CN115037458A - An encryption method, device, equipment and storage medium - Google Patents
An encryption method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN115037458A CN115037458A CN202210524811.6A CN202210524811A CN115037458A CN 115037458 A CN115037458 A CN 115037458A CN 202210524811 A CN202210524811 A CN 202210524811A CN 115037458 A CN115037458 A CN 115037458A
- Authority
- CN
- China
- Prior art keywords
- encryption
- algorithm
- target
- key generation
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
Description
技术领域technical field
本发明实施例涉及加密技术领域,尤其涉及一种加密方法、装置、设备及存储介质。Embodiments of the present invention relate to the field of encryption technologies, and in particular, to an encryption method, apparatus, device, and storage medium.
背景技术Background technique
随着互联网及通信技术的发展,人们越来越多的通过网络进行信息传输,且传输的信息种类愈趋繁多,重要性愈来愈高,对信息安全性的要求也愈来愈高。With the development of the Internet and communication technology, more and more people transmit information through the network, and the types of information transmitted are becoming more and more diverse, and their importance is getting higher and higher, and the requirements for information security are getting higher and higher.
在第一设备和第二设备进行通信的过程中,为了保护通信内容的安全性,第一设备采用密钥对通信内容进行加密,并将加密后的通信内容发送至第二设备,第二设备采用相对应的密钥对加密后的通信内容进行解密,获得通信内容。During the communication between the first device and the second device, in order to protect the security of the communication content, the first device encrypts the communication content with a key, and sends the encrypted communication content to the second device, and the second device encrypts the communication content with a key. The encrypted communication content is decrypted using the corresponding key to obtain the communication content.
然而,随着计算机算力的增长,很容易暴力破解第一设备或第二设备存储的密钥,从而影响第一设备和第二设备通信的安全性。However, as the computing power of the computer increases, it is easy to brute force the key stored by the first device or the second device, thereby affecting the security of the communication between the first device and the second device.
发明内容SUMMARY OF THE INVENTION
本申请实施例提供了一种加密方法、装置、设备及存储介质,用于提高第一设备和第二设备通信的安全性。Embodiments of the present application provide an encryption method, apparatus, device, and storage medium, which are used to improve the security of communication between a first device and a second device.
一方面,本申请实施例提供了一种加密方法,应用于第一设备,该方法包括:On the one hand, an embodiment of the present application provides an encryption method, which is applied to a first device, and the method includes:
接收第二设备发送的针对加密请求的响应消息,所述加密请求是所述第一设备发送至所述第二设备的;所述响应消息包括从N个候选密钥生成算法中选取的第一密钥生成算法和从M个候选加密算法中选取的目标加密算法;其中,N>1,M>1;Receive a response message for an encryption request sent by a second device, where the encryption request is sent by the first device to the second device; the response message includes a first selected from N candidate key generation algorithms The key generation algorithm and the target encryption algorithm selected from M candidate encryption algorithms; wherein, N>1, M>1;
基于所述第一密钥生成算法和所述目标加密算法对待处理数据进行加密处理,获得加密数据;Encrypt the data to be processed based on the first key generation algorithm and the target encryption algorithm to obtain encrypted data;
发送所述加密数据至所述第二设备,以使所述第二设备基于第二密钥生成算法和目标解密算法对所述加密数据进行解密处理,获得所述待处理数据;所述第二密钥生成算法与所述第一密钥生成算法相对应,所述目标解密算法与所述目标加密算法相对应。sending the encrypted data to the second device, so that the second device decrypts the encrypted data based on the second key generation algorithm and the target decryption algorithm to obtain the data to be processed; the second The key generation algorithm corresponds to the first key generation algorithm, and the target decryption algorithm corresponds to the target encryption algorithm.
可选地,所述接收第二设备发送的针对加密请求的响应消息之后,还包括:Optionally, after receiving the response message for the encryption request sent by the second device, the method further includes:
将所述响应消息加载至内存,并在所述内存中对所述响应消息进行解析,获得目标加密动态链接库,其中,所述目标加密动态链接库包括所述第一密钥生成算法和所述目标加密算法。The response message is loaded into the memory, and the response message is parsed in the memory to obtain a target encrypted dynamic link library, wherein the target encrypted dynamic link library includes the first key generation algorithm and the Describe the target encryption algorithm.
可选地,所述目标加密动态链接库还包括加密密钥获取接口和数据加密接口;Optionally, the target encryption dynamic link library also includes an encryption key acquisition interface and a data encryption interface;
所述基于所述第一密钥生成算法和所述目标加密算法对待处理数据进行加密处理,获得加密数据,包括:The performing encryption processing on the data to be processed based on the first key generation algorithm and the target encryption algorithm to obtain encrypted data, including:
通过调用所述加密密钥获取接口,获得所述第一密钥生成算法,并采用所述第一密钥生成算法生成加密密钥;Obtain the first key generation algorithm by invoking the encryption key acquisition interface, and use the first key generation algorithm to generate an encryption key;
通过调用所述数据加密接口,获得所述目标加密算法,并基于所述加密密钥和所述目标加密算法对待处理数据进行加密处理,获得加密数据。By invoking the data encryption interface, the target encryption algorithm is obtained, and the data to be processed is encrypted based on the encryption key and the target encryption algorithm to obtain encrypted data.
可选地,所述响应消息还包括所述第二设备的第二设备信息;Optionally, the response message further includes second device information of the second device;
所述通过调用所述加密密钥获取接口,获得所述第一密钥生成算法,包括:The obtaining the first key generation algorithm by invoking the encryption key obtaining interface includes:
将所述第一设备的第一设备信息和所述第二设备信息作为所述加密密钥获取接口的输入参数,调用所述加密密钥获取接口,获得所述第一密钥生成算法;The first device information and the second device information of the first device are used as input parameters of the encryption key acquisition interface, and the encryption key acquisition interface is called to obtain the first key generation algorithm;
所述通过调用所述数据加密接口,获得所述目标加密算法,包括:The obtaining the target encryption algorithm by invoking the data encryption interface includes:
将所述加密密钥作为所述数据加密接口的输入参数,调用所述数据加密接口,获得所述目标加密算法。Using the encryption key as an input parameter of the data encryption interface, call the data encryption interface to obtain the target encryption algorithm.
一方面,本申请实施例提供了一种加密方法,应用于第二设备,该方法包括:On the one hand, an embodiment of the present application provides an encryption method, which is applied to a second device, and the method includes:
接收第一设备发送的加密请求,并针对所述加密请求生成响应消息,所述响应消息包括从N个候选密钥生成算法中选取的第一密钥生成算法和从M个候选加密算法中选取的目标加密算法,其中,N>1,M>1;Receive an encryption request sent by the first device, and generate a response message for the encryption request, where the response message includes a first key generation algorithm selected from N candidate key generation algorithms and a first key generation algorithm selected from M candidate encryption algorithms The target encryption algorithm of , where N>1, M>1;
发送所述响应消息至所述第一设备,以使所述第一设备基于所述第一密钥生成算法和所述目标加密算法对待处理数据进行加密处理,获得加密数据;sending the response message to the first device, so that the first device encrypts the data to be processed based on the first key generation algorithm and the target encryption algorithm to obtain encrypted data;
接收所述第一设备发送的加密数据,并基于第二密钥生成算法和目标解密算法对所述加密数据进行解密处理,获得所述待处理数据;所述第二密钥生成算法与所述第一密钥生成算法相对应,所述目标解密算法与所述目标加密算法相对应。Receive the encrypted data sent by the first device, and decrypt the encrypted data based on the second key generation algorithm and the target decryption algorithm to obtain the data to be processed; the second key generation algorithm and the The first key generation algorithm corresponds to the target decryption algorithm, and the target encryption algorithm corresponds to the target encryption algorithm.
可选地,所述针对所述加密请求生成响应消息,包括:Optionally, the generating a response message for the encryption request includes:
将所述第一密钥生成算法和所述目标加密算法封装为目标加密动态链接库,其中,所述目标加密动态链接库包括加密密钥获取接口和数据加密接口;Encapsulating the first key generation algorithm and the target encryption algorithm into a target encryption dynamic link library, wherein the target encryption dynamic link library includes an encryption key acquisition interface and a data encryption interface;
基于所述目标加密动态链接库和所述第二设备的第二设备信息,生成所述响应消息。The response message is generated based on the target encrypted dynamic link library and the second device information of the second device.
可选地,所述加密请求包括所述第一设备的第一设备信息;Optionally, the encryption request includes first device information of the first device;
所述将所述第一密钥生成算法和所述目标加密算法封装为目标加密动态链接库,包括:Described encapsulating the first key generation algorithm and the target encryption algorithm into a target encryption dynamic link library, including:
将所述第一设备信息和所述第二设备信息作为键,将所述加密密钥获取接口和所述数据加密接口作为值,对所述第一密钥生成算法和所述目标加密算法进行封装,获得所述目标加密动态链接库。Using the first device information and the second device information as keys, and the encryption key acquisition interface and the data encryption interface as values, perform the first key generation algorithm and the target encryption algorithm. package to obtain the target encrypted dynamic link library.
可选地,所述接收所述第一设备发送的加密数据,并基于第二密钥生成算法和目标解密算法对所述加密数据进行解密处理,获得所述待处理数据,包括:Optionally, the receiving encrypted data sent by the first device, and performing decryption processing on the encrypted data based on a second key generation algorithm and a target decryption algorithm to obtain the data to be processed, including:
接收所述第一设备发送的加密数据和所述第一设备的第三设备信息;receiving encrypted data sent by the first device and third device information of the first device;
若所述第一设备信息与所述第三设备信息满足预设条件,则基于所述第二密钥生成算法生成解密密钥;If the first device information and the third device information meet a preset condition, generating a decryption key based on the second key generation algorithm;
基于所述解密密钥和所述目标解密算法,对所述加密数据进行解密处理,获得所述待处理数据。Based on the decryption key and the target decryption algorithm, decrypt the encrypted data to obtain the data to be processed.
一方面,本申请实施例提供了一种加密装置,该装置包括:On the one hand, an embodiment of the present application provides an encryption device, and the device includes:
第一接收模块,接收第二设备发送的针对加密请求的响应消息,所述加密请求是所述第一设备发送至所述第二设备的;所述响应消息包括从N个候选密钥生成算法中选取的第一密钥生成算法和从M个候选加密算法中选取的目标加密算法;其中,N>1,M>1;a first receiving module, for receiving a response message for an encryption request sent by a second device, where the encryption request is sent by the first device to the second device; the response message includes an algorithm generated from N candidate keys The first key generation algorithm selected in and the target encryption algorithm selected from M candidate encryption algorithms; wherein, N>1, M>1;
加密模块,用于基于所述第一密钥生成算法和所述目标加密算法对待处理数据进行加密处理,获得加密数据;an encryption module, configured to perform encryption processing on the data to be processed based on the first key generation algorithm and the target encryption algorithm to obtain encrypted data;
第一发送模块,用于发送所述加密数据至所述第二设备,以使所述第二设备基于第二密钥生成算法和目标解密算法对所述加密数据进行解密处理,获得所述待处理数据;所述第二密钥生成算法与所述第一密钥生成算法相对应,所述目标解密算法与所述目标加密算法相对应。A first sending module, configured to send the encrypted data to the second device, so that the second device decrypts the encrypted data based on the second key generation algorithm and the target decryption algorithm, and obtains the to-be-decrypted data. processing data; the second key generation algorithm corresponds to the first key generation algorithm, and the target decryption algorithm corresponds to the target encryption algorithm.
可选地,还包括解析模块,所述解析模块具体用于:Optionally, it also includes a parsing module, and the parsing module is specifically used for:
所述接收第二设备发送的针对加密请求的响应消息之后,将所述响应消息加载至内存,并在所述内存中对所述响应消息进行解析,获得目标加密动态链接库,其中,所述目标加密动态链接库包括所述第一密钥生成算法和所述目标加密算法。After receiving the response message for the encryption request sent by the second device, the response message is loaded into the memory, and the response message is parsed in the memory to obtain a target encrypted dynamic link library, wherein the The target encryption dynamic link library includes the first key generation algorithm and the target encryption algorithm.
可选地,所述目标加密动态链接库还包括加密密钥获取接口和数据加密接口;Optionally, the target encryption dynamic link library also includes an encryption key acquisition interface and a data encryption interface;
所述加密模块具体用于:The encryption module is specifically used for:
通过调用所述加密密钥获取接口,获得所述第一密钥生成算法,并采用所述第一密钥生成算法生成加密密钥;Obtain the first key generation algorithm by invoking the encryption key acquisition interface, and use the first key generation algorithm to generate an encryption key;
通过调用所述数据加密接口,获得所述目标加密算法,并基于所述加密密钥和所述目标加密算法对待处理数据进行加密处理,获得加密数据。By invoking the data encryption interface, the target encryption algorithm is obtained, and the data to be processed is encrypted based on the encryption key and the target encryption algorithm to obtain encrypted data.
可选地,所述响应消息还包括所述第二设备的第二设备信息;Optionally, the response message further includes second device information of the second device;
所述加密模块具体用于:The encryption module is specifically used for:
将所述第一设备的第一设备信息和所述第二设备信息作为所述加密密钥获取接口的输入参数,调用所述加密密钥获取接口,获得所述第一密钥生成算法;The first device information and the second device information of the first device are used as input parameters of the encryption key acquisition interface, and the encryption key acquisition interface is called to obtain the first key generation algorithm;
所述通加密模块具体用于:The pass-through encryption module is specifically used for:
将所述加密密钥作为所述数据加密接口的输入参数,调用所述数据加密接口,获得所述目标加密算法。Using the encryption key as an input parameter of the data encryption interface, call the data encryption interface to obtain the target encryption algorithm.
一方面,本申请实施例提供了一种加密装置,该装置包括:On the one hand, an embodiment of the present application provides an encryption device, and the device includes:
第二接收模块,用于接收第一设备发送的加密请求,并针对所述加密请求生成响应消息,所述响应消息包括从N个候选密钥生成算法中选取的第一密钥生成算法和从M个候选加密算法中选取的目标加密算法,其中,N>1,M>1;The second receiving module is configured to receive an encryption request sent by the first device, and generate a response message for the encryption request, where the response message includes a first key generation algorithm selected from N candidate key generation algorithms and a The target encryption algorithm selected from the M candidate encryption algorithms, where N>1, M>1;
第二发送模块,用于发送所述响应消息至所述第一设备,以使所述第一设备基于所述第一密钥生成算法和所述目标加密算法对待处理数据进行加密处理,获得加密数据;The second sending module is configured to send the response message to the first device, so that the first device encrypts the data to be processed based on the first key generation algorithm and the target encryption algorithm to obtain encrypted data data;
解密模块,用于接收所述第一设备发送的加密数据,并基于第二密钥生成算法和目标解密算法对所述加密数据进行解密处理,获得所述待处理数据;所述第二密钥生成算法与所述第一密钥生成算法相对应,所述目标解密算法与所述目标加密算法相对应。a decryption module, configured to receive the encrypted data sent by the first device, and decrypt the encrypted data based on the second key generation algorithm and the target decryption algorithm to obtain the data to be processed; the second key The generation algorithm corresponds to the first key generation algorithm, and the target decryption algorithm corresponds to the target encryption algorithm.
可选地,所述第二接收模块具体用于:Optionally, the second receiving module is specifically configured to:
将所述第一密钥生成算法和所述目标加密算法封装为目标加密动态链接库,其中,所述目标加密动态链接库包括加密密钥获取接口和数据加密接口;Encapsulating the first key generation algorithm and the target encryption algorithm into a target encryption dynamic link library, wherein the target encryption dynamic link library includes an encryption key acquisition interface and a data encryption interface;
基于所述目标加密动态链接库和所述第二设备的第二设备信息,生成所述响应消息。The response message is generated based on the target encrypted dynamic link library and the second device information of the second device.
可选地,所述加密请求包括所述第一设备的第一设备信息;Optionally, the encryption request includes first device information of the first device;
所述第二接收模块具体用于:The second receiving module is specifically used for:
将所述第一设备信息和所述第二设备信息作为键,将所述加密密钥获取接口和所述数据加密接口作为值,对所述第一密钥生成算法和所述目标加密算法进行封装,获得所述目标加密动态链接库。Using the first device information and the second device information as keys, and the encryption key acquisition interface and the data encryption interface as values, perform the first key generation algorithm and the target encryption algorithm. package to obtain the target encrypted dynamic link library.
可选地,所述解密模块具体用于:Optionally, the decryption module is specifically used for:
接收所述第一设备发送的加密数据和所述第一设备的第三设备信息;receiving encrypted data sent by the first device and third device information of the first device;
若所述第一设备信息与所述第三设备信息满足预设条件,则基于所述第二密钥生成算法生成解密密钥;If the first device information and the third device information meet a preset condition, generating a decryption key based on the second key generation algorithm;
基于所述解密密钥和所述目标解密算法,对所述加密数据进行解密处理,获得所述待处理数据。Based on the decryption key and the target decryption algorithm, decrypt the encrypted data to obtain the data to be processed.
一方面,本申请实施例提供了一种计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现上述加密方法的步骤。On the one hand, an embodiment of the present application provides a computer device, including a memory, a processor, and a computer program stored in the memory and running on the processor, the processor implementing the steps of the encryption method when executing the program .
一方面,本申请实施例提供了一种计算机可读存储介质,其存储有可由计算机设备执行的计算机程序,当所述程序在计算机设备上运行时,使得所述计算机设备执行上述加密方法的步骤。On the one hand, an embodiment of the present application provides a computer-readable storage medium, which stores a computer program executable by a computer device, and when the program runs on the computer device, causes the computer device to execute the steps of the above encryption method .
在本申请实施例中,第一设备发送加密请求至第二设备,第二设备针对加密请求生成响应消息,第二设备发送响应消息至第一设备。第一设备基于第一密钥生成算法和目标加密算法对待处理数据进行加密处理,获得加密数据,并发送加密数据至第二设备。第二设备基于第二密钥生成算法和目标解密算法对加密数据进行解密处理,获得待处理数据。由于第二设备并不直接向第一设备发送加密密钥,而是发送第一密钥生成算法和目标加密算法,有效地保证了第一设备与第二设备的通信安全。In this embodiment of the present application, the first device sends an encryption request to the second device, the second device generates a response message for the encryption request, and the second device sends the response message to the first device. The first device encrypts the data to be processed based on the first key generation algorithm and the target encryption algorithm, obtains encrypted data, and sends the encrypted data to the second device. The second device decrypts the encrypted data based on the second key generation algorithm and the target decryption algorithm to obtain data to be processed. Because the second device does not directly send the encryption key to the first device, but sends the first key generation algorithm and the target encryption algorithm, the communication security between the first device and the second device is effectively guaranteed.
附图说明Description of drawings
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简要介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the technical solutions in the embodiments of the present invention more clearly, the following briefly introduces the accompanying drawings used in the description of the embodiments. Obviously, the drawings in the following description are only some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained from these drawings without any creative effort.
图1为本申请实施例提供的一种系统架构示意图;FIG. 1 is a schematic diagram of a system architecture provided by an embodiment of the present application;
图2为本申请实施例提供的一种加密方法的流程示意图;2 is a schematic flowchart of an encryption method provided by an embodiment of the present application;
图3为本申请实施例提供的一种加载目标加密动态链接库的方法的流程示意图;3 is a schematic flowchart of a method for loading a target encryption dynamic link library provided by an embodiment of the present application;
图4为本申请实施例提供的一种第一设备获得加密数据的方法的流程示意图;4 is a schematic flowchart of a method for a first device to obtain encrypted data according to an embodiment of the present application;
图5为本申请实施例提供的一种第二设备获得待处理数据的方法的流程示意图;5 is a schematic flowchart of a method for obtaining data to be processed by a second device according to an embodiment of the present application;
图6为本申请实施例提供的一种加密方法的流程示意图;6 is a schematic flowchart of an encryption method provided by an embodiment of the present application;
图7为本申请实施例提供的一种加密装置的结构示意图;7 is a schematic structural diagram of an encryption device according to an embodiment of the present application;
图8为本申请实施例提供的一种加密装置的结构示意图;8 is a schematic structural diagram of an encryption device according to an embodiment of the present application;
图9为本申请实施例提供的一种计算机设备的结构示意图。FIG. 9 is a schematic structural diagram of a computer device according to an embodiment of the present application.
具体实施方式Detailed ways
为了使本发明的目的、技术方案及有益效果更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。In order to make the objectives, technical solutions and beneficial effects of the present invention clearer, the present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.
参考图1,其为本申请实施例适用的一种加密系统架构图,该加密系统架构图至少包括第一设备101以及第二设备102。Referring to FIG. 1 , which is an architecture diagram of an encryption system to which the embodiments of the present application are applied, the architecture diagram of the encryption system includes at least a first device 101 and a
第一设备101可以是独立的物理服务器,也可以是多个物理服务器构成的服务器集群或者分布式系统,还可以是提供云服务、云数据库、云计算、云函数、云存储、网络服务、云通信、中间件服务、域名服务、安全服务、内容分发网路(Content Delivery Network,CDN)、以及大数据和人工智能平台等基础云计算服务的云服务器。The first device 101 may be an independent physical server, a server cluster or a distributed system composed of multiple physical servers, or a cloud service, cloud database, cloud computing, cloud function, cloud storage, network service, cloud Cloud servers for basic cloud computing services such as communications, middleware services, domain name services, security services, Content Delivery Network (CDN), and big data and artificial intelligence platforms.
第一设备101中安装有用于加密的目标应用,该应用可以是预先安装的客户端、网页版应用或嵌入在其他应用中的小程序等。第一设备101可以是智能手机、平板电脑、笔记本电脑、台式计算机等,但并不局限于此。A target application for encryption is installed in the first device 101 , and the application may be a pre-installed client, a web version application, or a small program embedded in other applications, or the like. The first device 101 may be a smart phone, a tablet computer, a notebook computer, a desktop computer, etc., but is not limited thereto.
第二设备102可以是独立的物理服务器,也可以是多个物理服务器构成的服务器集群或者分布式系统,还可以是提供云服务、云数据库、云计算、云函数、云存储、网络服务、云通信、中间件服务、域名服务、安全服务、内容分发网路(Content Delivery Network,CDN)、以及大数据和人工智能平台等基础云计算服务的云服务器。The
第一设备101与第二设备102相连接,可以通过有线或无线通信方式进行直接或间接地连接,本申请在此不做限制。The first device 101 is connected to the
基于图1所述的系统架构图,本申请实施例提供了一种加密方法的流程,如图2所示,该方法的流程由图1所示的第一设备101和第二设备102交互执行,包括以下步骤:Based on the system architecture diagram shown in FIG. 1 , an embodiment of the present application provides a flow of an encryption method. As shown in FIG. 2 , the flow of the method is executed interactively by the first device 101 and the
步骤S201,第一设备发送加密请求至第二设备。Step S201, the first device sends an encryption request to the second device.
具体地,第一设备可以是终端设备,还可以是服务器;第二设备可以是终端设备,还可以是服务器。在此不做限定。Specifically, the first device may be a terminal device or a server; the second device may be a terminal device or a server. This is not limited.
加密请求包括第一设备的第一设备信息。第一设备信息包括以下至少一种:MAC地址、IP地址、端口号、CPU型号、设备型号、设备序列号、系统版本号、时间戳以及随机数。The encryption request includes first device information of the first device. The first device information includes at least one of the following: a MAC address, an IP address, a port number, a CPU model, a device model, a device serial number, a system version number, a timestamp, and a random number.
步骤S202,第二设备针对加密请求生成响应消息。Step S202, the second device generates a response message for the encryption request.
具体地,第二设备获取加密请求中的第一设备信息,并基于第一设备信息生成第一设备对应的唯一标识符,用于管理第一设备和第二设备的会话连接。Specifically, the second device acquires the first device information in the encryption request, and generates a unique identifier corresponding to the first device based on the first device information, which is used to manage the session connection between the first device and the second device.
第二设备从N个候选密钥生成算法中选取第一密钥生成算法,以及从M个候选加密算法中选取目标加密算法,并基于第一密钥生成算法、目标加密算法以及第二设备的第二设备信息生成响应消息,其中,N>1,M>1。第二设备信息包括以下至少一种:MAC地址、IP地址、端口号、CPU型号、设备型号、设备序列号、系统版本号、时间戳以及随机数。The second device selects the first key generation algorithm from the N candidate key generation algorithms, and selects the target encryption algorithm from the M candidate encryption algorithms, and selects the first key generation algorithm, the target encryption algorithm, and the second device's The second device information generates a response message, where N>1 and M>1. The second device information includes at least one of the following: a MAC address, an IP address, a port number, a CPU model, a device model, a device serial number, a system version number, a timestamp, and a random number.
第二设备基于第一密钥生成算法确定对应的第二密钥生成算法,基于目标加密算法确定对应的目标解密算法。The second device determines a corresponding second key generation algorithm based on the first key generation algorithm, and determines a corresponding target decryption algorithm based on the target encryption algorithm.
最后,第二设备将第一设备对应的唯一标识符、第一密钥生成算法、目标加密算法、第二密钥生成算法以及目标解密算法建立加解密算法对应关系,并存储在第二设备中。Finally, the second device establishes an encryption/decryption algorithm correspondence between the unique identifier, the first key generation algorithm, the target encryption algorithm, the second key generation algorithm, and the target decryption algorithm corresponding to the first device, and stores them in the second device .
步骤S203,第二设备发送响应消息至第一设备。Step S203, the second device sends a response message to the first device.
步骤S204,第一设备基于第一密钥生成算法和目标加密算法对待处理数据进行加密处理,获得加密数据。Step S204, the first device performs encryption processing on the data to be processed based on the first key generation algorithm and the target encryption algorithm to obtain encrypted data.
具体地,第一设备基于第一密钥生成算法生成加密密钥,再基于加密密钥和目标加密算法,对待处理数据进行加密处理,获得加密数据。Specifically, the first device generates an encryption key based on the first key generation algorithm, and then performs encryption processing on the data to be processed based on the encryption key and the target encryption algorithm to obtain encrypted data.
步骤S205,第一设备发送加密数据至第二设备。Step S205, the first device sends encrypted data to the second device.
具体地,第一设备将加密数据和第一设备的第三设备信息发送至第二设备。Specifically, the first device sends the encrypted data and the third device information of the first device to the second device.
步骤S206,第二设备基于第二密钥生成算法和目标解密算法对加密数据进行解密处理,获得待处理数据。Step S206, the second device decrypts the encrypted data based on the second key generation algorithm and the target decryption algorithm to obtain data to be processed.
具体地,若第一设备信息与第三设备信息满足预设条件,则基于第二密钥生成算法生成解密密钥,再基于解密密钥和目标解密算法,对加密数据进行解密处理,获得待处理数据。其中,第二设备根据存储的加解密算法对应关系,确定与第一密钥生成算法相对应的第二密钥生成算法,以及与目标加密算法相对应的目标解密算法。Specifically, if the first device information and the third device information meet the preset conditions, a decryption key is generated based on the second key generation algorithm, and then based on the decryption key and the target decryption algorithm, the encrypted data is decrypted to obtain the Data processing. The second device determines a second key generation algorithm corresponding to the first key generation algorithm and a target decryption algorithm corresponding to the target encryption algorithm according to the stored encryption and decryption algorithm correspondence.
若第一设备信息与第三设备信息不满足预设条件,则表示第一设备发送的加密数据有误,或者第一设备和第二设备的会话连接已超时,第二设备直接丢弃所获得的加密数据。If the first device information and the third device information do not meet the preset conditions, it means that the encrypted data sent by the first device is incorrect, or the session connection between the first device and the second device has timed out, and the second device directly discards the obtained data. Encrypted data.
其中,第一设备信息与第三设备信息满足的预设条件包括以下两种:The preset conditions that the first device information and the third device information satisfy include the following two:
若第一设备信息和第三设备信息为MAC地址、IP地址、端口号、CPU型号、设备型号、设备序列号、系统版本号以及随机数中的任意一种,则第一设备信息与第三设备信息满足的预设条件为第一设备信息与第三设备信息相同。If the first device information and the third device information are any one of MAC address, IP address, port number, CPU model, device model, device serial number, system version number and random number, the first device information and the third device information The preset condition that the device information satisfies is that the first device information is the same as the third device information.
若第一设备信息和第三设备信息为时间戳,则第一设备信息与第三设备信息满足的预设条件为第一设备信息中的时间戳与第三设备信息中的时间戳的差值小于预设值。If the first device information and the third device information are time stamps, the preset condition satisfied by the first device information and the third device information is the difference between the time stamp in the first device information and the time stamp in the third device information less than the preset value.
在本申请实施例中,第一设备发送加密请求至第二设备,第二设备针对加密请求生成响应消息,第二设备发送响应消息至第一设备。第一设备基于第一密钥生成算法和目标加密算法对待处理数据进行加密处理,获得加密数据,并发送加密数据至第二设备。第二设备基于第二密钥生成算法和目标解密算法对加密数据进行解密处理,获得待处理数据。由于第二设备并不直接向第一设备发送加密密钥,而是发送第一密钥生成算法和目标加密算法,有效地保证了第一设备与第二设备的通信安全。In this embodiment of the present application, the first device sends an encryption request to the second device, the second device generates a response message for the encryption request, and the second device sends the response message to the first device. The first device encrypts the data to be processed based on the first key generation algorithm and the target encryption algorithm, obtains encrypted data, and sends the encrypted data to the second device. The second device decrypts the encrypted data based on the second key generation algorithm and the target decryption algorithm to obtain data to be processed. Because the second device does not directly send the encryption key to the first device, but sends the first key generation algorithm and the target encryption algorithm, the communication security between the first device and the second device is effectively guaranteed.
可选地,在上述步骤S202中,候选密钥生成算法可以是根据需求选择的消息摘要算法,如MD5算法、SHA算法等。候选密钥生成算法所生成的加密密钥的长度可以是动态调整的,比如128位、256位等。Optionally, in the foregoing step S202, the candidate key generation algorithm may be a message digest algorithm selected according to requirements, such as an MD5 algorithm, a SHA algorithm, and the like. The length of the encryption key generated by the candidate key generation algorithm may be dynamically adjusted, such as 128 bits, 256 bits, and the like.
候选密钥生成算法所生成的加密密钥可以是对称密钥,也可以是非对称密钥。候选加密算法可以是对称加密算法,如AES算法(Advanced Encryption Standard)、TEA算法(Tiny Encryption Algorithm)等;也可以是非对称加密算法,如RSA算法、ECC算法(Ellipse Curve Ctyptography)等。The encryption key generated by the candidate key generation algorithm can be a symmetric key or an asymmetric key. The candidate encryption algorithm may be a symmetric encryption algorithm, such as an AES algorithm (Advanced Encryption Standard), a TEA algorithm (Tiny Encryption Algorithm), etc.; or an asymmetric encryption algorithm, such as an RSA algorithm, an ECC algorithm (Ellipse Curve Ctyptography), and the like.
当第一密钥生成算法所生成的加密密钥是对称密钥时,目标加密算法则是对称加密算法。第二密钥生成算法所生成的解密密钥与加密密钥相同。目标解密算法是与目标加密算法相对应的对称解密算法。When the encryption key generated by the first key generation algorithm is a symmetric key, the target encryption algorithm is a symmetric encryption algorithm. The decryption key generated by the second key generation algorithm is the same as the encryption key. The target decryption algorithm is a symmetric decryption algorithm corresponding to the target encryption algorithm.
当第一密钥生成算法所生成的加密密钥是非对称密钥时,目标加密算法则是非对称加密算法。第二密钥生成算法所生成的解密密钥是非对称密钥。目标解密算法是与目标加密算法相对应的非对称解密算法。其中,加密密钥作为非对称密钥中的公钥,解密密钥作为非对称密钥中的私钥。When the encryption key generated by the first key generation algorithm is an asymmetric key, the target encryption algorithm is an asymmetric encryption algorithm. The decryption key generated by the second key generation algorithm is an asymmetric key. The target decryption algorithm is an asymmetric decryption algorithm corresponding to the target encryption algorithm. The encryption key is used as the public key in the asymmetric key, and the decryption key is used as the private key in the asymmetric key.
可选地,在上述步骤S202中,第二设备针对加密请求生成响应消息,包括以下两种可能的实施方式:Optionally, in the foregoing step S202, the second device generates a response message for the encryption request, including the following two possible implementation manners:
实施方式一,第二设备将第一密钥生成算法和目标加密算法封装为目标加密动态链接库,其中,目标加密动态链接库包括加密密钥获取接口和数据加密接口。再基于目标加密动态链接库和第二设备的第二设备设备信息,生成响应消息。In Embodiment 1, the second device encapsulates the first key generation algorithm and the target encryption algorithm into a target encryption dynamic link library, wherein the target encryption dynamic link library includes an encryption key acquisition interface and a data encryption interface. A response message is then generated based on the target encrypted dynamic link library and the second device device information of the second device.
具体地,第二设备将第一设备信息和第二设备信息作为键,将加密密钥获取接口和数据加密接口作为值,对第一密钥生成算法和目标加密算法进行封装,获得目标加密动态链接库。Specifically, the second device uses the first device information and the second device information as keys, the encryption key acquisition interface and the data encryption interface as values, and encapsulates the first key generation algorithm and the target encryption algorithm to obtain the target encryption dynamic link library.
第二设备将第二密钥生成算法和目标解密算法封装为目标解密动态链接库,并将目标解密动态链接库保存在第二设备中,其中,目标解密动态链接库包括解密密钥获取接口和数据解密接口。The second device encapsulates the second key generation algorithm and the target decryption algorithm into a target decryption dynamic link library, and saves the target decryption dynamic link library in the second device, wherein the target decryption dynamic link library includes a decryption key acquisition interface and Data decryption interface.
在本申请实施例中,第二设备将第一密钥生成算法和目标加密算法封装为目标加密动态链接库,目标加密动态链接库仅提供对外接口,即加密密钥获取接口和数据加密接口,可以有效地隐藏第一密钥生成算法和目标加密算法。同时,由于第一密钥生成算法和目标加密算法被封装为一个动态链接库,可以有效地提高第一设备后续加载动态链接库的效率。In the embodiment of the present application, the second device encapsulates the first key generation algorithm and the target encryption algorithm into a target encryption dynamic link library, and the target encryption dynamic link library only provides an external interface, that is, an encryption key acquisition interface and a data encryption interface, The first key generation algorithm and the target encryption algorithm can be effectively hidden. At the same time, since the first key generation algorithm and the target encryption algorithm are encapsulated into a dynamic link library, the efficiency of subsequent loading of the dynamic link library by the first device can be effectively improved.
实施方式二,第二设备将第一密钥生成算法封装为第一动态链接库,将目标加密算法封装为第二动态链接库,其中,第一动态链接库包括加密密钥获取接口,第二动态链接库包括数据加密接口。再基于第一动态链接库、第二动态链接库和第二设备的第二设备信息,生成响应消息。Embodiment 2: The second device encapsulates the first key generation algorithm as a first dynamic link library, and encapsulates the target encryption algorithm into a second dynamic link library, wherein the first dynamic link library includes an encryption key acquisition interface, and the second The dynamic link library includes a data encryption interface. A response message is then generated based on the first dynamic link library, the second dynamic link library and the second device information of the second device.
具体地,将第一设备信息和第二设备信息作为键,将加密密钥获取接口作为值,对第一密钥生成算法进行封装,获得第一动态链接库。将第一设备信息和第二设备信息作为键,将数据加密接口作为值,对目标加密算法进行封装,获得第二动态链接库。Specifically, the first device information and the second device information are used as keys, and the encryption key acquisition interface is used as a value, and the first key generation algorithm is encapsulated to obtain the first dynamic link library. The first device information and the second device information are used as keys, and the data encryption interface is used as a value, and the target encryption algorithm is encapsulated to obtain a second dynamic link library.
第二设备将第二密钥生成算法封装为第三动态链接库,将目标解密算法封装为第四动态链接库,其中,第三动态链接库包括解密密钥获取接口,第四动态链接库包括数据解密接口。The second device encapsulates the second key generation algorithm into a third dynamic link library, and encapsulates the target decryption algorithm into a fourth dynamic link library, wherein the third dynamic link library includes a decryption key acquisition interface, and the fourth dynamic link library includes Data decryption interface.
在本申请实施例中,将第一密钥生成算法封装为第一动态链接库,将目标加密算法封装为第二动态链接库,第一动态链接库仅对外提供加密密钥获取接口,第二动态链接库仅对外提供数据加密接口,可以有效地隐藏第一密钥生成算法和目标加密算法。同时,由于第一密钥生成算法和目标加密算法分别被封装为不同的动态链接库,减少了同时破解获取到第一密钥生成算法和目标加密算法的可能性,增强了第一设备与第二设备的通信安全。In the embodiment of the present application, the first key generation algorithm is encapsulated into a first dynamic link library, and the target encryption algorithm is encapsulated into a second dynamic link library. The first dynamic link library only provides an encryption key acquisition interface, and the second The dynamic link library only provides a data encryption interface, which can effectively hide the first key generation algorithm and the target encryption algorithm. At the same time, since the first key generation algorithm and the target encryption algorithm are encapsulated as different dynamic link libraries, the possibility of obtaining the first key generation algorithm and the target encryption algorithm by cracking at the same time is reduced, and the relationship between the first device and the second encryption algorithm is enhanced. Two-device communication security.
可选地,在上述步骤S203中,第二设备发送响应消息至第一设备,第一设备接收该响应消息之后,提供了两种可能的实施方式用于解析该响应消息:Optionally, in the above step S203, the second device sends a response message to the first device, and after the first device receives the response message, two possible implementations are provided for parsing the response message:
第一种可能的实施方式,第一设备将响应消息保存在本地磁盘中,在本地磁盘中对响应消息进行解析,获得目标加密动态链接库和第二设备的第二设备信息,再将目标加密动态链接库加载至内存。其中,目标加密动态链接库包括第一密钥生成算法和目标加密算法。In the first possible implementation manner, the first device saves the response message in the local disk, parses the response message in the local disk, obtains the target encrypted dynamic link library and the second device information of the second device, and then encrypts the target The dynamic link library is loaded into memory. Wherein, the target encryption dynamic link library includes a first key generation algorithm and a target encryption algorithm.
在本申请实施例中,响应消息中的目标加密动态链接库只包括第一密钥生成算法和目标加密算法,并不包括加密密钥,即便第一设备遭遇网络攻击时,也不会导致加密密钥的泄露,有效地保证了第一设备与第二设备的通信安全。In this embodiment of the present application, the target encryption dynamic link library in the response message only includes the first key generation algorithm and the target encryption algorithm, but does not include the encryption key. Even if the first device encounters a network attack, encryption will not be caused. The leakage of the key effectively ensures the security of the communication between the first device and the second device.
第二种可能的实施方式,第一设备将响应消息加载至内存,并在内存中对响应消息进行解析,获得目标加密动态链接库和第二设备的第二设备信息,其中,目标加密动态链接库包括第一密钥生成算法和目标加密算法。In the second possible implementation manner, the first device loads the response message into the memory, and parses the response message in the memory to obtain the target encrypted dynamic link library and the second device information of the second device, wherein the target encrypted dynamic link The library includes a first key generation algorithm and a target encryption algorithm.
在本申请实施例中,响应消息中的目标加密动态链接库只包括第一密钥生成算法和目标加密算法,并不包括加密密钥,即便第一设备遭遇网络攻击时,也不会导致加密密钥的泄露,有效地保证了第一设备与第二设备的通信安全。由于本申请中第一设备直接将响应消息加载至内存进行解析,并不在本地磁盘中进行解析,本地磁盘中并不留存任何文件,因此,可以进一步提高第一设备的通信安全。In this embodiment of the present application, the target encryption dynamic link library in the response message only includes the first key generation algorithm and the target encryption algorithm, but does not include the encryption key. Even if the first device encounters a network attack, encryption will not be caused. The leakage of the key effectively ensures the security of the communication between the first device and the second device. In this application, the first device directly loads the response message into the memory for parsing instead of parsing in the local disk, and no file is retained in the local disk, so the communication security of the first device can be further improved.
可选地,第一设备接收响应消息后,申请一段可读可写可执行的内存,将目标加密动态链接库加载至内存后,再通过动态加载的方法将目标加密动态链接库由elf格式转换成program格式,即由静态文件格式转换为运行态格式。具体过程如下:Optionally, after receiving the response message, the first device applies for a readable, writable and executable memory, loads the target encrypted dynamic link library into the memory, and then converts the target encrypted dynamic link library from the elf format by the method of dynamic loading. into the program format, that is, from the static file format to the running state format. The specific process is as follows:
步骤S301,获取目标加密动态链接库so。Step S301, obtaining a target encrypted dynamic link library so.
步骤S302,申请一段内存,并申请这段内存的可读可写可执行权限。Step S302, apply for a segment of memory, and apply for readable, writable, and executable permissions for the segment of memory.
步骤S303,将目标加密动态链接库so加载至该段内存。Step S303, load the target encrypted dynamic link library so into the segment of memory.
步骤S304,读取目标加密动态链接库so中的节头部(section header),根据节头部中的节(section)的偏移信息,解析目标加密动态链接库so,获取节的信息。Step S304, read the section header (section header) in the target encrypted dynamic link library so, and parse the target encrypted dynamic link library so according to the offset information of the section (section) in the section header to obtain section information.
步骤S305,读取目标加密动态链接库so中的段头部(segment header),根据段头部中的段(segment)的偏移信息,解析目标加密动态链接库so,获取段的信息。Step S305: Read the segment header (segment header) in the target encrypted dynamic link library so, and parse the target encrypted dynamic link library so according to the offset information of the segment (segment) in the segment header to obtain segment information.
步骤S306,判断目标加密动态链接库so是否链接了其他动态链接库,若是,则执行步骤S307;否则,结束。In step S306, it is judged whether the target encrypted dynamic link library so is linked with other dynamic link libraries, and if so, step S307 is executed; otherwise, the process ends.
步骤S307,将其他动态链接库一并加载至内存,进行解析,并结束。In step S307, the other dynamic link libraries are loaded into the memory together, and the analysis is performed, and the process ends.
在本申请实施例中,将目标加密动态链接库加载至内存进行解析,有效地避免了第一密钥生成算法和目标加密算法的泄露。In the embodiment of the present application, the target encryption dynamic link library is loaded into the memory for analysis, which effectively avoids the leakage of the first key generation algorithm and the target encryption algorithm.
可选地,在上述步骤S204中,第一设备基于第一密钥生成算法和目标加密算法对待处理数据进行加密处理,获得加密数据具体包括以下步骤:Optionally, in the above step S204, the first device performs encryption processing on the data to be processed based on the first key generation algorithm and the target encryption algorithm, and obtaining the encrypted data specifically includes the following steps:
步骤S401,第一设备通过调用加密密钥获取接口,获得第一密钥生成算法,并采用第一密钥生成算法生成加密密钥。Step S401, the first device obtains a first key generation algorithm by calling an encryption key acquisition interface, and uses the first key generation algorithm to generate an encryption key.
具体地,将第一设备的第一设备信息和第二设备信息作为加密密钥获取接口的输入参数,调用加密密钥获取接口,获得第一密钥生成算法,并采用第一密钥生成算法生成加密密钥。Specifically, the first device information and the second device information of the first device are used as input parameters of the encryption key acquisition interface, the encryption key acquisition interface is called, the first key generation algorithm is obtained, and the first key generation algorithm is adopted Generate encryption keys.
其中,输入参数可以是第一设备信息和第二设备信息中的任意组合,在此不做限定。例如,输入参数可以是第一设备信息中的MAC地址和端口号,以及第二设备信息中的IP地址和CPU型号。The input parameter may be any combination of the first device information and the second device information, which is not limited herein. For example, the input parameters may be the MAC address and port number in the first device information, and the IP address and CPU model in the second device information.
步骤S402,第一设备通过调用数据加密接口,获得目标加密算法,并基于加密密钥和目标加密算法对待处理数据进行加密处理,获得加密数据。Step S402, the first device obtains the target encryption algorithm by invoking the data encryption interface, and encrypts the data to be processed based on the encryption key and the target encryption algorithm to obtain encrypted data.
具体地,将加密密钥作为数据加密接口的输入参数,调用数据加密接口,获得目标加密算法,并基于加密密钥和目标加密算法对待处理数据进行加密处理,获得加密数据。Specifically, taking the encryption key as an input parameter of the data encryption interface, calling the data encryption interface to obtain the target encryption algorithm, and encrypting the data to be processed based on the encryption key and the target encryption algorithm to obtain the encrypted data.
在本申请实施例中,第一设备通过调用加密密钥获取接口,获得第一密钥生成算法,并采用第一密钥生成算法生成加密密钥,而不是直接接收第二设备发送的加密密钥,有效地提高了加密密钥的安全性。第一设备通过调用数据加密接口,获得目标加密算法,并基于加密密钥和目标加密算法对待处理数据进行加密处理,获得加密数据,而不是由第一设备直接存储目标加密算法,可以进一步保证数据加密的安全性。In this embodiment of the present application, the first device obtains the first key generation algorithm by calling the encryption key acquisition interface, and uses the first key generation algorithm to generate the encryption key, instead of directly receiving the encryption key sent by the second device. key, effectively improving the security of the encryption key. The first device obtains the target encryption algorithm by calling the data encryption interface, and encrypts the data to be processed based on the encryption key and the target encryption algorithm to obtain encrypted data, instead of directly storing the target encryption algorithm by the first device, which can further ensure the data Encrypted security.
可选地,在上述步骤S206中,第二设备基于第二密钥生成算法和目标解密算法对加密数据进行解密处理,获得待处理数据,具体包括以下步骤:Optionally, in the above step S206, the second device decrypts the encrypted data based on the second key generation algorithm and the target decryption algorithm to obtain the data to be processed, which specifically includes the following steps:
步骤S501,第二设备通过调用解密密钥获取接口,获得第二密钥生成算法,并采用第二密钥生成算法生成解密密钥。Step S501, the second device obtains a second key generation algorithm by invoking the decryption key acquisition interface, and uses the second key generation algorithm to generate a decryption key.
具体地,第二设备将第一设备的第一设备信息和第二设备信息作为解密密钥获取接口的输入参数,调用解密密钥获取接口,获得第二密钥生成算法,并采用第二密钥生成算法生成解密密钥。Specifically, the second device uses the first device information and the second device information of the first device as input parameters of the decryption key acquisition interface, calls the decryption key acquisition interface, obtains the second key generation algorithm, and uses the second encryption key. The key generation algorithm generates the decryption key.
其中,输入参数可以是第一设备信息和第二设备信息中的任意组合,在此不做限定。例如,输入参数可以是第一设备信息中的MAC地址和端口号,以及第二设备信息中的IP地址和CPU型号。The input parameter may be any combination of the first device information and the second device information, which is not limited herein. For example, the input parameters may be the MAC address and port number in the first device information, and the IP address and CPU model in the second device information.
步骤S502,第二设备通过调用数据解密接口,获得目标解密算法,并基于解密密钥和目标解密算法对加密数据进行解密处理,获得待处理数据。Step S502, the second device obtains the target decryption algorithm by invoking the data decryption interface, and decrypts the encrypted data based on the decryption key and the target decryption algorithm to obtain the data to be processed.
具体地,第二设备将解密密钥作为数据解密接口的输入参数,调用数据解密接口,获得目标解密算法,并基于解密密钥和目标解密算法对加密数据进行解密处理,获得待处理数据。Specifically, the second device uses the decryption key as an input parameter of the data decryption interface, calls the data decryption interface, obtains the target decryption algorithm, and decrypts the encrypted data based on the decryption key and the target decryption algorithm to obtain the data to be processed.
在本申请实施例中,第二设备通过调用解密密钥获取接口,获得第二密钥生成算法,并采用第二密钥生成算法生成解密密钥,而不是直接存储解密密钥,有效地提高了解密密钥的安全性。第二设备通过调用数据解密接口,获得目标解密算法,并基于解密密钥和目标解密算法对加密数据进行解密处理,获得待处理数据,而不是由第二设备直接存储目标解密算法,可以进一步保证了加密数据的安全性。In the embodiment of the present application, the second device obtains the second key generation algorithm by calling the decryption key acquisition interface, and uses the second key generation algorithm to generate the decryption key instead of directly storing the decryption key, which effectively improves the security of the decryption key. The second device obtains the target decryption algorithm by calling the data decryption interface, and decrypts the encrypted data based on the decryption key and the target decryption algorithm to obtain the data to be processed, instead of directly storing the target decryption algorithm by the second device, which can further ensure the security of encrypted data.
为了更好地解释本申请实施例,下面以具体实施场景为例,介绍本申请实施例提供的一种会话加密方法的流程,该方法由图1中的第一设备101和第二设备102交互执行,如图6所示,包括以下步骤:In order to better explain the embodiments of the present application, the following takes a specific implementation scenario as an example to introduce the flow of a session encryption method provided by the embodiments of the present application. In this method, the first device 101 and the
步骤S601,第一设备发送加密请求至第二设备,其中,加密请求包括第一设备的第一设备信息。Step S601, the first device sends an encryption request to the second device, wherein the encryption request includes first device information of the first device.
步骤S602,第二设备从N个候选密钥生成算法中选取第一密钥生成算法。Step S602, the second device selects the first key generation algorithm from the N candidate key generation algorithms.
步骤S603,第二设备从M个候选加密算法中选取目标加密算法。Step S603, the second device selects a target encryption algorithm from the M candidate encryption algorithms.
步骤S604,第二设备将第一密钥生成算法和目标加密算法封装为目标加密动态链接库。Step S604, the second device encapsulates the first key generation algorithm and the target encryption algorithm into a target encryption dynamic link library.
步骤S605,第二设备基于目标加密动态链接库和第二设备的第二设备信息,生成响应消息。Step S605, the second device generates a response message based on the target encrypted dynamic link library and the second device information of the second device.
步骤S606,第二设备发送响应消息至第一设备。Step S606, the second device sends a response message to the first device.
步骤S607,第一设备将响应消息加载至内存,并在内存中对响应消息进行解析,获得目标加密动态链接库和第二设备的第二设备信息。其中,目标加密动态链接库包括加密密钥获取接口和数据加密接口。Step S607, the first device loads the response message into the memory, and parses the response message in the memory to obtain the target encrypted dynamic link library and the second device information of the second device. The target encryption dynamic link library includes an encryption key acquisition interface and a data encryption interface.
步骤S608,通过调用加密密钥获取接口,获得第一密钥生成算法,并采用第一密钥生成算法生成加密密钥。Step S608: Obtain the first key generation algorithm by calling the encryption key acquisition interface, and use the first key generation algorithm to generate the encryption key.
步骤S609,通过调用数据加密接口,获得目标加密算法,并基于加密密钥和目标加密算法对待处理数据进行加密处理,获得加密数据。Step S609: Obtain the target encryption algorithm by invoking the data encryption interface, and perform encryption processing on the data to be processed based on the encryption key and the target encryption algorithm to obtain encrypted data.
步骤S610,第一设备发送加密数据和第一设备的第三设备信息至第二设备。Step S610, the first device sends the encrypted data and the third device information of the first device to the second device.
步骤S611,第二设备判断第一设备信息与第三设备信息是否满足预设条件,若是,则执行步骤S612;否则,结束。In step S611, the second device determines whether the first device information and the third device information satisfy the preset condition, and if so, executes step S612; otherwise, ends.
步骤S612,基于第二密钥生成算法生成解密密钥,其中,第二密钥生成算法与第一密钥生成算法相对应。Step S612: Generate a decryption key based on a second key generation algorithm, where the second key generation algorithm corresponds to the first key generation algorithm.
步骤S613,基于解密密钥和目标解密算法对加密数据进行解密处理,获得待处理数据,其中,目标解密算法与目标加密算法相对应。Step S613: Decrypt the encrypted data based on the decryption key and the target decryption algorithm to obtain data to be processed, wherein the target decryption algorithm corresponds to the target encryption algorithm.
在本申请实施例中,由于第二设备并不直接向第一设备发送加密密钥,而是发送第一密钥生成算法和目标加密算法,有效地保证了第一设备与第二设备的通信安全。In the embodiment of the present application, because the second device does not directly send the encryption key to the first device, but sends the first key generation algorithm and the target encryption algorithm, the communication between the first device and the second device is effectively guaranteed Safety.
第二设备将第一密钥生成算法和目标加密算法封装为目标加密动态链接库,目标加密动态链接库仅提供对外接口,即加密密钥获取接口和数据加密接口,可以有效地隐藏第一密钥生成算法和目标加密算法。同时,由于第一密钥生成算法和目标加密算法被封装为一个动态链接库,可以有效地提高第一设备后续加载动态链接库的效率。The second device encapsulates the first key generation algorithm and the target encryption algorithm into a target encryption dynamic link library, and the target encryption dynamic link library only provides external interfaces, that is, an encryption key acquisition interface and a data encryption interface, which can effectively hide the first encryption key. key generation algorithm and target encryption algorithm. At the same time, since the first key generation algorithm and the target encryption algorithm are encapsulated into a dynamic link library, the efficiency of subsequent loading of the dynamic link library by the first device can be effectively improved.
由于本申请中第一设备直接将响应消息加载至内存进行解析,并不在本地磁盘中进行解析,本地磁盘中并不留存任何文件,因此,可以进一步提高第一设备的通信安全。In this application, the first device directly loads the response message into the memory for parsing instead of parsing in the local disk, and no file is retained in the local disk, so the communication security of the first device can be further improved.
基于相同的技术构思,本申请实施例提供了一种加密装置,如图7所示,该装置700包括:Based on the same technical concept, an embodiment of the present application provides an encryption device. As shown in FIG. 7 , the
第一接收模块701,接收第二设备发送的针对加密请求的响应消息,所述加密请求是所述第一设备发送至所述第二设备的;所述响应消息包括从N个候选密钥生成算法中选取的第一密钥生成算法和从M个候选加密算法中选取的目标加密算法;其中,N>1,M>1;The
加密模块702,用于基于所述第一密钥生成算法和所述目标加密算法对待处理数据进行加密处理,获得加密数据;An
第一发送模块703,用于发送所述加密数据至所述第二设备,以使所述第二设备基于第二密钥生成算法和目标解密算法对所述加密数据进行解密处理,获得所述待处理数据;所述第二密钥生成算法与所述第一密钥生成算法相对应,所述目标解密算法与所述目标加密算法相对应。The
可选地,还包括解析模块704,所述解析模块704具体用于:Optionally, it also includes a
所述接收第二设备发送的针对加密请求的响应消息之后,将所述响应消息加载至内存,并在所述内存中对所述响应消息进行解析,获得目标加密动态链接库,其中,所述目标加密动态链接库包括所述第一密钥生成算法和所述目标加密算法。After receiving the response message for the encryption request sent by the second device, the response message is loaded into the memory, and the response message is parsed in the memory to obtain a target encrypted dynamic link library, wherein the The target encryption dynamic link library includes the first key generation algorithm and the target encryption algorithm.
可选地,所述目标加密动态链接库还包括加密密钥获取接口和数据加密接口;Optionally, the target encryption dynamic link library also includes an encryption key acquisition interface and a data encryption interface;
所述加密模块702具体用于:The
通过调用所述加密密钥获取接口,获得所述第一密钥生成算法,并采用所述第一密钥生成算法生成加密密钥;Obtain the first key generation algorithm by invoking the encryption key acquisition interface, and use the first key generation algorithm to generate an encryption key;
通过调用所述数据加密接口,获得所述目标加密算法,并基于所述加密密钥和所述目标加密算法对待处理数据进行加密处理,获得加密数据。By invoking the data encryption interface, the target encryption algorithm is obtained, and the data to be processed is encrypted based on the encryption key and the target encryption algorithm to obtain encrypted data.
可选地,所述响应消息还包括所述第二设备的第二设备信息;Optionally, the response message further includes second device information of the second device;
所述加密模块702具体用于:The
将所述第一设备的第一设备信息和所述第二设备信息作为所述加密密钥获取接口的输入参数,调用所述加密密钥获取接口,获得所述第一密钥生成算法;The first device information and the second device information of the first device are used as input parameters of the encryption key acquisition interface, and the encryption key acquisition interface is called to obtain the first key generation algorithm;
所述通加密模块702具体用于:The pass-through
将所述加密密钥作为所述数据加密接口的输入参数,调用所述数据加密接口,获得所述目标加密算法。Using the encryption key as an input parameter of the data encryption interface, call the data encryption interface to obtain the target encryption algorithm.
基于相同的技术构思,本申请实施例提供了一种加密装置,如图8所示,该装置800包括:Based on the same technical concept, an embodiment of the present application provides an encryption device. As shown in FIG. 8 , the
第二接收模块801,用于接收第一设备发送的加密请求,并针对所述加密请求生成响应消息,所述响应消息包括从N个候选密钥生成算法中选取的第一密钥生成算法和从M个候选加密算法中选取的目标加密算法,其中,N>1,M>1;The
第二发送模块802,用于发送所述响应消息至所述第一设备,以使所述第一设备基于所述第一密钥生成算法和所述目标加密算法对待处理数据进行加密处理,获得加密数据;The
解密模块803,用于接收所述第一设备发送的加密数据,并基于第二密钥生成算法和目标解密算法对所述加密数据进行解密处理,获得所述待处理数据;所述第二密钥生成算法与所述第一密钥生成算法相对应,所述目标解密算法与所述目标加密算法相对应。The
可选地,所述第二接收模块801具体用于:Optionally, the
将所述第一密钥生成算法和所述目标加密算法封装为目标加密动态链接库,其中,所述目标加密动态链接库包括加密密钥获取接口和数据加密接口;Encapsulating the first key generation algorithm and the target encryption algorithm into a target encryption dynamic link library, wherein the target encryption dynamic link library includes an encryption key acquisition interface and a data encryption interface;
基于所述目标加密动态链接库和所述第二设备的第二设备信息,生成所述响应消息。The response message is generated based on the target encrypted dynamic link library and the second device information of the second device.
可选地,所述加密请求包括所述第一设备的第一设备信息;Optionally, the encryption request includes first device information of the first device;
所述第二接收模块801具体用于:The
将所述第一设备信息和所述第二设备信息作为键,将所述加密密钥获取接口和所述数据加密接口作为值,对所述第一密钥生成算法和所述目标加密算法进行封装,获得所述目标加密动态链接库。Using the first device information and the second device information as keys, and the encryption key acquisition interface and the data encryption interface as values, perform the first key generation algorithm and the target encryption algorithm. package to obtain the target encrypted dynamic link library.
可选地,所述解密模块803具体用于:Optionally, the
接收所述第一设备发送的加密数据和所述第一设备的第三设备信息;receiving encrypted data sent by the first device and third device information of the first device;
若所述第一设备信息与所述第三设备信息满足预设条件,则基于所述第二密钥生成算法生成解密密钥;If the first device information and the third device information meet a preset condition, generating a decryption key based on the second key generation algorithm;
基于所述解密密钥和所述目标解密算法,对所述加密数据进行解密处理,获得所述待处理数据。Based on the decryption key and the target decryption algorithm, decrypt the encrypted data to obtain the data to be processed.
基于相同的技术构思,本申请实施例提供了一种计算机设备,计算机设备可以是终端或服务器,如图9所示,包括至少一个处理器901,以及与至少一个处理器连接的存储器902,本申请实施例中不限定处理器901与存储器902之间的具体连接介质,图9中处理器901和存储器902之间通过总线连接为例。总线可以分为地址总线、数据总线、控制总线等。Based on the same technical concept, an embodiment of the present application provides a computer device. The computer device may be a terminal or a server, as shown in FIG. 9 , and includes at least one
在本申请实施例中,存储器902存储有可被至少一个处理器901执行的指令,至少一个处理器901通过执行存储器902存储的指令,可以执行上述加密方法中所包括的步骤。In this embodiment of the present application, the
其中,处理器901是计算机设备的控制中心,可以利用各种接口和线路连接计算机设备的各个部分,通过运行或执行存储在存储器902内的指令以及调用存储在存储器902内的数据,从而进行加密。可选的,处理器901可包括一个或多个处理单元,处理器901可集成应用处理器和调制解调处理器,其中,应用处理器主要处理操作系统、用户界面和应用程序等,调制解调处理器主要处理无线通信。可以理解的是,上述调制解调处理器也可以不集成到处理器901中。在一些实施例中,处理器901和存储器902可以在同一芯片上实现,在一些实施例中,它们也可以在独立的芯片上分别实现。The
处理器901可以是通用处理器,例如中央处理器(CPU)、数字信号处理器、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件,可以实现或者执行本申请实施例中公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者任何常规的处理器等。结合本申请实施例所公开的方法的步骤可以直接体现为硬件处理器执行完成,或者用处理器中的硬件及软件模块组合执行完成。The
存储器902作为一种非易失性计算机可读存储介质,可用于存储非易失性软件程序、非易失性计算机可执行程序以及模块。存储器902可以包括至少一种类型的存储介质,例如可以包括闪存、硬盘、多媒体卡、卡型存储器、随机访问存储器(Random AccessMemory,RAM)、静态随机访问存储器(Static Random Access Memory,SRAM)、可编程只读存储器(Programmable Read Only Memory,PROM)、只读存储器(Read Only Memory,ROM)、带电可擦除可编程只读存储器(Electrically Erasable Programmable Read-Only Memory,EEPROM)、磁性存储器、磁盘、光盘等等。存储器902是能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质,但不限于此。本申请实施例中的存储器902还可以是电路或者其它任意能够实现存储功能的装置,用于存储程序指令和/或数据。The
基于同一发明构思,本申请实施例提供了一种计算机可读存储介质,其存储有可由计算机设备执行的计算机程序,当程序在计算机设备上运行时,使得计算机设备执行上述加密方法的步骤。Based on the same inventive concept, an embodiment of the present application provides a computer-readable storage medium, which stores a computer program executable by a computer device, and when the program runs on the computer device, causes the computer device to execute the steps of the above encryption method.
本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。As will be appreciated by those skilled in the art, the embodiments of the present application may be provided as a method, a system, or a computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
本申请是参照根据本申请的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the present application. It will be understood that each flow and/or block in the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing device to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing device produce Means for implementing the functions specified in a flow or flow of a flowchart and/or a block or blocks of a block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory result in an article of manufacture comprising instruction means, the instructions The apparatus implements the functions specified in the flow or flow of the flowcharts and/or the block or blocks of the block diagrams.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process such that The instructions provide steps for implementing the functions specified in the flow or blocks of the flowcharts and/or the block or blocks of the block diagrams.
显然,本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的精神和范围。这样,倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the present application without departing from the spirit and scope of the present application. Thus, if these modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is also intended to include these modifications and variations.
Claims (12)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210524811.6A CN115037458B (en) | 2022-05-13 | 2022-05-13 | Encryption method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210524811.6A CN115037458B (en) | 2022-05-13 | 2022-05-13 | Encryption method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115037458A true CN115037458A (en) | 2022-09-09 |
| CN115037458B CN115037458B (en) | 2025-01-17 |
Family
ID=83121522
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210524811.6A Active CN115037458B (en) | 2022-05-13 | 2022-05-13 | Encryption method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115037458B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003065169A2 (en) * | 2002-01-30 | 2003-08-07 | Tecsec, Inc. | Access system utilizing multiple factor identification and authentication |
| CN105450620A (en) * | 2014-09-30 | 2016-03-30 | 阿里巴巴集团控股有限公司 | Information processing method and device |
| CN108028748A (en) * | 2016-02-27 | 2018-05-11 | 华为技术有限公司 | For handling the method, equipment and system of VXLAN messages |
| CN111488331A (en) * | 2020-04-08 | 2020-08-04 | 广州虎牙科技有限公司 | Database connection method and device and computer equipment |
| CN111857860A (en) * | 2019-04-30 | 2020-10-30 | 烽火通信科技股份有限公司 | Method and system for realizing safe loading of plug-in |
-
2022
- 2022-05-13 CN CN202210524811.6A patent/CN115037458B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003065169A2 (en) * | 2002-01-30 | 2003-08-07 | Tecsec, Inc. | Access system utilizing multiple factor identification and authentication |
| CN105450620A (en) * | 2014-09-30 | 2016-03-30 | 阿里巴巴集团控股有限公司 | Information processing method and device |
| CN108028748A (en) * | 2016-02-27 | 2018-05-11 | 华为技术有限公司 | For handling the method, equipment and system of VXLAN messages |
| US20180139191A1 (en) * | 2016-02-27 | 2018-05-17 | Huawei Technologies Co., Ltd. | Method, Device, and System for Processing VXLAN Packet |
| CN111857860A (en) * | 2019-04-30 | 2020-10-30 | 烽火通信科技股份有限公司 | Method and system for realizing safe loading of plug-in |
| CN111488331A (en) * | 2020-04-08 | 2020-08-04 | 广州虎牙科技有限公司 | Database connection method and device and computer equipment |
Non-Patent Citations (2)
| Title |
|---|
| HYOUNG-KEE CHOI ECT.: "Extraction of TLS master secret key in windows", 《2016 INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGY CONVERGENCE (ICTC)》, 5 December 2016 (2016-12-05) * |
| 彭德云, 王嘉祯, 徐波: "用JAVA构建敏感数据的安全传输通道", 计算机工程与科学, no. 06, 30 June 2004 (2004-06-30) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115037458B (en) | 2025-01-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3484125B1 (en) | Method and device for scheduling interface of hybrid cloud | |
| US10963593B1 (en) | Secure data storage using multiple factors | |
| CN112737779B (en) | Cryptographic machine service method, device, cryptographic machine and storage medium | |
| CN113221152B (en) | Data processing method, device, equipment, storage medium and program | |
| CN110661748B (en) | Log encryption method, log decryption method and log encryption device | |
| CN110391900A (en) | Private key processing method, terminal and key center based on SM2 algorithm | |
| CN104468095A (en) | Data transmission method and device | |
| CN108848058A (en) | Intelligent contract processing method and block catenary system | |
| WO2020146081A1 (en) | Private exchange of encrypted data over a computer network | |
| CN114143108A (en) | Session encryption method, device, equipment and storage medium | |
| CN117240625B (en) | Tamper-resistant data processing method and device and electronic equipment | |
| JP2019519176A (en) | KEY MANAGEMENT SYSTEM AND METHOD | |
| CN115941278A (en) | Data transmission method, device, electronic device and computer readable medium | |
| WO2023125480A1 (en) | Access object authentication method, apparatus and system | |
| CN116599772A (en) | Data processing method and related equipment | |
| CN116614653A (en) | Multimedia file playing method, device, system, equipment and storage medium | |
| WO2014089968A1 (en) | Virtual machine system data encryption method and device | |
| CN115021919B (en) | SSL negotiation method, device, equipment and computer-readable storage medium | |
| US12200105B1 (en) | Asymmetric computer-implemented storage cryptography | |
| CN115037458B (en) | Encryption method, device, equipment and storage medium | |
| CN116865999A (en) | An encryption method, device, equipment and storage medium | |
| CN116074106A (en) | Message encryption and decryption method and device, electronic equipment and storage medium | |
| WO2019134278A1 (en) | Chat encryption method and apparatus, chat decryption method and apparatus, electronic terminal and readable storage medium | |
| CN114996730A (en) | Data encryption and decryption system, method, computer equipment and storage medium | |
| CN115604371A (en) | Message processing method, system and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |