[go: up one dir, main page]

CN115208557A - Data encryption method and device, electronic equipment and computer storage medium - Google Patents

Data encryption method and device, electronic equipment and computer storage medium Download PDF

Info

Publication number
CN115208557A
CN115208557A CN202110385380.5A CN202110385380A CN115208557A CN 115208557 A CN115208557 A CN 115208557A CN 202110385380 A CN202110385380 A CN 202110385380A CN 115208557 A CN115208557 A CN 115208557A
Authority
CN
China
Prior art keywords
key
data
encryption
identification information
center
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110385380.5A
Other languages
Chinese (zh)
Inventor
陈德强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Anhui Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Anhui Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Anhui Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202110385380.5A priority Critical patent/CN115208557A/en
Publication of CN115208557A publication Critical patent/CN115208557A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a data encryption method and device, electronic equipment and a computer storage medium. The data encryption method comprises the following steps: acquiring plaintext data input by a user; after verifying that the user is legal, sending an encryption request to a key center; receiving key time, a public key and key center identification information sent by a key center; determining encryption cycle times and corresponding sub-keys respectively based on the key time, the public key, the key center identification information and a preset private key; and circularly encrypting the plaintext data by utilizing each sub-key until the encryption circulation times are reached to obtain ciphertext data corresponding to the plaintext data. According to the embodiment of the application, data encryption can be carried out more safely and conveniently.

Description

数据加密方法、装置、电子设备及计算机存储介质Data encryption method, device, electronic device and computer storage medium

技术领域technical field

本申请属于数据加解密技术领域,尤其涉及一种数据加密方法、装置、电子设备及计算机存储介质。The present application belongs to the technical field of data encryption and decryption, and in particular, relates to a data encryption method, device, electronic device and computer storage medium.

背景技术Background technique

随着信息化、智能化的大力发展,各种信息化系统采用密码技术进行身份认证和数据加密存储以及传输的应用已成为必要的要求,特别是移动化业务的开展,终端智能化的增强,作为身份认证与数据加密基础性支撑技术的密码技术在数据传输,可信认证和数据存储中发挥了越来越重要的作用。密码技术的核心内容是通过加密方法把对数据的保护归结为对若干核心密钥的保护并有效阻止外界通过暴力计算和猜解进行密钥的破译,因此密钥管理问题就成为首要的核心问题。With the vigorous development of informatization and intelligence, it has become a necessary requirement for various informatization systems to use password technology for identity authentication and data encryption storage and transmission applications, especially the development of mobile services and the enhancement of terminal intelligence. As the basic supporting technology of identity authentication and data encryption, cryptography plays an increasingly important role in data transmission, trusted authentication and data storage. The core content of cryptography is to reduce the protection of data to the protection of several core keys through encryption methods and effectively prevent the outside world from deciphering the keys through brute force calculation and guessing. Therefore, the key management problem has become the primary core problem. .

密钥是有生命周期的,它包括密钥和证书的有效时间,以及已撤销密钥和证书的维护时间等。密钥既然要求保密,这就涉及到密钥的管理问题,主要包括密钥产生、密钥备份、密钥恢复和密钥更新。The key has a life cycle, which includes the validity time of the key and certificate, and the maintenance time of the revoked key and certificate. Since the key is required to be kept secret, it involves the management of the key, which mainly includes key generation, key backup, key recovery and key update.

传统3DES算法是在DES的基础上采用三重DES,即用两个56位的密钥K1和K2,加密发起方用K1加密,K2解密,再使用K1加密。解密使用方则使用K1解密,K2加密,再使用K1解密,其效果是将密钥长度加倍。具体流程可参见图1。The traditional 3DES algorithm uses triple DES on the basis of DES, that is, two 56-bit keys K1 and K2 are used. The encryption initiator uses K1 encryption, K2 decryption, and then K1 encryption. The decryption user uses K1 to decrypt, K2 to encrypt, and then K1 to decrypt. The effect is to double the key length. The specific process can be seen in Figure 1.

现有技术存在以下缺点:1、安全性弱。在计算机性能越来越强大的今天,暴力破解和字典猜测的难度越来越低。通常加密的算法对待相关需要加密的文件能很快的完成加密,这意味着相关的加密文档将能以可接受的时间被破解,造成保密程度的下降。2、密钥变更操作需要我们的技术人员先用变更前的密钥对加密数据进行解密、然后用变更后的密钥对解密后的数据进行加密,这种操作需要同时管理新、老密钥,由于算法先天限制,导致加密强度不够,当加密数据涉及的数据量较大时,会带来繁琐的操作,一旦密钥搞错容易导致元素数据再也无法恢复问题。The prior art has the following disadvantages: 1. The security is weak. In today's increasingly powerful computer performance, the difficulty of brute force and dictionary guessing is getting lower and lower. Usually, the encryption algorithm can quickly complete the encryption of the relevant files that need to be encrypted, which means that the relevant encrypted documents will be cracked in an acceptable time, resulting in a decrease in the degree of confidentiality. 2. The key change operation requires our technicians to decrypt the encrypted data with the key before the change, and then encrypt the decrypted data with the changed key. This operation needs to manage the new and old keys at the same time. , Due to the inherent limitation of the algorithm, the encryption strength is not enough. When the amount of data involved in the encrypted data is large, it will bring tedious operations. Once the key is wrong, the element data can no longer be recovered.

因此,如何更加安全、便捷地进行数据加密是本领域技术人员亟需解决的技术问题。Therefore, how to encrypt data more securely and conveniently is a technical problem that needs to be solved urgently by those skilled in the art.

发明内容SUMMARY OF THE INVENTION

本申请实施例提供一种数据加密方法、装置、电子设备及计算机存储介质,能够更加安全、便捷地进行数据加密。Embodiments of the present application provide a data encryption method, device, electronic device, and computer storage medium, which can perform data encryption more securely and conveniently.

第一方面,本申请实施例提供一种数据加密方法,包括:In a first aspect, an embodiment of the present application provides a data encryption method, including:

获取用户输入的明文数据;Get the plaintext data entered by the user;

在验证用户合法后,向密钥中心发送加密请求;After verifying that the user is legal, send an encryption request to the key center;

接收密钥中心发送的密钥时间、公钥和密钥中心标识信息;Receive the key time, public key and key center identification information sent by the key center;

基于密钥时间、公钥、密钥中心标识信息和预设的私钥,确定加密循环次数及分别对应的子密钥;Determine the number of encryption cycles and the corresponding sub-keys based on the key time, public key, key center identification information and preset private key;

利用各个子密钥对明文数据进行循环加密直至达到加密循环次数,得到明文数据对应的密文数据。The plaintext data is cyclically encrypted by using each subkey until the number of encryption cycles is reached, and the ciphertext data corresponding to the plaintext data is obtained.

可选的,利用各个子密钥对明文数据进行循环加密直至达到加密循环次数,得到明文数据对应的密文数据之后,方法还包括:Optionally, using each subkey to cyclically encrypt the plaintext data until the number of encryption cycles is reached, and after obtaining the ciphertext data corresponding to the plaintext data, the method further includes:

向密钥中心发送解密请求;Send a decryption request to the key center;

接收密钥中心发送的密钥时间、公钥和密钥中心标识信息;Receive the key time, public key and key center identification information sent by the key center;

基于密钥时间、公钥、密钥中心标识信息和预设的私钥,确定解密循环次数及分别对应的子密钥;Determine the number of decryption cycles and the corresponding sub-keys based on the key time, public key, key center identification information and preset private key;

利用各个子密钥对密文数据进行循环解密直至达到解密循环次数,得到明文数据。The ciphertext data is cyclically decrypted by using each subkey until the number of decryption cycles is reached, and the plaintext data is obtained.

可选的,利用各个子密钥对明文数据进行循环加密直至达到加密循环次数,得到明文数据对应的密文数据,包括:Optionally, use each subkey to cyclically encrypt the plaintext data until the number of encryption cycles is reached, and obtain ciphertext data corresponding to the plaintext data, including:

对明文数据进行分段,得到明文数据片段;Segment plaintext data to obtain plaintext data segments;

利用各个子密钥对明文数据片段进行循环加密直至达到加密循环次数,得到密文数据。The plaintext data segment is cyclically encrypted by using each subkey until the number of encryption cycles is reached, and the ciphertext data is obtained.

可选的,基于密钥时间、公钥、密钥中心标识信息和预设的私钥,确定加密循环次数及分别对应的子密钥之后,方法还包括:Optionally, after determining the number of encryption cycles and the corresponding sub-keys based on the key time, public key, key center identification information and preset private key, the method further includes:

基于矩阵化转换,更新子密钥。Based on the matrix transformation, the subkey is updated.

可选的,接收密钥中心发送的密钥时间、公钥和密钥中心标识信息,包括:Optionally, receive the key time, public key, and key center identification information sent by the key center, including:

接收密钥中心发送的加密后的密钥时间、公钥和密钥中心标识信息。Receive the encrypted key time, public key and key center identification information sent by the key center.

可选的,公钥包括当前密钥版本号、分隔符、更新时间、密钥中心标识信息与密钥串。Optionally, the public key includes the current key version number, separator, update time, key center identification information and key string.

可选的,密文数据包括当前密钥版本号、分隔符、更新时间、密钥中心标识信息与加密后的数据。Optionally, the ciphertext data includes the current key version number, separator, update time, key center identification information, and encrypted data.

第二方面,本申请实施例提供了一种数据加密装置,包括:In a second aspect, an embodiment of the present application provides a data encryption device, including:

获取模块,用于获取用户输入的明文数据;The acquisition module is used to acquire the plaintext data input by the user;

发送模块,用于在验证用户合法后,向密钥中心发送加密请求;The sending module is used to send an encryption request to the key center after verifying that the user is legal;

接收模块,用于接收密钥中心发送的密钥时间、公钥和密钥中心标识信息;The receiving module is used to receive the key time, public key and key center identification information sent by the key center;

确定模块,用于基于密钥时间、公钥、密钥中心标识信息和预设的私钥,确定加密循环次数及分别对应的子密钥;a determination module, configured to determine the number of encryption cycles and the corresponding sub-keys based on the key time, the public key, the key center identification information and the preset private key;

加密模块,用于利用各个子密钥对明文数据进行循环加密直至达到加密循环次数,得到明文数据对应的密文数据。The encryption module is used to cyclically encrypt the plaintext data by using each subkey until the number of encryption cycles is reached, and obtain the ciphertext data corresponding to the plaintext data.

可选的,发送模块,还用于向密钥中心发送解密请求;接收模块,还用于接收密钥中心发送的密钥时间、公钥和密钥中心标识信息;确定模块,还用于基于密钥时间、公钥、密钥中心标识信息和预设的私钥,确定解密循环次数及分别对应的子密钥;解密模块,用于利用各个子密钥对密文数据进行循环解密直至达到解密循环次数,得到明文数据。Optionally, the sending module is also used to send a decryption request to the key center; the receiving module is also used to receive the key time, public key and key center identification information sent by the key center; the determining module is also used to The key time, public key, key center identification information and preset private key determine the number of decryption cycles and the corresponding subkeys; the decryption module is used to cyclically decrypt the ciphertext data by using each subkey until the Decryption cycle times to get plaintext data.

可选的,加密模块,用于对明文数据进行分段,得到明文数据片段;利用各个子密钥对明文数据片段进行循环加密直至达到加密循环次数,得到密文数据。Optionally, the encryption module is used for segmenting plaintext data to obtain plaintext data segments; using each subkey to cyclically encrypt the plaintext data segments until the number of encryption cycles is reached, to obtain ciphertext data.

可选的,装置还包括:更新模块,用于基于矩阵化转换,更新子密钥。Optionally, the apparatus further includes: an update module, configured to update the subkey based on the matrix transformation.

可选的,接收模块,用于接收密钥中心发送的加密后的密钥时间、公钥和密钥中心标识信息。Optionally, the receiving module is configured to receive the encrypted key time, public key and key center identification information sent by the key center.

可选的,公钥包括当前密钥版本号、分隔符、更新时间、密钥中心标识信息与密钥串。Optionally, the public key includes the current key version number, separator, update time, key center identification information and key string.

可选的,密文数据包括当前密钥版本号、分隔符、更新时间、密钥中心标识信息与加密后的数据。Optionally, the ciphertext data includes the current key version number, separator, update time, key center identification information, and encrypted data.

第三方面,本申请实施例提供了一种电子设备,电子设备包括:In a third aspect, an embodiment of the present application provides an electronic device, and the electronic device includes:

处理器以及存储有计算机程序指令的存储器;a processor and a memory storing computer program instructions;

处理器执行计算机程序指令时实现如第一方面所示的数据加密方法。The data encryption method shown in the first aspect is implemented when the processor executes the computer program instructions.

第四方面,本申请实施例提供了一种计算机存储介质,计算机存储介质上存储有计算机程序指令,计算机程序指令被处理器执行时实现如第一方面所示的数据加密方法。In a fourth aspect, embodiments of the present application provide a computer storage medium, where computer program instructions are stored thereon, and when the computer program instructions are executed by a processor, the data encryption method shown in the first aspect is implemented.

本申请实施例的数据加密方法、装置、电子设备及计算机存储介质,能够更加安全、便捷地进行数据加密。该数据加密方法,包括:获取用户输入的明文数据;在验证用户合法后,向密钥中心发送加密请求;接收密钥中心发送的密钥时间、公钥和密钥中心标识信息;基于密钥时间、公钥、密钥中心标识信息和预设的私钥,确定加密循环次数及分别对应的子密钥;利用各个子密钥对明文数据进行循环加密直至达到加密循环次数,得到明文数据对应的密文数据。可见,该方法利用各个子密钥对明文数据进行循环加密,且无需管理新、老密钥,故能够更加安全、便捷地进行数据加密。The data encryption method, device, electronic device, and computer storage medium of the embodiments of the present application can perform data encryption more securely and conveniently. The data encryption method includes: acquiring plaintext data input by a user; after verifying that the user is legal, sending an encryption request to a key center; receiving key time, public key and key center identification information sent by the key center; Time, public key, key center identification information and preset private key, determine the number of encryption cycles and the corresponding sub-keys; use each sub-key to cyclically encrypt plaintext data until the number of encryption cycles is reached, and obtain the corresponding plaintext data ciphertext data. It can be seen that this method utilizes each sub-key to cyclically encrypt plaintext data, and does not need to manage new and old keys, so data encryption can be performed more safely and conveniently.

附图说明Description of drawings

为了更清楚地说明本申请实施例的技术方案,下面将对本申请实施例中所需要使用的附图作简单的介绍,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the technical solutions of the embodiments of the present application more clearly, the following briefly introduces the accompanying drawings that need to be used in the embodiments of the present application. For those of ordinary skill in the art, without creative work, the Additional drawings can be obtained from these drawings.

图1是现有技术中的数据加解密方法流程示意图;1 is a schematic flowchart of a data encryption and decryption method in the prior art;

图2是本申请一个实施例提供的数据加密方法的流程示意图;2 is a schematic flowchart of a data encryption method provided by an embodiment of the present application;

图3是本申请一个实施例提供的数据加密方法的流程示意图;3 is a schematic flowchart of a data encryption method provided by an embodiment of the present application;

图4是本申请一个实施例提供的数据解密方法的流程示意图;4 is a schematic flowchart of a data decryption method provided by an embodiment of the present application;

图5是本申请一个实施例提供的数据加密装置的结构示意图;5 is a schematic structural diagram of a data encryption device provided by an embodiment of the present application;

图6是本申请一个实施例提供的电子设备的结构示意图。FIG. 6 is a schematic structural diagram of an electronic device provided by an embodiment of the present application.

具体实施方式Detailed ways

下面将详细描述本申请的各个方面的特征和示例性实施例,为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及具体实施例,对本申请进行进一步详细描述。应理解,此处所描述的具体实施例仅意在解释本申请,而不是限定本申请。对于本领域技术人员来说,本申请可以在不需要这些具体细节中的一些细节的情况下实施。下面对实施例的描述仅仅是为了通过示出本申请的示例来提供对本申请更好的理解。The features and exemplary embodiments of various aspects of the present application will be described in detail below. In order to make the purpose, technical solutions and advantages of the present application more clear, the present application will be further described in detail below with reference to the accompanying drawings and specific embodiments. It should be understood that the specific embodiments described herein are only intended to explain the present application, but not to limit the present application. It will be apparent to those skilled in the art that the present application may be practiced without some of these specific details. The following description of the embodiments is merely to provide a better understanding of the present application by illustrating examples of the present application.

需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。It should be noted that, in this document, relational terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply any relationship between these entities or operations. any such actual relationship or sequence exists. Moreover, the terms "comprising", "comprising" or any other variation thereof are intended to encompass a non-exclusive inclusion such that a process, method, article or device that includes a list of elements includes not only those elements, but also includes not explicitly listed or other elements inherent to such a process, method, article or apparatus. Without further limitation, an element defined by the phrase "comprises" does not preclude the presence of additional identical elements in a process, method, article, or device that includes the element.

为了解决现有技术问题,本申请实施例提供了一种数据加密方法、装置、电子设备及计算机存储介质。下面首先对本申请实施例所提供的数据加密方法进行介绍。In order to solve the problems of the prior art, the embodiments of the present application provide a data encryption method, an apparatus, an electronic device, and a computer storage medium. The data encryption method provided by the embodiments of the present application is first introduced below.

图2示出了本申请一个实施例提供的数据加密方法的流程示意图。如图2所示,该数据加密方法,包括:FIG. 2 shows a schematic flowchart of a data encryption method provided by an embodiment of the present application. As shown in Figure 2, the data encryption method includes:

S201、获取用户输入的明文数据。S201. Acquire plaintext data input by a user.

S202、在验证用户合法后,向密钥中心发送加密请求。S202, after verifying that the user is legal, send an encryption request to the key center.

S203、接收密钥中心发送的密钥时间、公钥和密钥中心标识信息。S203. Receive the key time, public key, and key center identification information sent by the key center.

在一个实施例中,公钥包括当前密钥版本号、分隔符、更新时间、密钥中心标识信息与密钥串。In one embodiment, the public key includes the current key version number, separator, update time, key center identification information and key string.

在一个实施例中,接收密钥中心发送的密钥时间、公钥和密钥中心标识信息,包括:接收密钥中心发送的加密后的密钥时间、公钥和密钥中心标识信息。In one embodiment, receiving the key time, public key, and key center identification information sent by the key center includes: receiving the encrypted key time, public key, and key center identification information sent by the key center.

S204、基于密钥时间、公钥、密钥中心标识信息和预设的私钥,确定加密循环次数及分别对应的子密钥。S204. Determine the number of encryption cycles and the corresponding sub-keys based on the key time, the public key, the key center identification information, and the preset private key.

在一个实施例中,基于密钥时间、公钥、密钥中心标识信息和预设的私钥,确定加密循环次数及分别对应的子密钥之后,方法还包括:基于矩阵化转换,更新子密钥。In one embodiment, after determining the number of encryption cycles and the corresponding sub-keys based on the key time, the public key, the key center identification information, and the preset private key, the method further includes: updating the sub-key based on matrix transformation. key.

S205、利用各个子密钥对明文数据进行循环加密直至达到加密循环次数,得到明文数据对应的密文数据。S205 , cyclically encrypt the plaintext data by using each subkey until the number of encryption cycles is reached, and obtain ciphertext data corresponding to the plaintext data.

在一个实施例中,密文数据包括当前密钥版本号、分隔符、更新时间、密钥中心标识信息与加密后的数据。In one embodiment, the ciphertext data includes the current key version number, separator, update time, key center identification information, and encrypted data.

在一个实施例中,利用各个子密钥对明文数据进行循环加密直至达到加密循环次数,得到明文数据对应的密文数据,包括:对明文数据进行分段,得到明文数据片段;利用各个子密钥对明文数据片段进行循环加密直至达到加密循环次数,得到密文数据。In one embodiment, using each subkey to cyclically encrypt plaintext data until the number of encryption cycles is reached, and obtaining ciphertext data corresponding to the plaintext data, includes: segmenting the plaintext data to obtain plaintext data segments; using each subkey to obtain ciphertext data The key is used to cyclically encrypt the plaintext data segment until the number of encryption cycles is reached, and the ciphertext data is obtained.

在一个实施例中,利用各个子密钥对明文数据进行循环加密直至达到加密循环次数,得到明文数据对应的密文数据之后,方法还包括:In one embodiment, the plaintext data is cyclically encrypted by using each subkey until the number of encryption cycles is reached, and after obtaining the ciphertext data corresponding to the plaintext data, the method further includes:

向密钥中心发送解密请求;Send a decryption request to the key center;

接收密钥中心发送的密钥时间、公钥和密钥中心标识信息;Receive the key time, public key and key center identification information sent by the key center;

基于密钥时间、公钥、密钥中心标识信息和预设的私钥,确定解密循环次数及分别对应的子密钥;Determine the number of decryption cycles and the corresponding sub-keys based on the key time, public key, key center identification information and preset private key;

利用各个子密钥对密文数据进行循环解密直至达到解密循环次数,得到明文数据。The ciphertext data is cyclically decrypted by using each subkey until the number of decryption cycles is reached, and the plaintext data is obtained.

该数据加密方法,包括:获取用户输入的明文数据;在验证用户合法后,向密钥中心发送加密请求;接收密钥中心发送的密钥时间、公钥和密钥中心标识信息;基于密钥时间、公钥、密钥中心标识信息和预设的私钥,确定加密循环次数及分别对应的子密钥;利用各个子密钥对明文数据进行循环加密直至达到加密循环次数,得到明文数据对应的密文数据。可见,该方法利用各个子密钥对明文数据进行循环加密,且无需管理新、老密钥,故能够更加安全、便捷地进行数据加密。The data encryption method includes: acquiring plaintext data input by a user; after verifying that the user is legal, sending an encryption request to a key center; receiving key time, public key and key center identification information sent by the key center; Time, public key, key center identification information and preset private key, determine the number of encryption cycles and the corresponding sub-keys; use each sub-key to cyclically encrypt plaintext data until the number of encryption cycles is reached, and obtain the corresponding plaintext data ciphertext data. It can be seen that this method utilizes each sub-key to cyclically encrypt plaintext data, and does not need to manage new and old keys, so data encryption can be performed more safely and conveniently.

下面以一个具体实施例对上述技术方案进行说明。The above technical solution will be described below with a specific embodiment.

本实施例能够解决上述技术问题并能提供安全可靠、便捷、无缝的数据加解密服务能力:1、通过巧妙的算法设计,能快速进行内部加解密子密钥的生成,极大增强了加密强度同时未明显延长加密时间。2、新算法中原始加密密钥K2向外公开,因此此算法同时是一种非对称加解密算法。在实际操作时,公钥可以通过密钥中心定时更换,有效保证了加密的有效性和解密过程的可追踪性,对于国安、金融等领域的使用意义重大。This embodiment can solve the above technical problems and provide safe, reliable, convenient, and seamless data encryption and decryption service capabilities: 1. Through ingenious algorithm design, internal encryption and decryption subkeys can be quickly generated, which greatly enhances encryption Strength also did not significantly increase encryption time. 2. In the new algorithm, the original encryption key K 2 is disclosed to the outside, so this algorithm is also an asymmetric encryption and decryption algorithm. In actual operation, the public key can be changed regularly through the key center, which effectively ensures the validity of encryption and the traceability of the decryption process, which is of great significance to the use of national security, finance and other fields.

本实施例技术方案主要包括五个部分:加解密算法、密钥文件格式、加密数据格式、加解密API、透明化的密钥变更方法。下面分别阐述:The technical solution of this embodiment mainly includes five parts: encryption and decryption algorithm, key file format, encrypted data format, encryption and decryption API, and transparent key change method. The following are respectively explained:

一、加解密算法。1. Encryption and decryption algorithm.

使用两位256位的原始密钥K1、K2(可为定时刷新的公钥)和密钥时间T,加密方将使用子密钥K1 r-1密钥对所需加密的文件进行加密,然后使用子密钥K2 r-1密钥进行加密,后续使用子密钥K1 r进行解密,再使用子密钥K2 r密钥进行解密,循环N次;解密方将使用子密钥K2 r密钥对已加密文件进行加密,再使用子密钥K1 r密钥进行加密,然后使用子密钥K2 r-1密钥进行解密,再使用子密钥K1 r-1密钥进行解密,循环N次,最终得到加密前的明文文本。其中N次的数字本身由原始密钥K1和K2共同计算得出。每轮加解密后,子密钥K1 N和K2 N均会发生形变。Using two 256-bit original keys K 1 , K 2 (which can be the public key that can be refreshed regularly) and key time T, the encryption party will use the sub-key K 1 r-1 key to encrypt the file to be encrypted. Encryption, then use the sub-key K 2 r-1 key to encrypt, then use the sub-key K 1 r to decrypt, and then use the sub-key K 2 r key to decrypt, loop N times; the decryptor will use the sub-key K 1 r to decrypt The encrypted file is encrypted with the key K 2 r key, encrypted with the sub-key K 1 r key, decrypted with the sub-key K 2 r-1 key, and then encrypted with the sub-key K 1 r key -1 key to decrypt, loop N times, and finally get the plaintext before encryption. where the number of times N is itself calculated from the original keys K1 and K2 . After each round of encryption and decryption, the sub-keys K 1 N and K 2 N will be deformed.

其中K1 r-1、K2 r-1→K1 r、K2 r,中间子密钥的更新方式如下:Wherein K 1 r-1 , K 2 r-1 → K 1 r , K 2 r , the update method of the intermediate subkey is as follows:

每次将相关的子密钥和原始密钥K2对应的一个随机质数R(由于K2为远端更新的公钥,可同时保存并对应一个足够大的随机质数)进行如下运算:Each time a random prime number R corresponding to the relevant sub-key and the original key K 2 (because K 2 is the public key updated remotely, it can be stored at the same time and corresponds to a sufficiently large random prime number) to perform the following operations:

1、将K1、K2进行转置为对应矩阵J1、J21. Transpose K 1 and K 2 into corresponding matrices J 1 and J 2 .

2、子密钥更新时将K1 r-1、K2 r-1与矩阵J2 r-1、J1 r-1分别进行异或(⊕)操作,从而得到K1 r、K2 r2. When the sub-key is updated, perform exclusive OR (⊕) operations on K 1 r-1 and K 2 r-1 with matrices J 2 r-1 and J 1 r-1 respectively, so as to obtain K 1 r and K 2 r .

3、将J2 r-1、J1 r-1分别按如下规则进行向左循环位移:3. Rotate J 2 r-1 and J 1 r-1 to the left according to the following rules:

最后一行保持不变,倒数第二行、倒数第三行、倒数第四行的位移偏移量分别是1位、2位、4位,依次递增,从而获得J2 r、J1 rThe last line remains unchanged, and the displacement offsets of the second-to-last line, the third-to-last line, and the fourth-to-last line are respectively 1 bit, 2 bits, and 4 bits, which are incremented in turn to obtain J 2 r and J 1 r ;

或采用如下方法进一步提升加密强度:Or use the following methods to further enhance the encryption strength:

最后一行保持不变,最后一列保持不变,倒数第二行的向左循环位移偏移量为1位,倒数第二列的向上循环位移偏移量为1位,倒数第三行的向左循环位移偏移量为2位,倒数第三列的向上循环位移偏移量为2位,倒数第四行的向左循环位移偏移量为4位,倒数第三列的向上循环位移偏移量为4位,依次递增,从而获得J2 r、J1 rThe last row remains the same, the last column remains the same, the second-to-last row has a left circular shift offset of 1 bit, the second-to-last column has an upward circular shift offset of 1 bit, and the third-to-last row has a left rotation offset of 1 bit. The circular displacement offset is 2 bits, the upward circular displacement offset of the third to last column is 2 bits, the left circular displacement offset of the fourth to last row is 4 bits, and the upward circular displacement offset of the third to last column is The quantity is 4 bits, which are incremented in turn to obtain J 2 r and J 1 r ;

上述操作完成后,即为下一次子密钥更新做好了准备。After the above operations are completed, it is ready for the next subkey update.

其中N次可取原始密钥K1和K2的前8位和后8位与值,取余后获得小于16次或8次的数(建议大于3)。(N=K1⊙K2)Among them, the first 8 bits and the last 8 bits of the original keys K 1 and K 2 can be taken for N times and the value, and the number less than 16 times or 8 times can be obtained after the remainder (more than 3 is recommended). (N=K 1 ⊙K 2 )

算法中的外源性输入密钥只有原始密钥K1和K2。后续子密钥均为原始密钥进行运算后生成,极大降低了密码保存难度和记忆难度,同时不降低加密程度。The only exogenous input keys in the algorithm are the original keys K 1 and K 2 . Subsequent subkeys are generated after the operation of the original key, which greatly reduces the difficulty of password preservation and memory, and does not reduce the degree of encryption.

二、密钥文件格式。Second, the key file format.

