communication protocol of distributed storage system

Publications (2)

Publication Number Publication Date
CN106850191A true CN106850191A (en) 2017-06-13
CN106850191B CN106850191B (en) 2020-03-10

Family

ID=59127890

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710088017.0A Active CN106850191B (en) 2017-02-19 2017-02-19 Encryption and decryption method and device for communication protocol of distributed storage system

Country Status (1)

Country Link
CN (1) CN106850191B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108540501A (en) * 2018-07-18 2018-09-14 郑州云海信息技术有限公司 A kind of method and apparatus of asymmetric cryptosystem
CN108833086A (en) * 2018-05-04 2018-11-16 深圳绿米联创科技有限公司 Fingerprint lock and its working method
CN109474425A (en) * 2018-12-25 2019-03-15 国科量子通信网络有限公司 A method for obtaining a derivation key of arbitrary specified length based on multiple shared keys
CN109815713A (en) * 2018-12-27 2019-05-28 郑州新大方重工科技有限公司 A kind of encryption method based on electric system of engineering machinery
CN112637225A (en) * 2020-12-28 2021-04-09 厦门市美亚柏科信息股份有限公司 Data sending method, data receiving method, client and server
CN113904789A (en) * 2021-08-17 2022-01-07 卡斯柯信号有限公司 Encryption method, equipment and storage medium of railway safety communication protocol
CN114500093A (en) * 2022-02-24 2022-05-13 中国工商银行股份有限公司 Safe interaction method and system for message information
CN117527238A (en) * 2024-01-03 2024-02-06 成都新希望金融信息有限公司 Key generation method, device, electronic equipment and storage medium
CN119696866A (en) * 2024-12-10 2025-03-25 数字大理建设运营有限公司 A USB disk encryption system for data element circulation

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010023484A1 (en) * 2000-03-14 2001-09-20 Gen Ichimura Transmission apparatus, reception apparatus, transmission method, reception method and recording medium
CN1777040A (en) * 2005-12-14 2006-05-24 北京北大方正电子有限公司 A method for encoding and decoding variable-length structured information
CN101785272A (en) * 2007-08-20 2010-07-21 高通股份有限公司 Method and apparatus for generating cryptosync
CN104156451A (en) * 2014-08-18 2014-11-19 深圳市一五一十网络科技有限公司 Data storage managing method and system
CN104796249A (en) * 2015-03-19 2015-07-22 谭旗 Method for encrypting serial communication data of microcomputer
CN105357004A (en) * 2015-12-03 2016-02-24 万达信息股份有限公司 Medical privacy data self-encryption method and self-decryption method
CN105847238A (en) * 2016-03-16 2016-08-10 杭州狮说教育科技有限公司 Safe data transmission method based on Real-Time Messaging Protocol (RTMP) connections

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010023484A1 (en) * 2000-03-14 2001-09-20 Gen Ichimura Transmission apparatus, reception apparatus, transmission method, reception method and recording medium
CN1777040A (en) * 2005-12-14 2006-05-24 北京北大方正电子有限公司 A method for encoding and decoding variable-length structured information
CN101785272A (en) * 2007-08-20 2010-07-21 高通股份有限公司 Method and apparatus for generating cryptosync
CN104156451A (en) * 2014-08-18 2014-11-19 深圳市一五一十网络科技有限公司 Data storage managing method and system
CN104796249A (en) * 2015-03-19 2015-07-22 谭旗 Method for encrypting serial communication data of microcomputer
CN105357004A (en) * 2015-12-03 2016-02-24 万达信息股份有限公司 Medical privacy data self-encryption method and self-decryption method
CN105847238A (en) * 2016-03-16 2016-08-10 杭州狮说教育科技有限公司 Safe data transmission method based on Real-Time Messaging Protocol (RTMP) connections

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108833086B (en) * 2018-05-04 2024-09-10 深圳绿米联创科技有限公司 Fingerprint lock and working method thereof
CN108833086A (en) * 2018-05-04 2018-11-16 深圳绿米联创科技有限公司 Fingerprint lock and its working method
CN108540501A (en) * 2018-07-18 2018-09-14 郑州云海信息技术有限公司 A kind of method and apparatus of asymmetric cryptosystem
CN109474425A (en) * 2018-12-25 2019-03-15 国科量子通信网络有限公司 A method for obtaining a derivation key of arbitrary specified length based on multiple shared keys
CN109474425B (en) * 2018-12-25 2021-06-25 国科量子通信网络有限公司 A method for obtaining a derivation key of arbitrary specified length based on multiple shared keys
CN109815713A (en) * 2018-12-27 2019-05-28 郑州新大方重工科技有限公司 A kind of encryption method based on electric system of engineering machinery
CN112637225A (en) * 2020-12-28 2021-04-09 厦门市美亚柏科信息股份有限公司 Data sending method, data receiving method, client and server
CN113904789A (en) * 2021-08-17 2022-01-07 卡斯柯信号有限公司 Encryption method, equipment and storage medium of railway safety communication protocol
CN113904789B (en) * 2021-08-17 2024-03-29 卡斯柯信号有限公司 A railway security communication protocol encryption method, device and storage medium
CN114500093B (en) * 2022-02-24 2024-06-11 中国工商银行股份有限公司 Safe interaction method and system for message information
CN114500093A (en) * 2022-02-24 2022-05-13 中国工商银行股份有限公司 Safe interaction method and system for message information
CN117527238A (en) * 2024-01-03 2024-02-06 成都新希望金融信息有限公司 Key generation method, device, electronic equipment and storage medium
CN117527238B (en) * 2024-01-03 2024-03-19 成都新希望金融信息有限公司 Key generation method, device, electronic equipment and storage medium
CN119696866A (en) * 2024-12-10 2025-03-25 数字大理建设运营有限公司 A USB disk encryption system for data element circulation
CN119696866B (en) * 2024-12-10 2025-06-27 数字大理建设运营有限公司 USB flash disk encryption system for data element circulation

Also Published As

Publication number Publication date
CN106850191B (en) 2020-03-10

Similar Documents

Publication Publication Date Title
CN106850191B (en) Encryption and decryption method and device for communication protocol of distributed storage system
CN112398651B (en) Quantum secret communication method and device, electronic equipment and storage medium
CN105049401B (en) A kind of safety communicating method based on intelligent vehicle
CN110096901B (en) Electronic contract data encryption storage method and signing client
JP5526747B2 (en) Decryption device, encryption device, decryption method, encryption method, and communication system
US9614669B1 (en) Secure network communications using hardware security barriers
US20150229621A1 (en) One-time-pad data encryption in communication channels
KR20210124368A (en) End-to-end double ratchet encryption using epoch key exchange
CN102025505A (en) Advanced encryption standard (AES) algorithm-based encryption/decryption method and device
JP2005525047A (en) Secure wireless local area network or wireless metropolitan area network and related methods
US10699031B2 (en) Secure transactions in a memory fabric
CN116321129B (en) Lightweight dynamic key-based power transaction private network communication encryption method
Rege et al. Bluetooth communication using hybrid encryption algorithm based on AES and RSA
CN113595720A (en) Communication encryption method for data information of smart power grid
CN116614266A (en) Data transmission method, device, equipment and storage medium
JP2003204326A (en) Communication system, lan controller equipped with encryption function and communication control program
US9825920B1 (en) Systems and methods for multi-function and multi-purpose cryptography
Agosta et al. Cyber-security analysis and evaluation for smart home management solutions
US11343089B2 (en) Cryptography system and method
US12174971B1 (en) System and method for secure electronic transmission
WO2025082030A1 (en) Data transmission method, apparatus, storage medium and device
CN119135592A (en) A UDP link management method, device and storage medium based on quantum encryption card
Boloorchi et al. Symmetric Threshold Multipath (STM): An online symmetric key management scheme
CN102404731B (en) Wireless sensor network dynamic encryption method based on encryption parameter lists
JP5491713B2 (en) ENCRYPTION DEVICE, ENCRYPTION PROGRAM, AND METHOD

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant