CN116015657A

CN116015657A - File encryption method and system based on zero code, electronic equipment and storage medium

Info

Publication number: CN116015657A
Application number: CN202211693796.4A
Authority: CN
Inventors: 姚芃
Original assignee: Shanghai Wanqi Mingdao Software Co ltd
Current assignee: Shanghai Wanqi Mingdao Software Co ltd
Priority date: 2022-12-28
Filing date: 2022-12-28
Publication date: 2023-04-25

Abstract

The disclosure relates to a file encryption method, a system, an electronic device and a storage medium based on zero codes, wherein the method comprises the following steps: performing zip compression and encryption on the original file stream; generating a first AES key by using the current timestamp, the machine id, the system process id and the natural number; storing a first AES key in a header of the generated partially encrypted file stream; the order of the file streams is confused; generating a file stream check code for the file stream after the confusion sequence; encrypting the first AES key to obtain a second AES key; storing the generated file stream check code and the second AES key in the header of the file stream; again obfuscating the order of the file streams; encrypting the user source information; storing the encrypted user source information in the header of the file stream; again obfuscating the order of the file streams; cutting the whole file stream according to the designated size and encrypting the whole file stream in sections; and merging and outputting. The method and the device can improve data security, relieve server pressure and reduce the operation cost of clients across platforms.

Description

File encryption method and system based on zero code, electronic equipment and storage medium

Technical Field

The disclosure relates to the field of data encryption, in particular to a file encryption method, a system, electronic equipment and a storage medium based on zero codes.

Background

In the cloud platform system, the cross-environment transfer of the application function configuration is needed to be realized, the cross-environment and cross-cloud platform access is realized, the local file is needed to be generated, and the file contains important data of a business partner, so that encryption in a special mode is needed to be carried out, and a file mdy encrypted in a special format which cannot be cracked is generated and is used for implementing the digital service of the business partner; the business partner client takes mdy the encrypted file, does not need repeated application function configuration work, and can be imported into the system for use.

The current mainstream encryption method comprises the following steps: compressing the file by using zip, and setting a password for the compressed file; processing through complex data exchange algorithm logic; directly generating a secret key in a file, and carrying out shell processing on the file in order to prevent decompilation; dongle software is purchased on the market.

However, the above method has the following disadvantages: the zip compressed file can be directly decompressed by software, and even if a password is set for the compressed file, the file can be violently cracked in an exhaustive manner; the files processed through complex data exchange can be restored to the algorithm logic by a cracker through a software debugging technology, so that encrypted files are obtained; there are also many tools for "shelling" the processed files, so conventional shelling methods do not prevent data from being stolen; the dongle is protected in a dongle mode, so that on one hand, the dongle is high in cost and poor in implementation usability, and on the other hand, a certain brand of dongle is vulnerable to holes or cracked, and all software and data using the brand are at risk.

Therefore, there is an urgent need to provide a file encryption method, an encryption system, an electronic device, and a storage medium, so as to increase the difficulty of file cracking, thereby improving data security.

Disclosure of Invention

The disclosure provides a file encryption method, system, electronic device and storage medium based on zero codes, so as to at least solve at least one technical problem existing in the background art.

In a preferred embodiment of the present disclosure, a method for encrypting a file based on zero code is provided, where the method includes:

coding the loaded service data in the zero code system to obtain an original file stream;

performing zip compression and encryption on the original file stream to obtain a partially encrypted file stream;

generating a first AES key by using the current timestamp, the machine id, the system process id and the natural number;

storing the first AES key in a header of the generated partially encrypted file stream;

the order of the file streams is confused for the first time;

generating a file stream hash code for the file stream after the first confusion sequence, and performing hexadecimal conversion to obtain a file stream check code;

encrypting the first AES key to obtain a second AES key;

storing the generated file stream check code and the second AES key in the header of the file stream after the first confusion sequence;

the order of the file streams is confused for the second time;

encrypting the user source information;

storing the encrypted user source information in the header of the file stream after the second confusion sequence;

the order of the file streams is confused for the third time;

cutting the whole file stream after the third confusion sequence according to the appointed size, and encrypting in segments;

and merging the file streams after the segmented encryption to generate a complete encrypted file stream and outputting the complete encrypted file stream.

Further, the coding of the service data loaded in the zero code system specifically refers to: and coding the service data loaded in the zero code system according to a default coding mode of Microsoft. NET.

Further, the step of performing zip compression and encryption on the original file stream specifically includes:

generating different enumeration values aiming at different service data, wherein the enumeration values are designated json character strings generated based on service modules in a zero code system, and the designated json character strings comprise worksheets, workflows, application roles and reports;

mixing the enumerated values into the original file stream, and performing zip compression and encryption on the original file stream by combining an LZ77 algorithm and a Huffman algorithm to generate a partially encrypted file stream.

Further, the generating the first AES key using the current timestamp, the machine id, the system process id, and the natural number specifically refers to: and adding a natural number to the read current timestamp of the server operating system, the machine id of the host machine and the process id of the current system program running in the server operating system to generate a string of character strings, and taking the generated character strings as a first AES key.

Further, the encrypting the first AES key specifically means: the first AES key is AES self-encrypted once and MD5 encrypted twice.

Further, the encrypted user source information specifically refers to: AES encryption and RSA asymmetric encryption are performed once on the user source information.

Further, the encrypting user source information specifically includes the following steps:

generating a string of identity information aiming at information of different users and different sources, wherein the identity information comprises a system organization id, a source id, version information, a time stamp and an encrypted file use password;

generating a public key and a private key of an RSA algorithm, and storing the public key and the private key in a zero code system;

encrypting the second AES key by using the generated private key of the RSA algorithm to obtain a third AES key;

storing the third AES key in the header of the stream of files after the second obfuscation sequence;

performing one-time AES encryption on the generated identity information by using a third AES key;

and encrypting the generated identity information by using the generated public key and private key of the RSA algorithm for one time.

Further, the segment encryption specifically means that each segment of file stream after the segmentation is subjected to AES encryption by using the second AES key.

In a preferred embodiment of the present disclosure, the embodiment of the present application further provides a file encryption system based on zero code, including:

the zip compression module is used for encoding the loaded service data in the zero code system to obtain an original file stream; performing zip compression and encryption on the original file stream to obtain a partially encrypted file stream;

the first AES key generation module is used for generating a first AES key by using the current time stamp, the machine id, the system process id and the natural number; storing the first AES key generated by the first AES key generation module in the head of the file stream generated by the zip compression module;

the first confusion module is used for confusing the sequence of the file streams for the first time;

the file stream check code generation module is used for generating a file stream hash code for the file stream generated by the first confusion module and performing hexadecimal conversion to obtain the file stream check code; storing the file stream check code in the header of the file stream generated by the first confusion module;

the second AES key generation module is used for encrypting the first AES key to obtain a second AES key; storing a second AES key in a header of the file stream generated by the first obfuscation module;

the second confusion module is used for confusing the sequence of the file streams for the second time;

the user source information encryption module is used for encrypting the user source information; storing the encrypted user source information in the header of the file stream generated by the second confusion module;

a third confusion module, configured to confusion the sequence of the file streams for the third time;

the segmentation encryption module is used for cutting the whole file stream generated by the third confusion module according to the designated size and carrying out segmentation encryption;

and the output module is used for merging the file streams generated by the segmentation encryption module, generating a complete encrypted file stream and outputting the complete encrypted file stream.

In a preferred embodiment of the present disclosure, an electronic device is further provided, where the electronic device includes a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the zero code-based file encryption method described above when executing the computer program.

In a preferred embodiment of the present disclosure, a computer readable storage medium is provided, on which a computer program is stored, the program implementing the steps of the zero code based file encryption method described above when executed by a processor.

The beneficial effects of the present disclosure are: according to the file encryption method based on the zero code, a plurality of encryption means are mixed, salt is added in the encryption process, and the characteristics of actual service data are combined, so that the file stream to be encrypted is confused, the purpose of incapability of being cracked is achieved, and the data security is improved; in the encryption process, the encrypted file stream is divided, so that the pressure of a server is reduced; by the encryption method, the cross-environment transfer of application configuration data is realized, and the operation cost of a client is reduced.

Drawings

FIG. 1 is a zero code based file encryption flow chart;

FIG. 2 is a first AES key generation flow diagram;

FIG. 3 is a first AES key encryption flow chart;

FIG. 4 is a user source information encryption flow chart;

FIG. 5 is a flow chart of file stream segment encryption;

FIG. 6 is a block diagram of modules in a zero code based file encryption system.

Detailed Description

The following description of the technical solutions in the embodiments of the present disclosure will be made clearly and completely with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are only some embodiments of the present disclosure, not all embodiments. Based on the embodiments in this disclosure, all other embodiments that a person of ordinary skill in the art would obtain without making any inventive effort are within the scope of protection of this disclosure.

Example 1

Referring to fig. 1, according to the file encryption method based on the zero code provided in the exemplary embodiment of the present disclosure, multiple encryption means are combined, special optimization is performed for the zero code scene, the file stream is generated by the information to be encrypted, then the file stream is processed multiple times, salified by combining with the designated service scene, the special encryption key is generated, the sequence of the file stream is disturbed, the encrypted file stream is segmented, and finally the file stream is combined to output the final encrypted file.

The implementation process of the file encryption method based on zero codes as an example comprises the following steps:

and in the zero code system, loading the required service data, and coding the service data loaded in the zero code system according to a default coding mode of Microsoft. NET to obtain an original file stream.

For different business data, different enumeration values are generated, wherein the enumeration values are designated json character strings generated based on business modules in the zero code system, and the designated json character strings comprise worksheets, workflows, application roles and reports.

The current timestamp of the server operating system, the machine id of the host and the process id of the current system program running in the server operating system are read, a natural number is added, a string of character strings is generated, the character strings are used as a first AES key, and the character strings are stored in a designated position, such as the head, of the current file stream to be encrypted, as shown in fig. 2.

The first time of confusion of the file stream information is performed, the sequence of the file streams is disturbed, and the purpose of preventing the file streams from being cracked is to prevent the file streams from being cracked.

Generating a file stream hash code for the file stream after the first confusion sequence, and performing hexadecimal conversion to obtain a file stream check code. The filestream check code is stored at a specified location of the filestream, such as a header.

Performing one-time AES self-encryption on the first AES key to generate a special key, performing two-time MD5 encryption on the special key after self-encryption to obtain a second AES key, and storing the second AES key in a designated position, such as a head, of a file stream, as shown in FIG. 3. After two MD5 encryptions, the file stream is substantially impossible to crack. MD5 is a widely used cryptographic hash function that can produce 128 bits (16 bytes) of hash value to ensure that the transmissions are completely consistent.

And carrying out second confusion on the file stream information to ensure that the file stream is intercepted and basically not cracked.

For information of different users and different sources, a string of identity information is generated, wherein the identity information comprises a system organization id, a source id, version information, a time stamp and an encrypted file use password.

And generating public keys and private keys of the RSA algorithm by utilizing the RSA asymmetric encryption algorithm, and storing the public keys and the private keys in a zero code system.

Encrypting the second AES key by using the generated private key of the RSA algorithm to obtain a third AES key; storing the third AES key in the header of the stream of files after the second obfuscation sequence; storing the third AES key in the header of the stream of files after the second obfuscation sequence; performing one-time AES encryption on the generated identity information by using a third AES key; the generated identity information is subjected to primary RSA algorithm encryption by using the generated public key and private key of the RSA algorithm, as shown in fig. 4. The RSA algorithm is an asymmetric encryption algorithm, which cannot be cracked in theory, and the RSA public key cryptosystem is a cryptosystem which uses different encryption keys and decryption keys, and is not computationally feasible to derive the decryption key from the known encryption key. By performing AES encryption and RSA asymmetric encryption on the user source information once, the generated user source information cannot be theoretically broken.

The encrypted user source information is stored in a designated position, such as the head, of the file stream after the second confusion sequence, and the third confusion file stream information is carried out.

Finally, the whole file stream is segmented according to the designated size, after segmentation, AES encryption is carried out for each segment of file stream once, as shown in fig. 5, the second AES key generated in fig. 3 is used as the key, the process of segmenting the encrypted file stream is equivalent to modifying the length of each segment of AES encrypted file stream, and the size of the encrypted file is changed. The sectional encryption file stream also solves the waste of service resources caused by oversized files when encrypting the files once, and achieves the purpose of reducing the pressure of a server.

And finally, merging to generate a complete encrypted file stream and outputting a final file. The aim that the encrypted file cannot be cracked is achieved by sectionally encrypting and merging the file streams.

Example 2

As shown in fig. 6, an exemplary zero code based file encryption system includes:

Further, the zip compression module comprises an original file stream generation module and a partially encrypted file stream generation module, wherein the original file stream generation module is used for coding the service data loaded in the zero code system according to a default coding mode of Microsoft. NET to obtain an original file stream; the file stream generating module is used for generating different enumeration values aiming at different service data, wherein the enumeration values are specified json character strings generated based on the service modules in the zero code system and comprise worksheets, workflows, application roles and reports; mixing the enumerated values into the original file stream, and performing zip compression and encryption on the original file stream by combining an LZ77 algorithm and a Huffman algorithm to generate a partially encrypted file stream.

Further, the first AES key generation module is specifically configured to: generating a string of character strings by adding a natural number to the read current timestamp of the server operating system, the machine id of the host machine and the process id of the current system program running in the server operating system, and taking the generated character strings as a first AES key; and storing the first AES key generated by the first AES key generation module in the header of the file stream generated by the zip compression module.

Further, the second AES key generation module is specifically configured to: the method comprises the steps of performing one-time AES self-encryption and two-time MD5 encryption on a first AES key to obtain a second AES key; the second AES key is stored in the header of the file stream generated by the first obfuscation module.

Further, the user source information encryption module is specifically configured to encrypt the user source information by performing AES encryption and RSA asymmetric encryption on the user source information once; the encrypted user source information is stored in the header of the file stream generated by the second obfuscation module.

Further, the user source information encryption module specifically includes:

the system comprises an identity information generation module, a storage module and a storage module, wherein the identity information generation module is used for generating a string of identity information aiming at information of different users and different sources, and the identity information comprises a system organization id, a source id, version information, a time stamp and an encrypted file use password;

the RSA public key and private key generation module is used for generating a public key and a private key of an RSA algorithm and storing the public key and the private key in the zero code system;

the third AES key generation module is used for encrypting the second AES key by utilizing the RSA public key and the private key of the RSA algorithm generated by the private key generation module to obtain a third AES key; storing the third AES key in the header of the stream of files after the second obfuscation sequence;

the AES encryption module is used for performing one-time AES encryption on the identity information generated by the identity information generation module by utilizing the third AES key generated by the third AES key generation module;

and the RSA encryption module is used for encrypting the identity information generated by the identity information generation module by one time by utilizing the public key and the private key of the RSA algorithm generated by the RSA public key and the private key generation module.

Further, the segment encryption module is specifically configured to perform AES encryption on each segment of the segmented file stream by using the second AES key.

Example 3

An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the zero code based file encryption method of embodiment 1 when the computer program is executed.

Embodiment 1 of the present disclosure is merely an example, and should not be construed as limiting the functionality and scope of use of the embodiments of the present disclosure.

The electronic device may be in the form of a general purpose computing device, which may be a server device, for example. Components of an electronic device may include, but are not limited to: at least one processor, at least one memory, a bus connecting different system components, including the memory and the processor.

The buses include a data bus, an address bus, and a control bus.

The memory may include volatile memory such as Random Access Memory (RAM) and/or cache memory, and may further include Read Only Memory (ROM).

The memory may also include program means having a set (at least one) of program modules including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.

The processor executes various functional applications and data processing by running computer programs stored in the memory.

The electronic device may also communicate with one or more external devices (e.g., keyboard, pointing device, etc.). Such communication may be through an input/output (I/O) interface. And, the electronic device may also communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through a network adapter. The network adapter communicates with other modules of the electronic device via a bus. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with an electronic device, including but not limited to: microcode, device drivers, redundant processors, external disk drive arrays, RAID (disk array) systems, tape drives, data backup storage systems, and the like.

It should be noted that although several units/modules or sub-units/modules of an electronic device are mentioned in the above detailed description, such a division is merely exemplary and not mandatory. Indeed, the features and functionality of two or more units/modules described above may be embodied in one unit/module according to embodiments of the present application. Conversely, the features and functions of one unit/module described above may be further divided into ones that are embodied by a plurality of units/modules.

Example 4

A computer-readable storage medium storing a computer program which, when executed by a processor, implements the steps of the zero-code-based file encryption method in embodiment 1.

More specifically, among others, readable storage media may be employed including, but not limited to: portable disk, hard disk, random access memory, read only memory, erasable programmable read only memory, optical storage device, magnetic storage device, or any suitable combination of the foregoing.

In a possible embodiment, the disclosure may also be implemented in the form of a program product comprising program code for causing a terminal device to carry out the steps of implementing the zero-code based file encryption method as described in embodiment 1, when said program product is run on the terminal device.

Wherein the program code for carrying out the present disclosure may be written in any combination of one or more programming languages, which program code may execute entirely on the user device, partly on the user device, as a stand-alone software package, partly on the user device, partly on the remote device or entirely on the remote device.

Although embodiments of the present disclosure have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the disclosure, the scope of which is defined in the appended claims and their equivalents.

Claims

1. A file encryption method based on zero codes is characterized by comprising the following steps:

the order of the file streams is confused for the first time;

encrypting the first AES key to obtain a second AES key;

the order of the file streams is confused for the second time;

encrypting the user source information;

the order of the file streams is confused for the third time;

2. The zero-code-based file encryption method according to claim 1, wherein the encoding the service data loaded in the zero-code system includes:

and coding the service data loaded in the zero code system according to a default coding mode of Microsoft. NET.

3. The zero code based file encryption method of claim 1, wherein the zip compressing and encrypting the original file stream comprises:

for different service data, generating different enumeration values, wherein the enumeration values are specified json character strings generated based on service modules in the zero code system, and the enumeration values comprise one or more of the following: worksheets, workflows, application roles, and reports;

4. The zero-code based file encryption method of claim 1, wherein the generating the first AES key using the current time stamp, the machine id, the system process id, and the natural number comprises:

and adding a natural number to the read current timestamp of the server operating system, the machine id of the host machine and the process id of the current system program running in the server operating system to generate a string of character strings, and taking the generated character strings as a first AES key.

5. The zero-code based file encryption method of claim 1, wherein encrypting the first AES key comprises:

the first AES key is AES self-encrypted once and MD5 encrypted twice.

6. The method for encrypting a file based on zero code according to claim 1, wherein the encrypted user source information specifically means: performing AES encryption and RSA asymmetric encryption on user source information once, and comprising the following steps:

generating a string of identity information for information of different users and different sources, wherein the identity information comprises one or more of the following: system organization id, source id, version information, time stamp and encrypted file use password;

7. The zero-code based file encryption method of claim 1, wherein the segment encryption comprises:

and carrying out AES encryption on each segmented file stream by using the second AES key.

8. A zero code based file encryption system comprising:

9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the zero-code based file encryption method of any one of claims 1 to 7 when the computer program is executed by the processor.

10. A computer readable storage medium having stored thereon a computer program, characterized in that the program when executed by a processor implements the steps of the zero code based file encryption method of any one of claims 1 to 7.