密钥文件格式如下表所示:The key file format is shown in the following table:

Figure BDA0003014545860000081
Figure BDA0003014545860000081

密钥文件由四部分组成:当前密钥版本号、分隔符、更新时间、密钥中心ID与密钥串。公共密钥的每一次变更都会在密钥文件中生成一个版本号,并记录下来。密钥文件存储了当前使用的最新版本的密钥串,密钥中心则保留所有密钥串记录。密钥串采用128位以上长度,确保目前的任何解密算法与设备都无法在有限的时间内破解。为确保传输过程的安全性密钥文件本身也会进行加密处理,这样密钥文件分发过程也是安全的。The key file consists of four parts: current key version number, separator, update time, key center ID and key string. Every change to the public key generates a version number in the key file and records it. The key file stores the latest version of the key string currently used, and the key center keeps all key string records. The length of the key string is more than 128 bits to ensure that any current decryption algorithm and equipment cannot be cracked within a limited time. To ensure the security of the transmission process, the key file itself will also be encrypted, so that the key file distribution process is also secure.

三、加密数据格式。3. Encrypted data format.

加密数据格式如下表所示:The encrypted data format is shown in the following table:

Figure BDA0003014545860000082
Figure BDA0003014545860000082

加密数据也由四部分组成:当前密钥版本号、分隔符、更新时间、密钥中心ID与加密后的数据。其中密钥版本号表示该加密数据使用的密钥版本(或约定公钥)。The encrypted data also consists of four parts: current key version number, separator, update time, key center ID and encrypted data. The key version number indicates the key version (or the agreed public key) used by the encrypted data.

四、加解密API。Fourth, encryption and decryption API.

本实施例提供了统一的加密、解密API,提供对明文文件的高加密低破解能力、以及解密加密文件的校验记录能力。This embodiment provides a unified encryption and decryption API, provides high encryption and low cracking capability for plaintext files, and verification record capability for decrypting encrypted files.

针对加密API,其数据加密方法的流程如图3所示:For the encryption API, the flow of its data encryption method is shown in Figure 3:

(1)加密API获取输入的需要加密的数据。(1) The encryption API obtains the input data that needs to be encrypted.

(2)向加密中心申请加密请求,根据反馈的信息判断是否为合法用户,如是,则开始进行加密。(2) Apply to the encryption center for an encryption request, and determine whether it is a legitimate user according to the feedback information, and if so, start encryption.

(3)加密中心记录请求记录,并向加密方传输时间、公钥和加密中心ID等信息,传输中同样使用加密手段对传输内容进行加密。(3) The encryption center records the request record, and transmits information such as time, public key, and encryption center ID to the encryption party. The transmission content is also encrypted by means of encryption.

(4)加密API使用获得的公钥和使用方录入添加的私钥进行计算,得到循环次数N和生成的子钥Kn,自动使用生成的子钥对明文进行循环加密(可以对整段明文进行多次加密,或者将明文分段,不同段分别使用子钥进行加密)。(4) The encryption API uses the obtained public key and the private key added by the user to calculate, obtains the number of cycles N and the generated subkey Kn, and automatically uses the generated subkey to cyclically encrypt the plaintext (the entire plaintext can be cyclically encrypted). Encrypt multiple times, or segment the plaintext, and use subkeys to encrypt different segments).

(5)当循环次数N递减至0次,加密结束,得到密文。(5) When the number of cycles N decreases to 0, the encryption ends, and the ciphertext is obtained.

针对解密API,其数据解密方法的流程如图4所示:For the decryption API, the flow of its data decryption method is shown in Figure 4:

(1)根据输入的密文数据,解析其头部的密钥版本号信息等信息。(1) According to the input ciphertext data, parse the key version number information and other information in the header.

(2)向加密中心申请解密请求,根据反馈的信息判断是否为合法用户,如是,则开始进行解密。(2) Apply to the encryption center for a decryption request, and determine whether it is a legitimate user according to the feedback information, and if so, start decrypting.

(3)加密中心记录请求记录,并向加密方传输时间、公钥和加密中心ID等信息,传输中同样使用加密手段对传输内容进行加密。(3) The encryption center records the request record, and transmits information such as time, public key, and encryption center ID to the encryption party. The transmission content is also encrypted by means of encryption.

(4)解密API使用获得的公钥和使用方录入添加的私钥进行计算,得到循环次数N和生成的子钥Kn,自动使用生成的子钥对密文进行循环解密(可以对整段密文进行多次解密,或者将密文按照相应分段,分别使用子钥进行解密)。(4) The decryption API uses the obtained public key and the private key added by the user to calculate, obtains the number of cycles N and the generated sub-key Kn, and automatically uses the generated sub-key to decrypt the ciphertext cyclically (the entire encrypted segment can be decrypted cyclically). The ciphertext is decrypted multiple times, or the ciphertext is decrypted according to the corresponding sub-keys).

(5)当循环次数N递减至0次,解密结束,得到明文。(5) When the number of cycles N decreases to 0, the decryption ends and the plaintext is obtained.

五、透明可信赖的密钥变更方法。5. Transparent and reliable key change method.

基于以上密钥文件格式、加密数据格式、加解密API设计,即可实现透明可信赖的密钥变更机制,密钥跳变后无需重新刷新原有加密数据,实现了新老版本密钥无缝衔接。Based on the above key file format, encrypted data format, and encryption and decryption API design, a transparent and reliable key change mechanism can be realized. After the key is changed, there is no need to refresh the original encrypted data, and the new and old version keys can be seamlessly articulate.

基于上述密钥文件格式、加密数据格式、加解密API设计,即可实现对所加密的文件的历史可追踪。所有加解密操作均会向密钥中心进行操作请求(如无网络,则采用最近一次时间+公钥+密钥中心ID的方式操作)。因此每一次操作均会在密钥中心进行记录留存(除无法连接网络的情况外),有效的提高了数据加密的安全性,为可靠的数据流向提供了保证。Based on the above key file format, encrypted data format, and encryption/decryption API design, the history of encrypted files can be traced. All encryption and decryption operations will make operation requests to the key center (if there is no network, the operation will be performed in the method of the latest time + public key + key center ID). Therefore, each operation will be recorded in the key center (except when the network cannot be connected), which effectively improves the security of data encryption and provides a guarantee for reliable data flow.

通过巧妙的密钥文件、加密数据格式设计,提供了加密解密操作的透明化,同时提供了数据流向的可追踪性,降低了数据泄密时的追查难度。同时无需对变更前密钥加密的数据进行批量刷新操作,实现了新老版本密钥无缝衔接。Through ingenious key file and encrypted data format design, it provides transparency of encryption and decryption operations, and at the same time provides traceability of data flow, which reduces the difficulty of tracing data leakage. At the same time, there is no need to perform a batch refresh operation on the data encrypted by the key before the change, which realizes the seamless connection between the new and old version keys.

本实施例解决了现有算法的加密强度无法面对日益强大的计算机性能所带来的破解难题,极大提升了机密数据的破解难度。同时由于对大量加密数据做密钥更新时工作量大、容易出错,新老版本密钥管理的繁琐操作,提高了数据安全性,同时解决了现有技术复杂的操作步骤问题,避免了密钥错误容易导致元素数据再也无法恢复的难题问题。同时对于机密数据,可以追踪其数据流向,一旦发生密文泄密,可以立即阻断其使用和流通。This embodiment solves the problem that the encryption strength of the existing algorithm cannot face the cracking problem caused by the increasingly powerful computer performance, and greatly improves the cracking difficulty of the confidential data. At the same time, due to the heavy workload and error-prone key update for a large amount of encrypted data, the tedious operation of key management of new and old versions improves data security, and at the same time solves the problem of complex operation steps in the prior art and avoids the need for keys Errors can easily lead to difficult problems where element data can never be recovered. At the same time, for confidential data, the data flow can be tracked, and once the ciphertext is leaked, its use and circulation can be blocked immediately.

图5是本申请一个实施例提供的数据加密装置的结构示意图,如图5所示,该数据加密装置,包括:FIG. 5 is a schematic structural diagram of a data encryption device provided by an embodiment of the present application. As shown in FIG. 5 , the data encryption device includes:

获取模块501,用于获取用户输入的明文数据;an acquisition module 501, configured to acquire plaintext data input by a user;

发送模块502,用于在验证用户合法后,向密钥中心发送加密请求;The sending module 502 is configured to send an encryption request to the key center after verifying that the user is legal;

接收模块503,用于接收密钥中心发送的密钥时间、公钥和密钥中心标识信息;The receiving module 503 is used to receive the key time, public key and key center identification information sent by the key center;

确定模块504,用于基于密钥时间、公钥、密钥中心标识信息和预设的私钥,确定加密循环次数及分别对应的子密钥;A determination module 504, configured to determine the number of encryption cycles and the corresponding sub-keys based on the key time, the public key, the key center identification information and the preset private key;

加密模块505,用于利用各个子密钥对明文数据进行循环加密直至达到加密循环次数,得到明文数据对应的密文数据。The encryption module 505 is configured to cyclically encrypt the plaintext data by using each subkey until the number of encryption cycles is reached, and obtain ciphertext data corresponding to the plaintext data.

在一个实施例中,发送模块502,还用于向密钥中心发送解密请求;接收模块503,还用于接收密钥中心发送的密钥时间、公钥和密钥中心标识信息;确定模块504,还用于基于密钥时间、公钥、密钥中心标识信息和预设的私钥,确定解密循环次数及分别对应的子密钥;解密模块,用于利用各个子密钥对密文数据进行循环解密直至达到解密循环次数,得到明文数据。In one embodiment, the sending module 502 is further configured to send a decryption request to the key center; the receiving module 503 is further configured to receive the key time, public key and key center identification information sent by the key center; the determining module 504 , and is also used to determine the number of decryption cycles and the corresponding sub-keys based on the key time, public key, key center identification information and preset private key; the decryption module is used to use each sub-key to pair the ciphertext data Perform cyclic decryption until the number of decryption cycles is reached to obtain plaintext data.

在一个实施例中,加密模块505,用于对明文数据进行分段,得到明文数据片段;利用各个子密钥对明文数据片段进行循环加密直至达到加密循环次数,得到密文数据。In one embodiment, the encryption module 505 is used for segmenting plaintext data to obtain plaintext data segments; using each subkey to cyclically encrypt the plaintext data segments until the number of encryption cycles is reached to obtain ciphertext data.

在一个实施例中,装置还包括:更新模块,用于基于矩阵化转换,更新子密钥。In one embodiment, the apparatus further includes: an update module, configured to update the subkey based on the matrix transformation.

在一个实施例中,接收模块503,用于接收密钥中心发送的加密后的密钥时间、公钥和密钥中心标识信息。In one embodiment, the receiving module 503 is configured to receive the encrypted key time, public key and key center identification information sent by the key center.

在一个实施例中,公钥包括当前密钥版本号、分隔符、更新时间、密钥中心标识信息与密钥串。In one embodiment, the public key includes the current key version number, separator, update time, key center identification information and key string.

在一个实施例中,密文数据包括当前密钥版本号、分隔符、更新时间、密钥中心标识信息与加密后的数据。In one embodiment, the ciphertext data includes the current key version number, separator, update time, key center identification information, and encrypted data.

图5所示装置中的各个模块/单元具有实现图2中各个步骤的功能,并能达到其相应的技术效果,为简洁描述,在此不再赘述。Each module/unit in the device shown in FIG. 5 has the function of implementing each step in FIG. 2 and can achieve its corresponding technical effect, and is not repeated here for the sake of brevity.

图6示出了本申请实施例提供的电子设备的结构示意图。FIG. 6 shows a schematic structural diagram of an electronic device provided by an embodiment of the present application.

电子设备可以包括处理器601以及存储有计算机程序指令的存储器602。The electronic device may include a processor 601 and a memory 602 storing computer program instructions.

具体地,上述处理器601可以包括中央处理器(CPU),或者特定集成电路(Application Specific Integrated Circuit,ASIC),或者可以被配置成实施本申请实施例的一个或多个集成电路。Specifically, the above-mentioned processor 601 may include a central processing unit (CPU), or a specific integrated circuit (Application Specific Integrated Circuit, ASIC), or may be configured as one or more integrated circuits implementing the embodiments of the present application.

存储器602可以包括用于数据或指令的大容量存储器。举例来说而非限制,存储器602可包括硬盘驱动器(Hard Disk Drive,HDD)、软盘驱动器、闪存、光盘、磁光盘、磁带或通用串行总线(Universal Serial Bus,USB)驱动器或者两个或更多个以上这些的组合。在合适的情况下,存储器602可包括可移除或不可移除(或固定)的介质。在合适的情况下,存储器602可在电子设备的内部或外部。在特定实施例中,存储器602可以是非易失性固态存储器。Memory 602 may include mass storage for data or instructions. By way of example and not limitation, memory 602 may include a Hard Disk Drive (HDD), a floppy disk drive, flash memory, optical disk, magneto-optical disk, magnetic tape, or Universal Serial Bus (USB) drive or two or more A combination of more than one of the above. Memory 602 may include removable or non-removable (or fixed) media, where appropriate. Memory 602 may be internal or external to the electronic device, where appropriate. In certain embodiments, memory 602 may be non-volatile solid state memory.

在一个实例中,存储器602可以是只读存储器(Read Only Memory,ROM)。在一个实例中,该ROM可以是掩模编程的ROM、可编程ROM(PROM)、可擦除PROM(EPROM)、电可擦除PROM(EEPROM)、电可改写ROM(EAROM)或闪存或者两个或更多个以上这些的组合。In one example, the memory 602 may be a read only memory (ROM). In one example, the ROM may be a mask programmed ROM, programmable ROM (PROM), erasable PROM (EPROM), electrically erasable PROM (EEPROM), electrically rewritable ROM (EAROM), or flash memory or both A combination of one or more of the above.

处理器601通过读取并执行存储器602中存储的计算机程序指令,以实现上述实施例中的任意一种数据加密方法。The processor 601 implements any one of the data encryption methods in the foregoing embodiments by reading and executing the computer program instructions stored in the memory 602 .

在一个示例中,电子设备还可包括通信接口603和总线610。其中,如图6所示,处理器601、存储器602、通信接口603通过总线610连接并完成相互间的通信。In one example, the electronic device may also include a communication interface 603 and a bus 610 . Among them, as shown in FIG. 6 , the processor 601 , the memory 602 , and the communication interface 603 are connected through the bus 610 and complete the mutual communication.

通信接口603,主要用于实现本申请实施例中各模块、装置、单元和/或设备之间的通信。The communication interface 603 is mainly used to implement communication between modules, apparatuses, units and/or devices in the embodiments of the present application.

总线610包括硬件、软件或两者,将电子设备的部件彼此耦接在一起。举例来说而非限制,总线可包括加速图形端口(AGP)或其他图形总线、增强工业标准架构(EISA)总线、前端总线(FSB)、超传输(HT)互连、工业标准架构(ISA)总线、无限带宽互连、低引脚数(LPC)总线、存储器总线、微信道架构(MCA)总线、外围组件互连(PCI)总线、PCI-Express(PCI-X)总线、串行高级技术附件(SATA)总线、视频电子标准协会局部(VLB)总线或其他合适的总线或者两个或更多个以上这些的组合。在合适的情况下,总线610可包括一个或多个总线。尽管本申请实施例描述和示出了特定的总线,但本申请考虑任何合适的总线或互连。The bus 610 includes hardware, software, or both, coupling the components of the electronic device to each other. By way of example and not limitation, the bus may include Accelerated Graphics Port (AGP) or other graphics bus, Enhanced Industry Standard Architecture (EISA) bus, Front Side Bus (FSB), HyperTransport (HT) Interconnect, Industry Standard Architecture (ISA) Bus, Infiniband Interconnect, Low Pin Count (LPC) Bus, Memory Bus, Microchannel Architecture (MCA) Bus, Peripheral Component Interconnect (PCI) Bus, PCI-Express (PCI-X) Bus, Serial Advanced Technology Attachment (SATA) bus, Video Electronics Standards Association Local (VLB) bus or other suitable bus or a combination of two or more of the above. Bus 610 may include one or more buses, where appropriate. Although embodiments of this application describe and illustrate a particular bus, this application contemplates any suitable bus or interconnect.

另外,本申请实施例可提供一种计算机存储介质来实现。该计算机存储介质上存储有计算机程序指令;该计算机程序指令被处理器执行时实现上述实施例中的任意一种数据加密方法。In addition, the embodiments of the present application may be implemented by providing a computer storage medium. Computer program instructions are stored on the computer storage medium; when the computer program instructions are executed by the processor, any one of the data encryption methods in the foregoing embodiments is implemented.

需要明确的是,本申请并不局限于上文所描述并在图中示出的特定配置和处理。为了简明起见,这里省略了对已知方法的详细描述。在上述实施例中,描述和示出了若干具体的步骤作为示例。但是,本申请的方法过程并不限于所描述和示出的具体步骤,本领域的技术人员可以在领会本申请的精神后,作出各种改变、修改和添加,或者改变步骤之间的顺序。To be clear, the present application is not limited to the specific configurations and processes described above and illustrated in the figures. For the sake of brevity, detailed descriptions of known methods are omitted here. In the above-described embodiments, several specific steps are described and shown as examples. However, the method process of the present application is not limited to the specific steps described and shown, and those skilled in the art can make various changes, modifications and additions, or change the sequence of steps after comprehending the spirit of the present application.

以上所述的结构框图中所示的功能模块可以实现为硬件、软件、固件或者它们的组合。当以硬件方式实现时,其可以例如是电子电路、专用集成电路(ASIC)、适当的固件、插件、功能卡等等。当以软件方式实现时,本申请的元素是被用于执行所需任务的程序或者代码段。程序或者代码段可以存储在机器可读介质中,或者通过载波中携带的数据信号在传输介质或者通信链路上传送。“机器可读介质”可以包括能够存储或传输信息的任何介质。机器可读介质的例子包括电子电路、半导体存储器设备、ROM、闪存、可擦除ROM(EROM)、软盘、CD-ROM、光盘、硬盘、光纤介质、射频(RF)链路,等等。代码段可以经由诸如因特网、内联网等的计算机网络被下载。The functional modules shown in the above-mentioned structural block diagrams can be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an application specific integrated circuit (ASIC), suitable firmware, a plug-in, a function card, or the like. When implemented in software, elements of the present application are programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine-readable medium or transmitted over a transmission medium or communication link by a data signal carried in a carrier wave. A "machine-readable medium" may include any medium that can store or transmit information. Examples of machine-readable media include electronic circuits, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, radio frequency (RF) links, and the like. The code segments may be downloaded via a computer network such as the Internet, an intranet, or the like.

还需要说明的是,本申请中提及的示例性实施例,基于一系列的步骤或者装置描述一些方法或系统。但是,本申请不局限于上述步骤的顺序,也就是说,可以按照实施例中提及的顺序执行步骤,也可以不同于实施例中的顺序,或者若干步骤同时执行。It should also be noted that the exemplary embodiments mentioned in this application describe some methods or systems based on a series of steps or devices. However, the present application is not limited to the order of the above steps, that is, the steps may be performed in the order mentioned in the embodiment, or may be different from the order in the embodiment, or several steps may be performed simultaneously.

上面参考根据本申请的实施例的方法、装置(系统)和计算机程序产品的流程图和/或框图描述了本申请的各方面。应当理解,流程图和/或框图中的每个方框以及流程图和/或框图中各方框的组合可以由计算机程序指令实现。这些计算机程序指令可被提供给通用计算机、专用计算机、或其它可编程数据处理装置的处理器,以产生一种机器,使得经由计算机或其它可编程数据处理装置的处理器执行的这些指令使能对流程图和/或框图的一个或多个方框中指定的功能/动作的实现。这种处理器可以是但不限于是通用处理器、专用处理器、特殊应用处理器或者现场可编程逻辑电路。还可理解,框图和/或流程图中的每个方框以及框图和/或流程图中的方框的组合,也可以由执行指定的功能或动作的专用硬件来实现,或可由专用硬件和计算机指令的组合来实现。Aspects of the present application are described above with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the present application. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine such that execution of the instructions via the processor of the computer or other programmable data processing apparatus enables the Implementation of the functions/acts specified in one or more blocks of the flowchart and/or block diagrams. Such processors may be, but are not limited to, general purpose processors, special purpose processors, application specific processors, or field programmable logic circuits. It will also be understood that each block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can also be implemented by special purpose hardware that performs the specified functions or actions, or that special purpose hardware and/or A combination of computer instructions is implemented.

以上所述,仅为本申请的具体实施方式,所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,上述描述的系统、模块和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。应理解,本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到各种等效的修改或替换,这些修改或替换都应涵盖在本申请的保护范围之内。The above are only specific implementations of the present application. Those skilled in the art can clearly understand that, for the convenience and brevity of description, the specific working process of the above-described systems, modules and units may refer to the foregoing method embodiments. The corresponding process in , will not be repeated here. It should be understood that the protection scope of the present application is not limited to this. Any person skilled in the art can easily think of various equivalent modifications or replacements within the technical scope disclosed in the present application, and these modifications or replacements should all cover within the scope of protection of this application.

Claims (10)

1. A method for data encryption, comprising:
acquiring plaintext data input by a user;
after verifying that the user is legal, sending an encryption request to a key center;
receiving the key time, the public key and the key center identification information sent by the key center;
determining encryption cycle times and corresponding sub-keys respectively based on the key time, the public key, the key center identification information and a preset private key;
and circularly encrypting the plaintext data by using each sub-key until the encryption cycle number is reached to obtain ciphertext data corresponding to the plaintext data.
2. The data encryption method according to claim 1, wherein after the plaintext data is circularly encrypted by using each of the subkeys until the number of encryption cycles is reached to obtain ciphertext data corresponding to the plaintext data, the method further comprises:
sending a decryption request to the key center;
receiving the key time, the public key and the key center identification information sent by the key center;
determining the decryption cycle times and corresponding sub-keys respectively based on the key time, the public key, the key center identification information and a preset private key;
and circularly decrypting the ciphertext data by utilizing each sub-key until the decryption circulation times are reached to obtain the plaintext data.
3. The data encryption method according to claim 1, wherein the circularly encrypting the plaintext data by using each of the subkeys until the number of encryption cycles is reached to obtain ciphertext data corresponding to the plaintext data comprises:
segmenting the plaintext data to obtain plaintext data segments;
and circularly encrypting the plaintext data segments by using each sub-key until the encryption cycle number is reached to obtain the ciphertext data.
4. The data encryption method according to claim 1, wherein after determining the number of encryption cycles and the corresponding sub-keys based on the key time, the public key, the key center identification information, and a preset private key, the method further comprises:
updating the subkey based on the matrixing conversion.
5. The data encryption method according to claim 1, wherein the receiving the key time, the public key and the key center identification information sent by the key center comprises:
and receiving the encrypted key time, the public key and the key center identification information sent by the key center.
6. The data encryption method according to claim 1, wherein the public key includes a current key version number, a delimiter, an update time, key center identification information, and a key string.
7. The data encryption method according to claim 1, wherein the ciphertext data comprises a current key version number, a delimiter, an update time, key center identification information, and encrypted data.
8. A data encryption apparatus, comprising:
the acquisition module is used for acquiring plaintext data input by a user;
the sending module is used for sending an encryption request to the key center after verifying that the user is legal;
the receiving module is used for receiving the key time, the public key and the key center identification information sent by the key center;
the determining module is used for determining encryption cycle times and sub-keys corresponding to the encryption cycle times respectively based on the key time, the public key, the key center identification information and a preset private key;
and the encryption module is used for circularly encrypting the plaintext data by utilizing each sub-key until the encryption circulation times are reached to obtain ciphertext data corresponding to the plaintext data.
9. An electronic device, characterized in that the electronic device comprises: a processor and a memory storing computer program instructions;
the processor, when executing the computer program instructions, implements a data encryption method as claimed in any one of claims 1 to 7.
10. A computer storage medium having computer program instructions stored thereon which, when executed by a processor, implement a data encryption method as claimed in any one of claims 1 to 7.
CN202110385380.5A 2021-04-09 2021-04-09 Data encryption method and device, electronic equipment and computer storage medium Pending CN115208557A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110385380.5A CN115208557A (en) 2021-04-09 2021-04-09 Data encryption method and device, electronic equipment and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110385380.5A CN115208557A (en) 2021-04-09 2021-04-09 Data encryption method and device, electronic equipment and computer storage medium

Publications (1)

Publication Number Publication Date
CN115208557A true CN115208557A (en) 2022-10-18

Family

ID=83571040

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110385380.5A Pending CN115208557A (en) 2021-04-09 2021-04-09 Data encryption method and device, electronic equipment and computer storage medium

Country Status (1)

Country Link
CN (1) CN115208557A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115834791A (en) * 2023-02-03 2023-03-21 徐工汉云技术股份有限公司 Image encryption and decryption transmission method using matrix key and electronic equipment
CN116614806A (en) * 2023-07-18 2023-08-18 荣耀终端有限公司 Bluetooth pairing method and device, electronic equipment and storage medium
CN117294514A (en) * 2023-10-18 2023-12-26 天翼数字生活科技有限公司 Data transmission encryption and decryption method and device, electronic equipment and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080080709A1 (en) * 1999-04-27 2008-04-03 Antibody Software Inc. Method for encrypting information and device for realization of the method
US20100241847A1 (en) * 2009-03-17 2010-09-23 Brigham Young University Encrypted email based upon trusted overlays
US20160373249A1 (en) * 2014-09-23 2016-12-22 Shenzhen Huiding Technology Co., Ltd. Encryption method and encryption device
CN108234112A (en) * 2016-12-14 2018-06-29 中国移动通信集团安徽有限公司 Data encryption and decryption method and system
CN108520183A (en) * 2018-04-13 2018-09-11 杭州橙鹰数据技术有限公司 A kind of date storage method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080080709A1 (en) * 1999-04-27 2008-04-03 Antibody Software Inc. Method for encrypting information and device for realization of the method
US20100241847A1 (en) * 2009-03-17 2010-09-23 Brigham Young University Encrypted email based upon trusted overlays
US20160373249A1 (en) * 2014-09-23 2016-12-22 Shenzhen Huiding Technology Co., Ltd. Encryption method and encryption device
CN108234112A (en) * 2016-12-14 2018-06-29 中国移动通信集团安徽有限公司 Data encryption and decryption method and system
CN108520183A (en) * 2018-04-13 2018-09-11 杭州橙鹰数据技术有限公司 A kind of date storage method and device

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115834791A (en) * 2023-02-03 2023-03-21 徐工汉云技术股份有限公司 Image encryption and decryption transmission method using matrix key and electronic equipment
CN116614806A (en) * 2023-07-18 2023-08-18 荣耀终端有限公司 Bluetooth pairing method and device, electronic equipment and storage medium
CN116614806B (en) * 2023-07-18 2023-10-20 荣耀终端有限公司 Bluetooth pairing method and device, electronic equipment and storage medium
CN117294514A (en) * 2023-10-18 2023-12-26 天翼数字生活科技有限公司 Data transmission encryption and decryption method and device, electronic equipment and medium

Similar Documents

Publication Publication Date Title
TWI809292B (en) Data encryption and decryption method, device, storage medium and encrypted file
US7571320B2 (en) Circuit and method for providing secure communications between devices
CN101828357B (en) Credential provisioning method and device
US10298390B2 (en) Integrity protected trusted public key token with performance enhancements
CN103546289B (en) USB (universal serial bus) Key based secure data transmission method and system
CN1985466B (en) Method of delivering direct evidence private key to device by signing group using distribution CD
CN105207772B (en) It safely exchanges the encryption method of message and realizes the equipment and system of this method
CN115208557A (en) Data encryption method and device, electronic equipment and computer storage medium
CN111127015B (en) Transaction data processing method and device, trusted application and electronic device
CN104200156A (en) Trusted cryptosystem based on Loongson processor
CN117857060B (en) Two-dimensional code offline verification method, system and storage medium
CN113890731B (en) Key management method, device, electronic equipment and storage medium
CN111526007B (en) Random number generation method and system
CN114499857A (en) Method for realizing data correctness and consistency in big data quantum encryption and decryption
CN114389793A (en) Method, apparatus, device and computer storage medium for session key verification
CN113408013A (en) Encryption and decryption chip framework with multiple algorithm rules mixed
US11909893B2 (en) Composite encryption across cryptographic algorithms
JP2019125956A (en) Key exchange method, key exchange system, key exchange server device, communication device, and program
US10057054B2 (en) Method and system for remotely keyed encrypting/decrypting data with prior checking a token
US10382199B2 (en) Keyword to set minimum key strength
CN111817856A (en) Identity authentication method and authentication system based on zero-knowledge proof and password technology
CN114374519B (en) Data transmission method, system and equipment
CN113422753B (en) Data processing method, device, electronic equipment and computer storage medium
CN115987500A (en) Data safety transmission method and system based on industrial equipment data acquisition
CN114978711A (en) Data transmission method and system for symmetric encryption of dynamic secret key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination