CN114172694A - Email encryption and decryption method, system and storage medium - Google Patents
Email encryption and decryption method, system and storage medium Download PDFInfo
- Publication number
- CN114172694A CN114172694A CN202111374441.4A CN202111374441A CN114172694A CN 114172694 A CN114172694 A CN 114172694A CN 202111374441 A CN202111374441 A CN 202111374441A CN 114172694 A CN114172694 A CN 114172694A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- plaintext
- session key
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 238000013507 mapping Methods 0.000 claims description 6
- 238000007726 management method Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 239000000284 extract Substances 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application discloses an electronic mail encryption and decryption method, device, system and storage medium, and relates to the technical field of encryption. The e-mail encryption and decryption method comprises the following steps: randomly generating session key plaintext corresponding to the mails to be encrypted one by one; the mail to be encrypted comprises recipient information, and the recipient information comprises a recipient mail address; encrypting the e-mail plaintext by adopting the session key plaintext to obtain a corresponding e-mail ciphertext; the recipient information is used as a public key to carry out asymmetric encryption on the session key plaintext to obtain a corresponding session key ciphertext; and obtaining the encrypted mail according to the session key ciphertext and the e-mail ciphertext. The electronic mail encryption and decryption method can encrypt the electronic mail, and effectively improves the safety of the electronic mail.
Description
Technical Field
The present application relates to the field of encryption technologies, and in particular, to a method, a system, and a storage medium for encrypting and decrypting an e-mail.
Background
In the related art, with the popularization of the internet, e-mail has become one of the most common communication tools in modern life and work. Although various instant messaging tools are increasingly developed, email remains an important means of communication and information transfer. Statistically, more than 80% of office documents, more than 95% of company business data, and confidential documents are still transmitted and communicated through e-mail. The e-mail brings convenience to people and brings great potential safety hazard. Because the e-mail is sent and received by means of the e-mail system, and the e-mail system usually stores the e-mail in a server in a centralized manner and usually in a clear text form, the e-mail system becomes a target of heavy attack by illegal persons, and once the server is attacked by the illegal persons, the personal privacy and the company secret stored in the server are exposed, so that a great safety hazard exists.
Disclosure of Invention
The present application is directed to solving at least one of the problems in the prior art. Therefore, the application provides an e-mail encryption and decryption method, system and storage medium, which can encrypt the e-mail and effectively improve the security of the e-mail.
The email encryption and decryption method according to the embodiment of the first aspect of the application is applied to an email encryption end and comprises the following steps:
randomly generating session key plaintext corresponding to the mails to be encrypted one by one; the mail to be encrypted comprises recipient information, and the recipient information comprises a recipient mail address;
encrypting the e-mail plaintext by adopting the session key plaintext to obtain a corresponding e-mail ciphertext;
the recipient information is used as a public key to carry out asymmetric encryption on the session key plaintext to obtain a corresponding session key ciphertext;
and obtaining an encrypted mail according to the session key ciphertext and the e-mail ciphertext.
According to some embodiments of the application, before the randomly generating the session key plaintext corresponding to the mail to be encrypted in a one-to-one manner, the method includes:
generating an SM9 private key plaintext corresponding to the mail address of the receiver one by one;
encrypting the SM9 private key plaintext by using a preset master key to obtain an SM9 private key ciphertext corresponding to the SM9 private key plaintext one to one;
storing the recipient email address and the SM9 private key ciphertext in a one-to-one correspondence; wherein the recipient email address and the SM9 private key plaintext are used as a key pair for the session key ciphertext.
According to some embodiments of the present application, the encrypting an e-mail plaintext by using the session key plaintext to obtain a corresponding e-mail ciphertext includes:
and taking the session key plaintext as a key of a SM4 cryptographic algorithm, and symmetrically encrypting the e-mail plaintext to obtain an e-mail ciphertext corresponding to the session key plaintext.
According to some embodiments of the present application, the asymmetrically encrypting the session key plaintext by using the recipient information as a public key to obtain a corresponding session key ciphertext includes:
taking the mail address of the recipient as a public key of a SM9 cryptographic algorithm, and carrying out asymmetric encryption on the plain text of the session key to obtain a session key ciphertext corresponding to the mail address of the recipient; and a key pair formed by the mail address of the recipient and the SM9 private key ciphertext corresponds to the session key ciphertext in a one-to-one manner.
According to some embodiments of the present application, obtaining an encrypted email according to the session key ciphertext and the email ciphertext includes:
modifying the field value of the mail head, wherein the internal mail address and the mail subject of the mail head are kept unchanged;
assembling a mail body consisting of a recipient identifier, the session key ciphertext, a cryptographic algorithm identifier and the e-mail ciphertext by adopting a digital envelope to obtain an encrypted mail; the recipient identification is the recipient email address, and the password algorithm identification is used for recording the SM4 password algorithm.
The electronic mail encryption and decryption method according to the embodiment of the second aspect of the application is applied to a mail decryption end and comprises the following steps:
according to the received encrypted mail, acquiring recipient information and an e-mail ciphertext; wherein the recipient information comprises a recipient email address;
extracting a session key ciphertext corresponding to the recipient information from the encrypted mail;
asymmetrically decrypting the session key ciphertext through a decryption private key corresponding to the recipient information to obtain a session key plaintext;
and symmetrically decrypting the e-mail ciphertext according to the session key plaintext to obtain an e-mail plaintext.
According to some embodiments of the present application, the asymmetrically decrypting the session key ciphertext by using the decryption private key corresponding to the recipient information to obtain a session key plaintext includes:
selecting an SM9 private key ciphertext matched with the mail address of the recipient from a preset SM9 private key mapping table of the recipient; the receiver mail address and the SM9 private key ciphertext which are in one-to-one correspondence are stored in the receiver SM9 private key mapping table;
decrypting the SM9 private key ciphertext by using a preset master key to obtain an SM9 private key plaintext;
and according to the SM9 private key plaintext, asymmetrically decrypting the session key ciphertext to obtain the session key plaintext.
An electronic mail encryption/decryption system according to an embodiment of a third aspect of the present application includes:
the encryption service module is used for randomly generating session key plaintext corresponding to the mails to be encrypted one by one; the session key is also used for encrypting the e-mail plaintext by adopting the session key plaintext to obtain a corresponding e-mail ciphertext; the system is also used for carrying out asymmetric encryption on the session key plaintext by taking the receiver information as a public key to obtain a corresponding session key ciphertext; the electronic mail server is also used for obtaining an encrypted mail according to the session key ciphertext and the electronic mail ciphertext; the mail to be encrypted comprises recipient information, and the recipient information comprises a recipient mail address;
the encryption and decryption module is used for generating an SM9 private key plaintext; the SM9 private key plaintext is encrypted to obtain an SM9 private key ciphertext;
the password management module is used for storing the mail address of the recipient and the SM9 private key ciphertext;
the decryption service module is used for acquiring the recipient information and the e-mail ciphertext according to the received encrypted e-mail; the system is also used for extracting a session key ciphertext corresponding to the recipient information from the encrypted mail; the session key ciphertext is asymmetrically decrypted through a decryption private key corresponding to the recipient information to obtain a session key plaintext; and the electronic mail server is also used for symmetrically decrypting the electronic mail ciphertext according to the session key plaintext to obtain the electronic mail plaintext.
An email encryption and decryption system according to a fourth aspect of the present application includes:
at least one memory;
at least one processor;
at least one program;
the programs are stored in the memory, and the processor executes at least one of the programs to implement one of:
the e-mail encryption and decryption method according to the embodiment of the first aspect;
the email encryption and decryption method according to the embodiment of the second aspect.
A computer-readable storage medium according to an embodiment of the fifth aspect of the application, the computer-readable storage medium storing computer-executable instructions for causing a computer to perform one of:
the e-mail encryption and decryption method according to the embodiment of the first aspect;
the email encryption and decryption method according to the embodiment of the second aspect.
The e-mail encryption and decryption method according to the embodiment of the application has at least the following beneficial effects: on one hand, when encryption is needed, firstly, a mail encryption end randomly generates session key plaintext corresponding to a mail to be encrypted one by one, and encrypts the e-mail plaintext by adopting the session key plaintext to obtain an e-mail ciphertext; the recipient information is used as a public key to carry out asymmetric encryption on the session key plaintext to obtain a session key ciphertext; and then, the mail encryption end obtains the encrypted mail according to the session key ciphertext and the e-mail ciphertext. On the other hand, when decryption is needed, firstly, the mail decryption end acquires recipient information and an e-mail ciphertext according to the received encrypted mail; secondly, extracting a session key ciphertext corresponding to the recipient information from the encrypted mail; thirdly, asymmetrically decrypting the session key ciphertext through a decryption private key corresponding to the recipient information to obtain a session key plaintext; and finally, symmetrically decrypting the e-mail ciphertext according to the session key plaintext to obtain the e-mail plaintext. According to the electronic mail encryption and decryption method, on the one hand, the electronic mail is encrypted and then sent, so that the potential safety hazard of the electronic mail is reduced, and the safety is high; in the second aspect, each receiver in each email corresponds to a session key plaintext, so that a plurality of receivers cannot be influenced mutually, and the security of the email is further improved; in the third aspect, the security of the transmission process is further ensured by encrypting the session key in the clear text, and the end-to-end security is higher. Therefore, the electronic mail encryption and decryption method can encrypt the electronic mail and effectively improve the safety of the electronic mail.
Additional aspects and advantages of the present application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application.
Drawings
The present application is further described with reference to the following figures and examples, in which:
fig. 1 is a schematic flowchart of an email encryption and decryption method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of an email encryption and decryption method according to another embodiment of the present application;
FIG. 3 is a schematic diagram of a connection of an email encryption/decryption system according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an email encryption and decryption system according to another embodiment of the present application.
Reference numerals:
Detailed Description
Reference will now be made in detail to the embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application.
It should be noted that although functional block divisions are provided in the system drawings and logical orders are shown in the flowcharts, in some cases, the steps shown and described may be performed in different orders than the block divisions in the systems or in the flowcharts. The terms etc. in the description and claims and the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.
In the description of the present application, the meaning of a plurality is one or more, the meaning of a plurality is two or more, and the above, below, exceeding, etc. are understood as excluding the present number, and the above, below, within, etc. are understood as including the present number. If the first and second are described for the purpose of distinguishing technical features, they are not to be understood as indicating or implying relative importance or implicitly indicating the number of technical features indicated or implicitly indicating the precedence of the technical features indicated.
In the description of the present application, unless otherwise expressly limited, terms such as set, mounted, connected and the like should be construed broadly, and those skilled in the art can reasonably determine the specific meaning of the terms in the present application by combining the detailed contents of the technical solutions.
In the description of the present application, reference to the description of the terms "one embodiment," "some embodiments," "an illustrative embodiment," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
An email encryption and decryption method according to an embodiment of the present application is described below with reference to fig. 1.
It can be understood that, as shown in fig. 1, there is provided an email encryption and decryption method applied to an email encryption end, including:
step S100, randomly generating session key plaintext corresponding to the mails to be encrypted one by one; the mail to be encrypted comprises recipient information, and the recipient information comprises a recipient mail address.
It should be noted that the recipient information of the mail to be encrypted refers to information of a recipient who is going to receive the electronic mail sent by the sender.
And step S110, encrypting the E-mail plaintext by adopting the session key plaintext to obtain a corresponding E-mail ciphertext.
The method includes that a sender edits an electronic mail, the electronic mail comprises a mail head and a mail body, the mail head comprises a sender mail address, a receiver mail address and a mail subject, and the mail body comprises a mail body and an attachment to be added to the mail; the mail address of the receiver comprises a plurality of internal mail addresses of the receiver belonging to the same mail system with the sender and a plurality of external mail addresses of the receiver not belonging to the same mail system with the sender; when an external mail system is not required to be encrypted, the e-mail plaintext comprises a mail body and a plurality of internal mail addresses; when an external mail system needs to be encrypted, the e-mail plaintext comprises a mail body, a plurality of internal mail addresses and a plurality of external mail addresses.
It should be noted that the internal mail address refers to a recipient mail address belonging to the same mail system as the sender, for example, the sender and the recipient belong to 163 mailboxes together, and the suffix is @163. com; the e-mail plaintext also comprises several external mail addresses of the receivers which do not belong to the same mail system as the sender, corresponding to the internal mail addresses, wherein the external mail addresses refer to the mail addresses of the receivers which do not belong to the same mail system as the sender, for example, the sender belongs to 163 mailbox, and the suffix is @163.com, and the receiver belongs to a QQ mailbox, and the suffix is @ qq.com.
It should be noted that the mail system corresponding to the external mail address may or may not select to encrypt the electronic mail, and may interface with the mail system corresponding to the external mail address as necessary.
And step S120, the recipient information is used as a public key to carry out asymmetric encryption on the session key plaintext to obtain a corresponding session key ciphertext.
It should be noted that, in order to improve security, the session key plaintext is encrypted and decrypted by using a public-key-secret-key pair, where the recipient information is used as a public key to encrypt the session key plaintext.
It should be noted that by randomly generating the session key plaintext corresponding to the recipient email address one by one, and individually using the corresponding session key plaintext to encrypt and decrypt each email plaintext, the security of other encrypted emails will not be affected by the disclosure of the session key plaintext of a single email.
And step S130, obtaining the encrypted mail according to the session key ciphertext and the e-mail ciphertext.
On the one hand, to further improve security, it is necessary to encrypt the session key plaintext, and on the other hand, to ensure decryption efficiency, it is necessary to transmit the session key ciphertext obtained after encryption together with the e-mail.
It can be understood that, before randomly generating the session key plaintext corresponding to the mail to be encrypted, the method comprises the following steps:
generating an SM9 private key plaintext corresponding to the mail address of the receiver one by one;
encrypting the SM9 private key plaintext by using a preset master key to obtain an SM9 private key ciphertext corresponding to the SM9 private key plaintext one to one;
storing the mail address of the addressee and the SM9 private key ciphertext in a one-to-one correspondence relationship; wherein the recipient email address and SM9 private key plaintext are used as the key pair for the session key ciphertext.
It should be noted that, the SM9 private key plaintext is used as a key for decrypting the encrypted mail, and in order to improve the encryption efficiency, the SM9 private key plaintext of all internal mail addresses can be generated before the mail is sent, and is not required to be generated during encryption; in addition, in order to guarantee the security of the key, the plaintext is encrypted by the SM9 private key and then stored.
It should be noted that the master key is configured in advance, and if the master key needs to be modified again, the master key may be modified and then used to encrypt the plaintext of the SM9 private key.
It can be understood that encrypting the email plaintext using the session key plaintext to obtain the corresponding email ciphertext includes:
and taking the session key plaintext as a key of the SM4 algorithm, and symmetrically encrypting the e-mail plaintext to obtain an e-mail ciphertext corresponding to the session key plaintext.
It should be noted that the SM4 algorithm is a block encryption algorithm, and the block encryption algorithm is an iterative block cipher algorithm, and is composed of an encryption/decryption algorithm and a key expansion algorithm. Specifically, the SM4 is a packet encryption algorithm with a Feistel structure, the packet length and the key length of the packet encryption algorithm are both 128bits, and the iteration rounds of the encryption algorithm and the key expansion algorithm are both 32 rounds.
It should be noted that, with the encryption method of the single-key cryptosystem, the same key can be used for both encryption and decryption of information, and this encryption method is called symmetric encryption.
It can be understood that, using the recipient information as a public key to perform asymmetric encryption on the session key plaintext to obtain a corresponding session key ciphertext, includes:
taking the mail address of the receiver as a public key of a SM9 cryptographic algorithm, and carrying out asymmetric encryption on a session key plaintext to obtain a session key ciphertext corresponding to the mail address of the receiver; wherein, the key pair formed by the mail address of the receiver and the SM9 private key ciphertext corresponds to the session key ciphertext in a one-to-one manner.
It should be noted that, the SM9 algorithm is an SM9 identification cryptographic algorithm, and the SM9 identification cryptographic algorithm is an identification cryptographic algorithm based on bilinear pairings, and can use the identity of the user to generate a public and private key pair of the user, and is mainly used for digital signature, data encryption, key exchange, identity authentication, and the like; the SM9 identifies that the cryptographic algorithm has a key length of 256b, and the SM9 identifies that the application and management of the cryptographic algorithm does not require a digital certificate, certificate repository, or key repository.
It should be noted that asymmetric encryption requires two keys for encryption and decryption, which are a public key (public key) and a private key (private key). The public key can be freely issued to the outside; the private key must be kept strictly secret by the user himself, must not be provided to anyone through any way, and cannot be disclosed to the other party to communicate, even if he is trusted.
It can be understood that, according to the session key ciphertext and the email ciphertext, obtaining the encrypted email includes:
modifying the field value of the mail head, and keeping the internal mail address and the mail subject of the mail head unchanged;
assembling a mail body consisting of a recipient identifier, a session key ciphertext, a cipher algorithm identifier and an e-mail ciphertext by adopting a digital envelope to obtain an encrypted mail; wherein, the recipient identification is a recipient mail address, and the password algorithm identification is used for recording the SM4 algorithm.
It should be noted that, after encrypting the plaintext of the e-mail to obtain the ciphertext of the e-mail, assembling is also needed to obtain the encrypted e-mail. In order to make the encrypted mail compatible with the mail system in use, on one hand, the encrypted mail still keeps the MIME format, that is, the sender mail address, the receiver mail address and the mail subject in the mail header are kept unchanged, wherein the receiver mail address comprises an external mail address and an internal mail address; on the other hand, in RFC 4021, the value of the content-type field is modified to multipart/mixed.
Note that MIME is an abbreviation of Multipurpose Internet Mail Extensions, which means Multipurpose Internet Mail Extensions. As can be seen by name, it results from the process of encoding the mail content. It is an internet standard and is defined and updated in a series of RFC documents, such as RFC 6532, RFC 8098, RFC 2231, RFC 6838, RFC 4289, RFC 2049, RFC 4021, and the like.
It should be noted that, when sending an e-mail, the mail header information is used, and part of the Content of the mail header information is defined by RFC 4021, so that, in order to ensure that the e-mail is compatible with the e-mail system, the value of the Content-Type field in RFC 4021 can be modified to multipart/mixed.
It can be understood that before obtaining the plaintext of the session key which generates a one-to-one correspondence to the recipient information of the mail to be received, the method further comprises:
acquiring a clear text of the e-mail;
and extracting the information of the receiver from the clear text of the e-mail.
When a sender needs to send an email, the sender needs to edit the email on a mail system to form the email, and the clear text of the email can be obtained through the email.
An email encryption and decryption method according to an embodiment of the present application is described below with reference to fig. 2.
It can be understood that, as shown in fig. 2, there is provided an email encryption and decryption method applied to an email decryption side, including:
It should be noted that the encrypted mail to be received by the recipient is an encrypted mail that has not been opened by the recipient.
It should be noted that, after the encrypted mail is obtained by the mail decryption end, the mail address of the recipient can be directly obtained.
In step S210, a session key ciphertext corresponding to the recipient information is extracted from the encrypted mail.
It should be noted that the session key ciphertext corresponds to the recipient email address one by one, and the session key ciphertext corresponding to the recipient email address can be obtained through the recipient email address.
And step S220, asymmetrically decrypting the session key ciphertext through the decryption private key corresponding to the recipient information to obtain the session key plaintext.
And step S230, symmetrically decrypting the e-mail ciphertext according to the session key plaintext to obtain the e-mail plaintext.
It can be understood that, the asymmetric decryption is performed on the session key ciphertext through the decryption private key corresponding to the recipient information to obtain the session key plaintext, which includes:
selecting an SM9 private key ciphertext matched with a mail address of a receiver from a preset SM9 private key mapping table of the receiver; the SM9 private key mapping table stores a recipient mail address and an SM9 private key ciphertext which are in one-to-one correspondence;
decrypting the SM9 private key ciphertext by using a preset master key to obtain an SM9 private key plaintext;
and according to the SM9 private key plaintext, asymmetrically decrypting the session key ciphertext to obtain the session key plaintext.
It can be understood that, according to the session key plaintext, symmetrically decrypting the e-mail ciphertext to obtain the e-mail plaintext includes:
and symmetrically decrypting the e-mail ciphertext by adopting a SM4 algorithm according to the session key plaintext to obtain the e-mail plaintext.
An email encryption and decryption system according to an embodiment of the present application is described below with reference to fig. 3.
It is understood that, as shown in fig. 3, the email encryption and decryption system includes:
the encryption service module 100 is configured to randomly generate session key plaintext corresponding to the mail to be encrypted one by one; the session key is also used for encrypting the e-mail plaintext by adopting the session key plaintext to obtain a corresponding e-mail ciphertext; the system is also used for carrying out asymmetric encryption on the session key plaintext by taking the receiver information as a public key to obtain a corresponding session key ciphertext; the electronic mail server is also used for obtaining an encrypted mail according to the session key ciphertext and the electronic mail ciphertext; the mail to be encrypted comprises recipient information, and the recipient information comprises a recipient mail address;
an encryption and decryption module 120, configured to generate a plaintext of a SM9 private key; the SM9 private key ciphertext is obtained by encrypting the SM9 private key plaintext;
the password management module 130 is used for storing the mail address of the recipient and the private key ciphertext of the SM 9;
the decryption service module 110 is configured to obtain recipient information and an email ciphertext according to the received encrypted email; the system is also used for extracting a session key ciphertext corresponding to the recipient information from the encrypted mail; the system is also used for asymmetrically decrypting the session key ciphertext through a decryption private key corresponding to the recipient information to obtain a session key plaintext; and the system is also used for symmetrically decrypting the e-mail ciphertext according to the session key plaintext to obtain the e-mail plaintext.
On one hand, when encryption is needed, firstly, a mail encryption end randomly generates session key plaintext corresponding to a mail to be encrypted one by one, and encrypts the e-mail plaintext by adopting the session key plaintext to obtain an e-mail ciphertext; the recipient information is used as a public key to carry out asymmetric encryption on the session key plaintext to obtain a session key ciphertext; and then, the mail encryption end obtains the encrypted mail according to the session key ciphertext and the e-mail ciphertext. On the other hand, when decryption is needed, firstly, the mail decryption end acquires recipient information and an e-mail ciphertext according to the received encrypted mail; secondly, extracting a session key ciphertext corresponding to the recipient information from the encrypted mail; thirdly, asymmetrically decrypting the session key ciphertext through a decryption private key corresponding to the recipient information to obtain a session key plaintext; and finally, symmetrically decrypting the e-mail ciphertext according to the session key plaintext to obtain the e-mail plaintext. According to the electronic mail encryption and decryption method, on the one hand, the electronic mail is encrypted and then sent, so that the potential safety hazard of the electronic mail is reduced, and the safety is high; in the second aspect, each receiver in each email corresponds to a session key plaintext, so that a plurality of receivers cannot be influenced mutually, and the security of the email is further improved; in the third aspect, the security of the transmission process is further ensured by encrypting the session key in the clear text, and the end-to-end security is higher. Therefore, the electronic mail encryption and decryption method can encrypt the electronic mail and effectively improve the safety of the electronic mail.
An email encryption/decryption system according to another embodiment of the present application is described below with reference to fig. 3.
It is understood that, as shown in fig. 3, the e-mail encryption and decryption system includes a mail system, an encryption service module 100, a decryption service module 110, an encryption and decryption module 120, and a password management module 130.
The encryption process of the e-mail encryption and decryption system is as follows:
first, the email system receives the email edited by the sender, extracts the email body and the recipient email address belonging to the same email system as the sender from the email, and the email body and the several recipient email addresses form the email plaintext to be encrypted, and transmits the email plaintext to be encrypted to the encryption service module 100.
Secondly, the encryption service module 100 extracts all the recipient email addresses from the email plaintext and further obtains the recipient email addresses belonging to the same email system as the sender, and the encryption service module 100 sends a request for generating an SM9 private key plaintext to the encryption and decryption module 120 one by one according to each recipient email address; where the request to generate the clear text of the SM9 private key contains the recipient's email address.
Thirdly, the encryption and decryption module 120 receives the request for generating the plaintext of the SM9 private key, and generates the plaintext of the SM9 private key corresponding to the mail address of the recipient one by one according to the mail address of the recipient in the request for generating the plaintext of the SM9 private key; then, in the encryption and decryption module 120, a pre-configured master key is used to encrypt the plaintext of the SM9 private key to obtain an SM9 private key ciphertext corresponding to the plaintext of the SM9 private key; then, the encryption and decryption module 120 sends the SM9 private key ciphertext and the recipient email address to the password management module 130, and the password management module 130 receives and securely stores the SM9 private key ciphertext; wherein the mail address of the receiver is stored in one-to-one correspondence with the SM9 private key ciphertext. In order to improve the encryption efficiency, the SM9 private key plaintext can also be generated in advance for all the recipients in the same mail system, and the encrypted mail can be directly used without temporary generation. Further, all persons may become recipients in the same mail system, and thus the SM9 private key plaintext may be generated in advance for all persons in the same mail system.
Fourthly, according to the email address of each receiver, the encryption service module 100 randomly generates a session key plaintext and sends the session key plaintext to the encryption and decryption module 120 one by one; when receiving a session key plaintext, the encryption/decryption module 120 uses the session key plaintext to perform SM4 symmetric algorithm encryption on the e-mail plaintext to obtain an e-mail ciphertext corresponding to the e-mail address of the recipient, and the encryption/decryption module 120 sends the e-mail ciphertext to the encryption service module 100. This step can realize that each e-mail uses a session key plaintext separately.
Fifthly, the encryption service module 100 uses the recipient mail address as a recipient public key, and performs SM9 asymmetric encryption on the session key plaintext through the recipient public key to obtain a session key ciphertext corresponding to the internal mail address; and the session key ciphertext corresponds to the mail address of the receiver one by one.
And sixthly, assembling and obtaining the encrypted mail through the encryption service module 100. In order to ensure the compatibility of the encrypted mail with a mail system, the encrypted mail still keeps the MIME format, and the recipient mail address, the sender mail address and the mail subject of the recipient in the mail header are kept unchanged, except that the value of the content-type field of the RFC 4021 in the MIME is modified into multipart/mixed. The mail body only comprises an attachment, the attachment is packaged by adopting a digital envelope technology, and the attachment comprises the following contents:
a plurality of recipient identifications, a plurality of session key ciphertexts, a cipher algorithm identification and an e-mail cipher text; and the recipient identification is a recipient mail address, and corresponds to the session key ciphertext one by one.
The encryption service module 100 assembles the mail header and the mail body to obtain an encrypted mail, and sends the encrypted mail to a mail system, and the mail system sends the encrypted mail to a receiver.
The decryption process of the e-mail encryption and decryption system is as follows:
firstly, when a receiver receives an electronic mail from a mail system, the mail system can verify the identity of the receiver, after the identity verification is passed, the mail system can directly identify and obtain the mail address of the receiver, and according to the mail address of the receiver, the mail system searches and obtains an encrypted mail to be received by the receiver, namely, when the receiver opens the encrypted mail, the mail system can verify the identity of the receiver and then search and obtain the encrypted mail to be received by the receiver. After the mail system finds the encrypted mail, it sends the encrypted mail and the internal mail address to the decryption service module 110.
Secondly, the decryption service module 110 receives the encrypted mail and the address of the recipient mail, extracts a session key ciphertext corresponding to the address of the recipient mail from the encrypted mail, and the decryption service module 110 sends a request of a SM9 private key plaintext to the encryption and decryption module 120 according to the address of the recipient mail; where the request for the clear text of the SM9 private key carries the recipient email address.
Thirdly, after receiving the request of the SM9 private key plaintext, the encryption and decryption module 120 sends a request of the SM9 private key ciphertext to the password management module 130; wherein, the request of the SM9 private key ciphertext carries the mail address of the receiver. The password management module 130 returns the SM9 private key ciphertext corresponding to the recipient email address based on the internal email address. After receiving the SM9 private key ciphertext, the encryption and decryption module 120 decrypts the SM9 private key ciphertext using the pre-configured master key to obtain an SM9 private key plaintext, and returns the SM9 private key plaintext to the decryption service module 110.
Fourthly, the decryption service module 110 decrypts the session key ciphertext by using the SM9 private key plaintext through the SM9 asymmetric algorithm, so as to obtain the session key plaintext.
Fifthly, the decryption service module 110 extracts the e-mail ciphertext from the encrypted e-mail, and of course, the session key ciphertext and the e-mail ciphertext may be extracted at the same time in the second step; then, the decryption service module 110 decrypts the e-mail ciphertext by using the session key plaintext obtained in the fourth step through the SM4 symmetric encryption algorithm to obtain the e-mail plaintext, and returns the e-mail plaintext to the mail system, so that when the recipient opens the e-mail, the e-mail plaintext can be directly read.
An email encryption/decryption system according to another embodiment of the present application is described below with reference to fig. 4.
It is understood that as shown in fig. 4, the email encryption and decryption system includes:
at least one memory 200;
at least one processor 300;
at least one program;
programs are stored in the memory 200, and the processor 300 executes at least one program to implement the above-described e-mail encryption/decryption method. Fig. 4 illustrates an example of a processor 300.
The processor 300 and the memory 200 may be connected by a bus or other means, and fig. 4 illustrates a connection by a bus as an example.
The memory 200 is a non-transitory computer readable storage medium, and can be used to store non-transitory software programs, non-transitory computer executable programs, and signals, such as program instructions/signals corresponding to the email encryption and decryption system in the embodiments of the present application. The processor 300 executes various functional applications and data processing, namely, the email encryption and decryption method of the above-described method embodiment, by executing the non-transitory software program, instructions and signals stored in the memory 200.
The memory 200 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area can store the related data of the e-mail encryption and decryption method and the like. Further, the memory 200 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 200 may optionally include memory located remotely from processor 300, which may be connected to the risk prediction system of the application via a network. Examples of such networks include, but are not limited to, the internet of things, software defined networks, sensor networks, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
One or more signals are stored in the memory 200 and, when executed by the one or more processors 300, perform the email encryption/decryption method of any of the above-described method embodiments. For example, the above-described method steps S100 to S130 in fig. 1, and the method steps S200 to S230 in fig. 2 are performed.
A computer-readable storage medium according to an embodiment of the present application is described below with reference to fig. 4.
As shown in fig. 4, the computer-readable storage medium stores computer-executable instructions, which are executed by one or more processors 300, for example, by one of the processors 300 in fig. 4, and can cause the one or more processors 300 to execute the email encryption and decryption method in the method embodiment. For example, the above-described method steps S100 to S130 in fig. 1, and the method steps S200 to S230 in fig. 2 are performed.
The above-described system embodiments are merely illustrative, and the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
From the above description of embodiments, those of ordinary skill in the art will appreciate that all or some of the steps, systems, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media and communication media. The term computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. In addition, communication media typically embodies computer readable signals, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
The embodiments of the present application have been described in detail with reference to the drawings, but the present application is not limited to the embodiments, and various changes can be made within the knowledge of those skilled in the art without departing from the gist of the present application. Furthermore, the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
Claims (10)
1. The encryption and decryption method for the e-mail is characterized by being applied to an e-mail encryption end and comprising the following steps:
randomly generating session key plaintext corresponding to the mails to be encrypted one by one; the mail to be encrypted comprises recipient information, and the recipient information comprises a recipient mail address;
encrypting the e-mail plaintext by adopting the session key plaintext to obtain a corresponding e-mail ciphertext;
the recipient information is used as a public key to carry out asymmetric encryption on the session key plaintext to obtain a corresponding session key ciphertext;
and obtaining an encrypted mail according to the session key ciphertext and the e-mail ciphertext.
2. The e-mail encryption and decryption method according to claim 1, wherein before the randomly generating the session key plaintext in one-to-one correspondence with the e-mail to be encrypted, the method comprises:
generating an SM9 private key plaintext corresponding to the mail address of the receiver one by one;
encrypting the SM9 private key plaintext by using a preset master key to obtain an SM9 private key ciphertext corresponding to the SM9 private key plaintext one to one;
storing the recipient email address and the SM9 private key ciphertext in a one-to-one correspondence; wherein the recipient email address and the SM9 private key plaintext are used as a key pair for the session key ciphertext.
3. The method according to claim 2, wherein said encrypting the email plaintext by using the session key plaintext to obtain the corresponding email ciphertext comprises:
and taking the session key plaintext as a key of a SM4 cryptographic algorithm, and symmetrically encrypting the e-mail plaintext to obtain an e-mail ciphertext corresponding to the session key plaintext.
4. The e-mail encryption and decryption method of claim 3, wherein the asymmetric encryption of the session key plaintext by using the recipient information as a public key to obtain a corresponding session key ciphertext comprises:
taking the mail address of the recipient as a public key of a SM9 cryptographic algorithm, and carrying out asymmetric encryption on the plain text of the session key to obtain a session key ciphertext corresponding to the mail address of the recipient; and a key pair formed by the mail address of the recipient and the SM9 private key ciphertext corresponds to the session key ciphertext in a one-to-one manner.
5. The method for encrypting and decrypting the e-mail according to claim 2, wherein obtaining the encrypted e-mail according to the session key ciphertext and the e-mail ciphertext comprises:
modifying the field value of the mail head, wherein the internal mail address and the mail subject of the mail head are kept unchanged;
assembling a mail body consisting of a recipient identifier, the session key ciphertext, a cryptographic algorithm identifier and the e-mail ciphertext by adopting a digital envelope to obtain an encrypted mail; the recipient identification is the recipient email address, and the password algorithm identification is used for recording the SM4 password algorithm.
6. The encryption and decryption method of the electronic mail is characterized by being applied to a mail decryption end and comprising the following steps:
according to the received encrypted mail, acquiring recipient information and an e-mail ciphertext; wherein the recipient information comprises a recipient email address;
extracting a session key ciphertext corresponding to the recipient information from the encrypted mail;
asymmetrically decrypting the session key ciphertext through a decryption private key corresponding to the recipient information to obtain a session key plaintext;
and symmetrically decrypting the e-mail ciphertext according to the session key plaintext to obtain an e-mail plaintext.
7. The e-mail encryption and decryption method according to claim 6, wherein the asymmetrically decrypting the session key ciphertext through the decryption private key corresponding to the recipient information to obtain a session key plaintext comprises:
selecting an SM9 private key ciphertext matched with the mail address of the recipient from a preset SM9 private key mapping table of the recipient; the receiver mail address and the SM9 private key ciphertext which are in one-to-one correspondence are stored in the receiver SM9 private key mapping table;
decrypting the SM9 private key ciphertext by using a preset master key to obtain an SM9 private key plaintext;
and according to the SM9 private key plaintext, asymmetrically decrypting the session key ciphertext to obtain the session key plaintext.
8. An electronic mail encryption/decryption system, comprising:
the encryption service module is used for randomly generating session key plaintext corresponding to the mails to be encrypted one by one; the session key is also used for encrypting the e-mail plaintext by adopting the session key plaintext to obtain a corresponding e-mail ciphertext; the system is also used for carrying out asymmetric encryption on the session key plaintext by taking the receiver information as a public key to obtain a corresponding session key ciphertext; the electronic mail server is also used for obtaining an encrypted mail according to the session key ciphertext and the electronic mail ciphertext; the mail to be encrypted comprises recipient information, and the recipient information comprises a recipient mail address;
the encryption and decryption module is used for generating an SM9 private key plaintext; the SM9 private key plaintext is encrypted to obtain an SM9 private key ciphertext;
the password management module is used for storing the mail address of the recipient and the SM9 private key ciphertext;
the decryption service module is used for acquiring the recipient information and the e-mail ciphertext according to the received encrypted e-mail; the system is also used for extracting a session key ciphertext corresponding to the recipient information from the encrypted mail; the session key ciphertext is asymmetrically decrypted through a decryption private key corresponding to the recipient information to obtain a session key plaintext; and the electronic mail server is also used for symmetrically decrypting the electronic mail ciphertext according to the session key plaintext to obtain the electronic mail plaintext.
9. An electronic mail encryption/decryption system, comprising:
at least one memory;
at least one processor;
at least one program;
the programs are stored in the memory, and the processor executes at least one of the programs to implement one of:
the e-mail encryption and decryption method according to any one of claims 1 to 5;
the encryption and decryption method for electronic mail according to any one of claims 6 to 7.
10. A computer-readable storage medium having stored thereon computer-executable instructions for causing a computer to perform one of:
the e-mail encryption and decryption method according to any one of claims 1 to 5;
the encryption and decryption method for electronic mail according to any one of claims 6 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111374441.4A CN114172694A (en) | 2021-11-19 | 2021-11-19 | Email encryption and decryption method, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111374441.4A CN114172694A (en) | 2021-11-19 | 2021-11-19 | Email encryption and decryption method, system and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114172694A true CN114172694A (en) | 2022-03-11 |
Family
ID=80479745
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111374441.4A Pending CN114172694A (en) | 2021-11-19 | 2021-11-19 | Email encryption and decryption method, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114172694A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114650181A (en) * | 2022-03-31 | 2022-06-21 | 西安电子科技大学 | E-mail encryption and decryption method, system, equipment and computer readable storage medium |
| CN116016417A (en) * | 2023-01-04 | 2023-04-25 | 深圳市中达为科技有限公司 | Letter processing method, device, electronic equipment and storage medium |
| CN116192466A (en) * | 2023-01-04 | 2023-05-30 | 深圳市中达为科技有限公司 | Letter processing method, device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101466079A (en) * | 2009-01-12 | 2009-06-24 | 中兴通讯股份有限公司 | Method, system and WAPI terminal for transmitting e-mail |
| CN105323070A (en) * | 2015-02-09 | 2016-02-10 | 北京中油瑞飞信息技术有限责任公司 | Method for realizing security electronic mail based on digital envelope |
| CN112165490A (en) * | 2020-09-29 | 2021-01-01 | 鹏元征信有限公司 | Encryption method, decryption method, storage medium and terminal equipment |
| CN113285959A (en) * | 2021-06-25 | 2021-08-20 | 贵州大学 | Mail encryption method, decryption method and encryption and decryption system |
| CN113642022A (en) * | 2021-08-20 | 2021-11-12 | 成都卫士通信息产业股份有限公司 | E-mail processing method, device, system and storage medium |
-
2021
- 2021-11-19 CN CN202111374441.4A patent/CN114172694A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101466079A (en) * | 2009-01-12 | 2009-06-24 | 中兴通讯股份有限公司 | Method, system and WAPI terminal for transmitting e-mail |
| CN105323070A (en) * | 2015-02-09 | 2016-02-10 | 北京中油瑞飞信息技术有限责任公司 | Method for realizing security electronic mail based on digital envelope |
| CN112165490A (en) * | 2020-09-29 | 2021-01-01 | 鹏元征信有限公司 | Encryption method, decryption method, storage medium and terminal equipment |
| CN113285959A (en) * | 2021-06-25 | 2021-08-20 | 贵州大学 | Mail encryption method, decryption method and encryption and decryption system |
| CN113642022A (en) * | 2021-08-20 | 2021-11-12 | 成都卫士通信息产业股份有限公司 | E-mail processing method, device, system and storage medium |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114650181A (en) * | 2022-03-31 | 2022-06-21 | 西安电子科技大学 | E-mail encryption and decryption method, system, equipment and computer readable storage medium |
| CN116016417A (en) * | 2023-01-04 | 2023-04-25 | 深圳市中达为科技有限公司 | Letter processing method, device, electronic equipment and storage medium |
| CN116192466A (en) * | 2023-01-04 | 2023-05-30 | 深圳市中达为科技有限公司 | Letter processing method, device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10313135B2 (en) | Secure instant messaging system | |
| CN107888560B (en) | Mail safe transmission system and method for mobile intelligent terminal | |
| US7325127B2 (en) | Security server system | |
| Kent | Internet privacy enhanced mail | |
| US7376835B2 (en) | Implementing nonrepudiation and audit using authentication assertions and key servers | |
| Ramsdell | S/MIME version 3 message specification | |
| US7313700B2 (en) | Method and system for authenticating a message sender using domain keys | |
| US6904521B1 (en) | Non-repudiation of e-mail messages | |
| US7277549B2 (en) | System for implementing business processes using key server events | |
| CN113508563A (en) | Block chain based secure email system | |
| US7774411B2 (en) | Secure electronic message transport protocol | |
| CN114172694A (en) | Email encryption and decryption method, system and storage medium | |
| CA2518025A1 (en) | Secure e-mail messaging system | |
| Castiglione et al. | E-mail-based covert channels for asynchronous message steganography | |
| CN104200154A (en) | Identity based installation package signing method and identity based installation package signing device | |
| CN108011885B (en) | An email encryption method and system based on group cryptography | |
| CN110071863A (en) | A kind of instant communication users group's encryption method based on id password | |
| CN101369887B (en) | E-mail enciphered transmission method | |
| CN111541603B (en) | Independent intelligent safety mail terminal and encryption method | |
| JP2000183866A (en) | Cryptographic communication method and system and recording medium recording cryptographic communication program | |
| CN1875599B (en) | A System for Enhancing the Security of E-mail Transmission in the Internet | |
| Ramsdell | RFC 3851: Secure/multipurpose internet mail extensions (S/MIME) version 3.1 message specification | |
| JP3796528B2 (en) | Communication system for performing content certification and content certification site device | |
| WO2005053254A1 (en) | Secure message model | |
| CN113014531B (en) | Method for encrypting and transmitting e-mail data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220311 |
|
| RJ01 | Rejection of invention patent application after publication |