[go: up one dir, main page]

WO2017000726A1 - Key transformation method, apparatus, and terminal - Google Patents

Key transformation method, apparatus, and terminal Download PDF

Info

Publication number
WO2017000726A1
WO2017000726A1 PCT/CN2016/083934 CN2016083934W WO2017000726A1 WO 2017000726 A1 WO2017000726 A1 WO 2017000726A1 CN 2016083934 W CN2016083934 W CN 2016083934W WO 2017000726 A1 WO2017000726 A1 WO 2017000726A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
input data
matrix
initial
target matrix
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2016/083934
Other languages
French (fr)
Chinese (zh)
Inventor
王蔚
罗圣美
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2017000726A1 publication Critical patent/WO2017000726A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • This paper relates to the field of communications, and in particular to a key conversion method, apparatus and terminal.
  • Android Android has been supported by many developers and many vendors. The number of applications based on the Android platform has also increased rapidly. However, the research on software protection technology under the Android platform is still in its infancy, and the open source of the code makes it easy for developers to be infected with malicious attackers.
  • the Android system provides more functional interfaces for application developers. Many of the system's low-level interfaces improve the scalability of the system, but also provide convenience for malware. Trojans such as Trojans for Android are also easier to be. Implementation, the existing malware for Android system can spoof the user installation and grant certain permissions by disguising, and then abuse these permissions to perform certain behaviors in the background, including stealing user privacy and defrauding fees.
  • the security problems that have been born with it have not been solved well, security threats are increasing, and the threat level is gradually deepening, which has a negative impact on both developers and users.
  • the traditional Android software protection method is to shell the APK installation package file.
  • the existing shelling method generally hides the DEX executable file after it is encrypted.
  • the key for encrypting the DEX file is generally stored in the memory or written in plaintext. Once the attacker obtains it, it will be able to decrypt the DEX file and crack the original program.
  • Disclosed herein is a key conversion method, apparatus, and terminal, which converts an encryption key and stores it in a file, thereby realizing a scheme in which an encryption key of a plaintext cannot be obtained without permission.
  • the present invention discloses a key conversion method, the method comprising:
  • the initial key is transformed according to the target matrix to generate a protection key
  • step of constructing the matrix library comprises:
  • the first rule is a binary matrix whose matrix is N ⁇ N, where N is an integer greater than or equal to 2;
  • the transforming the initial key according to the target matrix to generate a protection key includes:
  • generating according to the target matrix, a transformation table, comprising:
  • a conversion table is generated based on the values of the first input data and the second input data and the output result.
  • generating according to the target matrix, a transformation table, comprising:
  • the combined data of the first input data and the second input data is multiplied by the first output result obtained by the target matrix
  • the combined data of the first input data and the second input data is multiplied by the second output result obtained by the target matrix
  • a conversion table is generated based on the values of the first input data and the second input data and the first output result and the second output result.
  • first input data and the second input data are hexadecimal numbers.
  • searching for the transformation result of the initial key in the transformation table includes:
  • the key recovery file is the target matrix, an inverse matrix of the target matrix, or a conversion table corresponding to the target matrix.
  • a key conversion method comprising:
  • the protection key is inversely transformed according to the key recovery file to obtain an initial key.
  • the key recovery file is the target matrix, an inverse matrix of the target matrix, or a conversion table corresponding to the target matrix;
  • the inverse transforming the protection key according to the key recovery file to obtain an initial key includes:
  • the first input data and the second input data corresponding to the protection key are searched in the conversion table, and all the first input data and the second input data obtained are initial keys.
  • a key conversion device comprising:
  • a first acquiring module configured to acquire a target matrix in the matrix library, where the target matrix is an invertible matrix
  • a protection key generation module configured to: after encrypting the target file by using the initial key, transform the initial key according to the target matrix to generate a protection key
  • a storage module configured to save the protection key and the key recovery file of the protection key And stored in the dynamic library file; wherein the protection key can be restored to the initial key by the key recovery file inverse transformation.
  • the device further includes:
  • a second acquiring module configured to acquire all matrices satisfying the first rule, to obtain a matrix set, where the first rule is a binary matrix whose matrix is N ⁇ N, where N is an integer greater than or equal to 2;
  • the third obtaining module is configured to obtain a preset number of all matrices satisfying the second rule in the matrix set to obtain a matrix library, where the second rule is that the matrix is a reversible matrix.
  • the protection key generation module includes:
  • a first protection key generation submodule configured to multiply the initial key by the target matrix, and obtain an operation result as a protection key
  • the second protection key generation submodule is configured to generate a conversion table according to the target matrix, search for a transformation result of the initial key in the transformation table, and use the transformation result as a protection key.
  • the second protection key generation submodule includes:
  • a first setting unit configured to set the first input data and the second input data
  • An arithmetic unit configured to multiply the combined data of the first input data and the second input data by the target matrix to obtain all output results
  • the first conversion table generating unit is configured to generate a conversion table based on the values of the first input data and the second input data and the output result.
  • the second protection key generation submodule includes:
  • a second setting unit configured to set the first input data and the second input data
  • a first obtaining unit configured to acquire, when the first input data is 0, a combination of the first input data and the second input data by a first output result obtained by multiplying the target matrix
  • a second obtaining unit configured to acquire, when the second input data is 0, the combined data of the first input data and the second input data is multiplied by the second output result obtained by the target matrix
  • the second conversion table generating unit is configured to generate a conversion table according to the values of the first input data and the second input data and the first output result and the second output result.
  • the first input data and the second input data are hexadecimal numbers.
  • the second protection key generation submodule includes:
  • a data form transformation unit configured to be based on the number of the first input data and the second input data According to the form, the initial key is transformed into a data form to obtain a transformed initial key
  • the searching unit is configured to search for a corresponding transformation result in the transformation table according to the transformation initial key.
  • the key recovery file is the target matrix, an inverse matrix of the target matrix, or a corresponding conversion table of the target matrix.
  • a key conversion device is also disclosed, wherein the device includes:
  • a second obtaining module configured to obtain a key recovery file and a protection key stored in the dynamic library file
  • the protection key inverse transform module is configured to inverse transform the protection key according to the key recovery file to obtain an initial key.
  • the key recovery file is the target matrix, an inverse matrix of the target matrix, or a corresponding conversion table of the target matrix;
  • the protection key inverse transform module includes:
  • a first initial key inverse transform submodule configured to multiply the protection key by an inverse matrix of the target matrix, and obtain an operation result as an initial key
  • a second initial key inverse transform submodule configured to search for the first input data and the second input data corresponding to the protection key in the conversion table, and obtain all initial input data and second input data as initial Key.
  • a terminal including a key conversion device as described above.
  • a terminal including a key conversion device as described above.
  • the initial key for encrypting the target file is transformed according to the target matrix to generate a protection key, and the protection key is obtained.
  • the key and its key recovery file are stored in a dynamic file library.
  • the protection key can be reverse transformed to the initial key by using the key recovery file in the dynamic file, and then the target file is decrypted using the initial key.
  • the transformation of the initial key makes it impossible to obtain the plaintext encryption key without permission, so that the solution cannot be solved. Confidential object files for improved security.
  • FIG. 1 is a flow chart showing the steps of a key conversion method for initial key conversion according to an embodiment of the present invention
  • FIG. 2 is a first flowchart of a specific step of generating a conversion table in a key conversion method according to an embodiment of the present invention
  • FIG. 3 is a second flowchart of a specific step of generating a conversion table in a key conversion method according to an embodiment of the present invention
  • FIG. 4 is a flow chart showing the steps of a key conversion method for inverse transform of a protection key according to an embodiment of the present invention
  • FIG. 5 is a schematic structural diagram of a key conversion apparatus for initial key conversion according to an embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of a key conversion apparatus for inverse transform of a protection key according to an embodiment of the present invention.
  • This paper discloses a key conversion method, which converts an encryption key and stores it in a file, thereby realizing a scheme in which an encryption key of a plaintext cannot be obtained without permission.
  • a key conversion method includes:
  • Step 11 Obtain a target matrix in the matrix library, where the target matrix is an invertible matrix
  • Step 12 After encrypting the target file by using the initial key, transform the initial key according to the target matrix to generate a protection key.
  • Step 13 Store the protection key and the key recovery file of the protection key into a dynamic library file; wherein the protection key can be restored to an initial key by the key recovery file inverse transformation.
  • the key transformation method of the embodiment of the present invention acquires an invertible matrix as a target in the matrix library. After the matrix, the initial key for encrypting the target file is transformed according to the target matrix to generate a protection key, and the protection key and its key recovery file are stored in the dynamic file library. In this way, after the installation package is packaged, when the application terminal runs the installation package, the protection key can be reverse transformed to the initial key through the key recovery file in the dynamic file library, and the target file is decrypted using the initial key.
  • the scheme of transforming the initial key is adopted, so that the plaintext encryption key cannot be obtained without permission, so that the target file cannot be decrypted, and the security performance is improved.
  • the step of constructing the matrix library includes:
  • Step 14 Obtain all matrices satisfying the first rule, and obtain a matrix set.
  • the first rule is a binary matrix whose matrix is N ⁇ N, where N is an integer greater than or equal to 2;
  • Step 15 Obtain a preset number of all matrices satisfying the second rule in the matrix set to obtain a matrix library, where the second rule is that the matrix is an invertible matrix.
  • the commonly used initial key is 128 bits
  • N is an integer greater than or equal to 2.
  • the reversible matrix in the matrix set is again selected, and in order to ensure that the target matrix can have a large randomness, the reversible matrix of the constructed matrix library is selected. The number must reach the preset number, which can be set by the staff.
  • step 12 includes:
  • Step 121a multiplying the initial key by the target matrix, and obtaining an operation result as a protection key
  • Step 121b Generate a conversion table according to the target matrix, search for a transformation result of the initial key in the transformation table, and use the transformation result as a protection key.
  • the initial key can be transformed.
  • the target matrix can be directly used, and the target matrix is multiplied by the initial key, and the obtained result is the protection key.
  • the multiplication is the AND operation. If the target matrix is an M matrix,
  • the 128-bit initial key is divided into a plurality of 8-bit data, and each 8-bit data is sequentially multiplied by the matrix M to obtain a transformed result.
  • a transformation table may also be generated according to the target matrix line, and the transformation result of the initial key is found by means of a lookup table to obtain a final protection key.
  • a method 1 for generating a conversion table according to the target matrix includes:
  • Step 121b1a setting first input data and second input data
  • Step 121b2a multiplying the combined data of the first input data and the second input data by the target matrix to obtain all output results
  • Step 121b3a generates a conversion table based on the values of the first input data and the second input data and the output result.
  • the above steps are the generation method of the conversion table. First, two input data, a first input data and a second input data are set, and each combination of the two data is multiplied by the target matrix to obtain all the output results, and then A conversion table is finally generated according to the values of the first input data and the second input data and the output result.
  • the first input data and the second input data are hexadecimal numbers.
  • the first input data is X
  • the second input data is Y
  • X and Y are in the range of 0 to f
  • the combined data XY is multiplied by the selected target matrix, and all the output results are obtained, and a conversion table is generated.
  • a method 2 of generating a conversion table according to the target matrix includes:
  • Step 121b1b setting first input data and second input data
  • Step 121b2b when the first input data is 0, the combined output data of the first input data and the second input data is multiplied by the target matrix to obtain a first output result;
  • Step 121b3b when the second input data is 0, the combined data of the first input data and the second input data is multiplied by the second output result obtained by the target matrix;
  • Step 121b4b generating a conversion table according to the values of the first input data and the second input data and the first output result and the second output result.
  • the transformation table after the transformation table is generated, the transformation of the initial key to the protection key may be performed.
  • the transformation result of the initial key is searched in the transformation table, including:
  • Steps 121b4a/121b5b transform the initial key into a data form to obtain a transformed initial key
  • Step 121b5a/121b6b searches for a corresponding transformation result in the conversion table according to the transformation initial key.
  • the data form of the second input data is used to transform the initial password to facilitate direct searching.
  • the first input data and the second input data are hexadecimal numbers, for example, a set of 8-bit 01101010 data conversion of the binary initial password. If the hexadecimal number is 6A, then in the lookup table, find the first input data as 6, the second input data is the output result corresponding to A, and then find all the corresponding output results of the initial password in the same way. When you come out, you get the result of the transformation, which is the protection key.
  • the transformation initial key is determined, if it cannot be directly found in the table, the corresponding 0Y output result and the X0 output result need to be searched first, and then the difference is performed. Or the result is the result of the transformation, that is, the protection key.
  • the key recovery file is the target matrix, an inverse matrix of the target matrix, or a corresponding conversion table of the target matrix.
  • the key recovery file is the inverse matrix of the target matrix or the target matrix. Wherein, when the key recovery file is the target matrix, before the inverse transform, the corresponding inverse matrix is obtained according to the target matrix.
  • the inverse key can be reversely searched by the conversion table to find the input data corresponding to the protection key, and the initial key can be obtained.
  • the conversion table only saves the output result, the inverse matrix of the target matrix is also needed, and the input data is obtained by multiplying the output result and the inverse matrix to obtain the initial key.
  • the initial key for encrypting the target file is transformed according to the target matrix to generate a protection key, and the The protection key and its key recovery file are stored in a dynamic file library.
  • the protection key can be reverse transformed to the initial key by using the key recovery file in the dynamic file, and then the target file is decrypted using the initial key.
  • an embodiment of the present invention further provides a key conversion method, where the method includes:
  • Step 21 Acquire a key recovery file and a protection key stored in the dynamic library file.
  • Step 22 Perform inverse transformation on the protection key according to the key recovery file to obtain an initial key.
  • the key recovery file and the protection key stored in the dynamic library file are obtained, and then the protection key is inversely transformed into the initial key by the key recovery file, and then the initial key is used.
  • the key decrypts the target file, so that the plaintext encryption key cannot be obtained without permission, so that the target file cannot be decrypted, and the security performance is improved.
  • the key recovery file is the target matrix, an inverse matrix of the target matrix, or a corresponding conversion table of the target matrix;
  • step 22 includes:
  • the first input data and the second input data corresponding to the protection key are searched in the conversion table, and all the first input data and the second input data obtained are initial keys.
  • the key recovery file is a target matrix, an inverse matrix of the target matrix, or a corresponding conversion table of the target matrix.
  • the key recovery file is the inverse matrix of the target matrix or the target matrix.
  • the key recovery file is the target matrix, before the inverse transform, the corresponding inverse matrix is obtained according to the target matrix.
  • the inverse key can be reversely searched by the conversion table to find the input data corresponding to the protection key, and the initial key can be obtained.
  • the key recovery file is a conversion table.
  • the conversion table only saves the output result, the inverse matrix of the target matrix is also needed, and the input data is obtained by multiplying the output result and the inverse matrix to obtain the initial key.
  • the method in the embodiment of the present invention obtains a key recovery file and a protection key in a dynamic library file, and then restores the protection key inverse transformation to an initial key through the key recovery file, and then uses the initial key.
  • the key decrypts the target file, so that the plaintext cannot be obtained without permission.
  • the encryption key prevents the target file from being decrypted, improving security.
  • an embodiment of the present invention further provides a key conversion apparatus, where the apparatus includes:
  • the first obtaining module 10 is configured to acquire a target matrix in the matrix library, where the target matrix is an invertible matrix;
  • the protection key generation module 20 is configured to: after encrypting the target file by using the initial key, transform the initial key according to the target matrix to generate a protection key;
  • the storage module 30 is configured to store the protection key and the key recovery file of the protection key into a dynamic library file; wherein the protection key can be restored to an initial state by the key recovery file inverse transformation Key.
  • the device further comprises:
  • a second acquiring module configured to acquire all matrices satisfying the first rule, to obtain a matrix set, where the first rule is a binary matrix whose matrix is N ⁇ N, where N is an integer greater than or equal to 2;
  • the third obtaining module is configured to obtain a preset number of all matrices satisfying the second rule in the matrix set to obtain a matrix library, where the second rule is that the matrix is a reversible matrix.
  • the protection key generation module is specifically:
  • a first protection key generation submodule configured to multiply the initial key by the target matrix, and obtain an operation result as a protection key
  • the second protection key generation submodule is configured to generate a conversion table according to the target matrix, search for a transformation result of the initial key in the transformation table, and use the transformation result as a protection key.
  • the second protection key generation submodule includes:
  • a first setting unit configured to set the first input data and the second input data
  • An arithmetic unit configured to multiply the combined data of the first input data and the second input data by the target matrix to obtain all output results
  • the first conversion table generating unit is configured to generate a conversion table based on the values of the first input data and the second input data and the output result.
  • the second protection key generation submodule includes:
  • a second setting unit configured to set the first input data and the second input data
  • a first obtaining unit configured to acquire, when the first input data is 0, a combination of the first input data and the second input data by a first output result obtained by multiplying the target matrix
  • a second obtaining unit configured to acquire, when the second input data is 0, the combined data of the first input data and the second input data is multiplied by the second output result obtained by the target matrix
  • the second conversion table generating unit is configured to generate a conversion table according to the values of the first input data and the second input data and the first output result and the second output result.
  • the first input data and the second input data are hexadecimal numbers.
  • the second protection key generation submodule further includes:
  • the data form transformation unit is configured to perform transformation of the initial key into a data form according to the data form of the first input data and the second input data to obtain a transformation initial key;
  • the searching unit is configured to search for a corresponding transformation result in the transformation table according to the transformation initial key.
  • the key recovery file is the target matrix, an inverse matrix of the target matrix, or a corresponding conversion table of the target matrix.
  • the initial key for encrypting the target file is transformed according to the target matrix to generate a protection key, and the protection key and the protection key thereof are
  • the key recovery file is stored in a dynamic file library.
  • the protection key can be reverse transformed to the initial key by using the key recovery file in the dynamic file, and then the target file is decrypted using the initial key.
  • the transformation of the initial key makes it impossible to obtain the plaintext encryption key without permission, thereby failing to decrypt the target file and improving the security performance.
  • the device is a device corresponding to the key conversion method for converting the initial key.
  • the implementation of the key conversion method in the first embodiment is applicable to the device, and the same technical effect can be achieved.
  • an embodiment of the present invention further provides a key conversion apparatus, where the apparatus includes:
  • the second obtaining module 40 is configured to obtain a key recovery file and a security file saved in the dynamic library file. Protection key
  • the protection key inverse transform module 50 is configured to inverse transform the protection key according to the key recovery file to obtain an initial key.
  • the key recovery file is the target matrix, an inverse matrix of the target matrix, or a corresponding conversion table of the target matrix;
  • the protection key inverse transform module includes:
  • a first initial key inverse transform submodule configured to multiply the protection key by an inverse matrix of the target matrix, and obtain an operation result as an initial key
  • a second initial key inverse transform submodule configured to search for the first input data and the second input data corresponding to the protection key in the conversion table, and obtain all initial input data and second input data as initial Key.
  • the device of the embodiment of the present invention obtains the key recovery file and the protection key in the dynamic library file, and then restores the protection key inverse transformation to the initial key through the key recovery file, and then decrypts the target file by using the initial key.
  • the encryption key of the plaintext cannot be obtained without permission, so that the target file cannot be decrypted, and the security performance is improved.
  • the device is a device corresponding to the key conversion method for restoring the protection key inverse transform to the initial key, and the implementation manner of the key conversion method in the second embodiment is applicable to the device. The same technical effect.
  • Embodiments of the present invention also provide a terminal comprising the key conversion apparatus as described above.
  • the terminal that encrypts the target file is transformed according to the target matrix to generate a protection key, and the protection key and the The key recovery file is stored in a dynamic file library.
  • the protection key can be reverse transformed to the initial key by using the key recovery file in the dynamic file, and then the target file is decrypted using the initial key.
  • the transformation of the initial key makes it impossible to obtain the plaintext encryption key without permission, thereby failing to decrypt the target file and improving the security performance.
  • the terminal is a terminal corresponding to the key conversion method for transforming the initial key
  • the implementation manner of the key conversion method in the first embodiment is applicable to the terminal, and can also be achieved. The same technical effect.
  • Embodiments of the present invention also provide a terminal comprising the key conversion apparatus as described above.
  • the terminal in the embodiment of the present invention acquires the key recovery file and the protection key in the dynamic library file, and then restores the protection key inverse transformation to the initial key through the key recovery file, and then decrypts the target file by using the initial key.
  • the encryption key of the plaintext cannot be obtained without permission, so that the target file cannot be decrypted, and the security performance is improved.
  • the terminal is a terminal corresponding to the key conversion method for restoring the protection key inverse transform to the initial key.
  • the implementation manner of the key conversion method in the second embodiment is applicable to the terminal, and can also achieve the same. Technical effect.
  • the embodiment of the present invention further provides a computer readable storage medium, which stores program instructions, and implements a key conversion method provided by Embodiment 1 of the present invention when the program instructions are executed by the processor.
  • the embodiment of the present invention further provides a computer readable storage medium, which stores program instructions, and when the program instructions are executed by the processor, a key conversion method provided by Embodiment 2 of the present invention can be implemented.
  • the modules may be implemented in software for execution by various types of processors.
  • an identified executable code module can comprise one or more physical or logical blocks of computer instructions, which can be constructed, for example, as an object, procedure, or function. Nonetheless, the executable code of the identified modules need not be physically located together, but may include different instructions stored in different bits that, when logically combined, constitute a module and implement the provisions of the module. purpose.
  • the encryption key of the plaintext cannot be obtained without permission, so that the target file cannot be decrypted, and the security performance is improved.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to the communications field, and disclosed are a key transformation method, apparatus, and terminal. The method comprises: obtaining a target matrix in a matrix library, the target matrix being an invertible matrix; transforming, after using an initial key to encrypt a target file, the initial key according to the target matrix, and generating a protection key; and storing the protection key and a key recovery file of the protection key to a dynamic-library file, the protection key being capable of recovering to the initial key through inverse transformation by using the key recovery file. According to embodiments of the present invention, an initial key is transformed, so that a plain-text encryption key cannot be obtained without permission. Therefore, a target file cannot be encrypted, so that the security performance is improved.

Description

一种密钥变换方法、装置及终端Key conversion method, device and terminal 技术领域Technical field

本文涉及通信领域,特别是指一种密钥变换方法、装置及终端。This paper relates to the field of communications, and in particular to a key conversion method, apparatus and terminal.

背景技术Background technique

Android安卓作为新兴的操作系统,已经得到广大开发者以及许多厂商的支持,基于Android平台的应用程序数目也飞速增长。然而Android平台下软件保护技术研究尚处于起步阶段,代码的开源性又使得开发者中很容易掺杂恶意攻击者。Android系统为应用开发者提供了更多的功能接口,其中很多系统底层接口,提高了系统的可扩展性,但同时也为恶意软件提供了便利,针对安卓系统的木马等恶意软件也更容易被实现,目前已有的针对安卓系统的恶意软件可以通过伪装的方式,骗取用户安装并授予一定的权限,之后滥用这些权限在后台执行一些特定行为,包括窃取用户隐私骗取资费等行为。然而与之并生的安全问题却始终没有得到良好的解决,安全威胁越来越多,且威胁程度也在逐步加深,无论对开发者还是用户都带来了不良的影响。As an emerging operating system, Android Android has been supported by many developers and many vendors. The number of applications based on the Android platform has also increased rapidly. However, the research on software protection technology under the Android platform is still in its infancy, and the open source of the code makes it easy for developers to be infected with malicious attackers. The Android system provides more functional interfaces for application developers. Many of the system's low-level interfaces improve the scalability of the system, but also provide convenience for malware. Trojans such as Trojans for Android are also easier to be. Implementation, the existing malware for Android system can spoof the user installation and grant certain permissions by disguising, and then abuse these permissions to perform certain behaviors in the background, including stealing user privacy and defrauding fees. However, the security problems that have been born with it have not been solved well, security threats are increasing, and the threat level is gradually deepening, which has a negative impact on both developers and users.

基于这种考虑需要对Android软件进行保护。软件加固是站在第三方的角度提出的,用来实现对任意应用进行代码的加固,这就要求加固系统具有通用性。能在不获得应用代码的前提下完成加固流程,且能在一定程度上增加应用的安全性,防止来自恶意攻击者的威胁,其中包括:非法复制和非授权使用,即盗版:恶意修改软件代码逻辑或功能,即篡改;通过逆向工程获取核心算法及关键数据并移植到自己的软件中,即逆向工程。Based on this consideration, Android software needs to be protected. Software hardening is proposed from the perspective of a third party to implement code reinforcement for any application, which requires the versatility of the reinforcement system. The hardening process can be completed without obtaining the application code, and the security of the application can be increased to a certain extent to prevent threats from malicious attackers, including: illegal copying and unauthorized use, ie piracy: malicious modification of the software code Logic or function, that is, tampering; obtaining core algorithms and key data through reverse engineering and porting them to their own software, ie reverse engineering.

传统的Android软件保护手段方式为对APK安装包文件进行加壳加固,现有的加壳方式一般对DEX可执行文件进行加密保护后将其隐藏。在这个过程中,对DEX文件加密的密钥一般存储于内存中或者明文写入文件中,攻击者一旦获得,将能解密DEX文件,从而破解原程序。The traditional Android software protection method is to shell the APK installation package file. The existing shelling method generally hides the DEX executable file after it is encrypted. In this process, the key for encrypting the DEX file is generally stored in the memory or written in plaintext. Once the attacker obtains it, it will be able to decrypt the DEX file and crack the original program.

发明内容 Summary of the invention

以下是对本文详细描述的主题的概述,本概述并非是为了限制权利要求的保护范围。The following is a summary of the subject matter described in detail herein, and is not intended to limit the scope of the claims.

本文公开了一种密钥变换方法、装置及终端,将加密密钥变换后存储在文件中,实现在未经允许的情况下无法获得明文的加密密钥的方案。Disclosed herein is a key conversion method, apparatus, and terminal, which converts an encryption key and stores it in a file, thereby realizing a scheme in which an encryption key of a plaintext cannot be obtained without permission.

为达到上述目的,本发明公开了一种密钥变换方法,所述方法包括:To achieve the above object, the present invention discloses a key conversion method, the method comprising:

获取矩阵库中的一目标矩阵,所述目标矩阵为可逆矩阵;Obtaining a target matrix in the matrix library, the target matrix being an invertible matrix;

在使用初始密钥对目标文件进行加密后,根据所述目标矩阵对所述初始密钥进行变换,生成保护密钥;After the target file is encrypted by using the initial key, the initial key is transformed according to the target matrix to generate a protection key;

将所述保护密钥以及所述保护密钥的密钥恢复文件存储到动态库文件中;其中,所述保护密钥能够通过所述密钥恢复文件逆变换后恢复为初始密钥。And storing the protection key and the key recovery file of the protection key into a dynamic library file; wherein the protection key can be restored to an initial key by inverse transformation of the key recovery file.

可选地,其中,所述矩阵库的构建步骤包括:Optionally, wherein the step of constructing the matrix library comprises:

获取满足第一规则的所有矩阵,得到一矩阵集,所述第一规则是矩阵为N×N的二元矩阵,其中,N为大于等于2的整数;Obtaining all the matrices satisfying the first rule, and obtaining a matrix set, where the first rule is a binary matrix whose matrix is N×N, where N is an integer greater than or equal to 2;

在所述矩阵集中获取预设数量的满足第二规则的所有矩阵,得到矩阵库,所述第二规则是矩阵为可逆矩阵。Obtaining a preset number of all matrices satisfying the second rule in the matrix set to obtain a matrix library, and the second rule is that the matrix is an invertible matrix.

可选地,其中,所述根据所述目标矩阵对所述初始密钥进行变换,生成保护密钥,包括:Optionally, the transforming the initial key according to the target matrix to generate a protection key includes:

将所述初始密钥乘以所述目标矩阵,得到的运算结果为保护密钥;或者Multiplying the initial key by the target matrix, and the obtained operation result is a protection key; or

根据所述目标矩阵生成一变换表,在所述变换表中查找所述初始密钥的变换结果,将所述变换结果作为保护密钥。Generating a conversion table according to the target matrix, searching a transformation result of the initial key in the transformation table, and using the transformation result as a protection key.

可选地,其中,所述根据所述目标矩阵生成一变换表,包括:Optionally, the generating, according to the target matrix, a transformation table, comprising:

设置第一输入数据和第二输入数据;Setting first input data and second input data;

将所述第一输入数据和第二输入数据的组合数据乘以所述目标矩阵,得到所有输出结果;Multiplying the combined data of the first input data and the second input data by the target matrix to obtain all output results;

根据第一输入数据和第二输入数据的取值和所述输出结果,生成变换表。A conversion table is generated based on the values of the first input data and the second input data and the output result.

可选地,其中,所述根据所述目标矩阵生成一变换表,包括:Optionally, the generating, according to the target matrix, a transformation table, comprising:

设置第一输入数据和第二输入数据;Setting first input data and second input data;

获取第一输入数据为0时,所述第一输入数据和第二输入数据的组合数据乘以所述目标矩阵得到的第一输出结果; When the first input data is 0, the combined data of the first input data and the second input data is multiplied by the first output result obtained by the target matrix;

获取第二输入数据为0时,所述第一输入数据和第二输入数据的组合数据乘以所述目标矩阵得到的第二输出结果;When the second input data is 0, the combined data of the first input data and the second input data is multiplied by the second output result obtained by the target matrix;

根据第一输入数据和第二输入数据的取值和所述第一输出结果和第二输出结果,生成变换表。A conversion table is generated based on the values of the first input data and the second input data and the first output result and the second output result.

可选地,其中,所述第一输入数据和所述第二输入数据为十六进制数。Optionally, wherein the first input data and the second input data are hexadecimal numbers.

可选地,其中,所述在所述变换表中查找所述初始密钥的变换结果,包括:Optionally, wherein the searching for the transformation result of the initial key in the transformation table includes:

根据所述第一输入数据和第二输入数据的数据形式,将所述初始密钥进行数据形式的变换,得到变换初始密钥;And converting, according to the data form of the first input data and the second input data, the initial key into a data form to obtain a transformed initial key;

根据所述变换初始密钥,在所述变换表中查找对应的变换结果。Finding a corresponding transform result in the conversion table according to the transform initial key.

其中,所述密钥恢复文件为所述目标矩阵、所述目标矩阵的逆矩阵或所述目标矩阵对应的变换表。The key recovery file is the target matrix, an inverse matrix of the target matrix, or a conversion table corresponding to the target matrix.

为达到上述目的,本文还公开了一种密钥变换方法,所述方法包括:To achieve the above object, a key conversion method is also disclosed herein, the method comprising:

获取保存在动态库文件中的密钥恢复文件和保护密钥;Obtain the key recovery file and protection key saved in the dynamic library file;

根据所述密钥恢复文件对所述保护密钥进行逆变换,得到初始密钥。The protection key is inversely transformed according to the key recovery file to obtain an initial key.

其中,所述密钥恢复文件为所述目标矩阵、所述目标矩阵的逆矩阵或所述目标矩阵对应的变换表;The key recovery file is the target matrix, an inverse matrix of the target matrix, or a conversion table corresponding to the target matrix;

可选地,所述根据所述密钥恢复文件对所述保护密钥进行逆变换,得到初始密钥,包括:Optionally, the inverse transforming the protection key according to the key recovery file to obtain an initial key includes:

将所述保护密钥乘以所述目标矩阵的逆矩阵,得到的运算结果为初始密钥;或者Multiplying the protection key by an inverse matrix of the target matrix, and the obtained operation result is an initial key; or

在所述变换表中查找对应所述保护密钥的第一输入数据和第二输入数据,得到的所有第一输入数据和第二输入数据为初始密钥。The first input data and the second input data corresponding to the protection key are searched in the conversion table, and all the first input data and the second input data obtained are initial keys.

为达到上述目的,本文还公开了一种密钥变换装置,所述装置包括:In order to achieve the above object, a key conversion device is also disclosed herein, the device comprising:

第一获取模块,设置为获取矩阵库中的一目标矩阵,所述目标矩阵为可逆矩阵;a first acquiring module, configured to acquire a target matrix in the matrix library, where the target matrix is an invertible matrix;

保护密钥生成模块,设置为在使用初始密钥对目标文件进行加密后,根据所述目标矩阵对所述初始密钥进行变换,生成保护密钥;a protection key generation module, configured to: after encrypting the target file by using the initial key, transform the initial key according to the target matrix to generate a protection key;

存储模块,设置为将所述保护密钥以及所述保护密钥的密钥恢复文件存 储到动态库文件中;其中,所述保护密钥能够通过所述密钥恢复文件逆变换恢复为初始密钥。a storage module, configured to save the protection key and the key recovery file of the protection key And stored in the dynamic library file; wherein the protection key can be restored to the initial key by the key recovery file inverse transformation.

可选地,其中,所述装置还包括:Optionally, the device further includes:

第二获取模块,设置为获取满足第一规则的所有矩阵,得到一矩阵集,所述第一规则是矩阵为N×N的二元矩阵,其中,N为大于等于2的整数;a second acquiring module, configured to acquire all matrices satisfying the first rule, to obtain a matrix set, where the first rule is a binary matrix whose matrix is N×N, where N is an integer greater than or equal to 2;

第三获取模块,设置为在所述矩阵集中获取预设数量的满足第二规则的所有矩阵,得到矩阵库,所述第二规则是矩阵为可逆矩阵。The third obtaining module is configured to obtain a preset number of all matrices satisfying the second rule in the matrix set to obtain a matrix library, where the second rule is that the matrix is a reversible matrix.

可选地,所述保护密钥生成模块包括:Optionally, the protection key generation module includes:

第一保护密钥生成子模块,设置为将所述初始密钥乘以所述目标矩阵,得到的运算结果为保护密钥;a first protection key generation submodule, configured to multiply the initial key by the target matrix, and obtain an operation result as a protection key;

第二保护密钥生成子模块,设置为根据所述目标矩阵生成一变换表,在所述变换表中查找所述初始密钥的变换结果,将所述变换结果作为保护密钥。The second protection key generation submodule is configured to generate a conversion table according to the target matrix, search for a transformation result of the initial key in the transformation table, and use the transformation result as a protection key.

可选地,其中,所述第二保护密钥生成子模块包括:Optionally, the second protection key generation submodule includes:

第一设置单元,设置为设置第一输入数据和第二输入数据;a first setting unit configured to set the first input data and the second input data;

运算单元,设置为将所述第一输入数据和第二输入数据的组合数据乘以所述目标矩阵,得到所有输出结果;An arithmetic unit configured to multiply the combined data of the first input data and the second input data by the target matrix to obtain all output results;

第一变换表生成单元,设置为根据第一输入数据和第二输入数据的取值和所述输出结果,生成变换表。The first conversion table generating unit is configured to generate a conversion table based on the values of the first input data and the second input data and the output result.

可选地,其中,所述第二保护密钥生成子模块包括:Optionally, the second protection key generation submodule includes:

第二设置单元,设置为设置第一输入数据和第二输入数据;a second setting unit configured to set the first input data and the second input data;

第一获取单元,设置为获取第一输入数据为0时,所述第一输入数据和第二输入数据的组合数据乘以所述目标矩阵得到的第一输出结果;a first obtaining unit, configured to acquire, when the first input data is 0, a combination of the first input data and the second input data by a first output result obtained by multiplying the target matrix;

第二获取单元,设置为获取第二输入数据为0时,所述第一输入数据和第二输入数据的组合数据乘以所述目标矩阵得到的第二输出结果;a second obtaining unit, configured to acquire, when the second input data is 0, the combined data of the first input data and the second input data is multiplied by the second output result obtained by the target matrix;

第二变换表生成单元,设置为根据第一输入数据和第二输入数据的取值和所述第一输出结果和第二输出结果,生成变换表。The second conversion table generating unit is configured to generate a conversion table according to the values of the first input data and the second input data and the first output result and the second output result.

其中,所述第一输入数据和所述第二输入数据为十六进制数。The first input data and the second input data are hexadecimal numbers.

可选地,其中,所述第二保护密钥生成子模块包括:Optionally, the second protection key generation submodule includes:

数据形式变换单元,设置为根据所述第一输入数据和第二输入数据的数 据形式,将所述初始密钥进行数据形式的变换,得到变换初始密钥;a data form transformation unit configured to be based on the number of the first input data and the second input data According to the form, the initial key is transformed into a data form to obtain a transformed initial key;

查找单元,设置为根据所述变换初始密钥,在所述变换表中查找对应的变换结果。The searching unit is configured to search for a corresponding transformation result in the transformation table according to the transformation initial key.

其中,所述密钥恢复文件为所述目标矩阵、所述目标矩阵的逆矩阵或所述目标矩阵的对应的变换表。The key recovery file is the target matrix, an inverse matrix of the target matrix, or a corresponding conversion table of the target matrix.

为达到上述目的,文还公开了一种密钥变换装置,其中,所述装置包括:In order to achieve the above object, a key conversion device is also disclosed, wherein the device includes:

第二获取模块,设置为获取保存在动态库文件中的密钥恢复文件和保护密钥;a second obtaining module, configured to obtain a key recovery file and a protection key stored in the dynamic library file;

保护密钥逆变换模块,设置为根据所述密钥恢复文件对所述保护密钥进行逆变换,得到初始密钥。The protection key inverse transform module is configured to inverse transform the protection key according to the key recovery file to obtain an initial key.

其中,所述密钥恢复文件为所述目标矩阵、所述目标矩阵的逆矩阵或所述目标矩阵的对应的变换表;The key recovery file is the target matrix, an inverse matrix of the target matrix, or a corresponding conversion table of the target matrix;

可选地,其中,所述保护密钥逆变换模块包括:Optionally, the protection key inverse transform module includes:

第一初始密钥逆变换子模块,设置为将所述保护密钥乘以所述目标矩阵的逆矩阵,得到的运算结果为初始密钥;a first initial key inverse transform submodule, configured to multiply the protection key by an inverse matrix of the target matrix, and obtain an operation result as an initial key;

第二初始密钥逆变换子模块,设置为在所述变换表中查找对应所述保护密钥的第一输入数据和第二输入数据,得到的所有第一输入数据和第二输入数据为初始密钥。a second initial key inverse transform submodule configured to search for the first input data and the second input data corresponding to the protection key in the conversion table, and obtain all initial input data and second input data as initial Key.

为达到上述目的,本文还公开了一种终端,包括如上所述的密钥变换装置。To achieve the above object, a terminal is also disclosed herein, including a key conversion device as described above.

为达到上述目的,本文还公开了一种终端,包括如上所述的密钥变换装置。To achieve the above object, a terminal is also disclosed herein, including a key conversion device as described above.

本发明的上述技术方案的有益效果如下:The beneficial effects of the above technical solution of the present invention are as follows:

本发明实施例的密钥变换方法,在矩阵库中获取到一可逆矩阵作为目标矩阵后,将对目标文件加密的初始密钥根据该目标矩阵进行变换,生成保护密钥,并将该保护密钥和其密钥恢复文件存储到动态文件库中。这样,安装包打包后,应用终端运行安装包时,可通过动态文件中的密钥恢复文件将保护密钥逆变换恢复为初始密钥,再使用初始密钥对目标文件解密。对初始密钥的变换,使得在未经允许的情况下无法获得明文的加密密钥,从而无法解 密目标文件,提升了安全性能。In the key conversion method of the embodiment of the present invention, after obtaining an invertible matrix as a target matrix in the matrix library, the initial key for encrypting the target file is transformed according to the target matrix to generate a protection key, and the protection key is obtained. The key and its key recovery file are stored in a dynamic file library. In this way, after the installation package is packaged, when the application terminal runs the installation package, the protection key can be reverse transformed to the initial key by using the key recovery file in the dynamic file, and then the target file is decrypted using the initial key. The transformation of the initial key makes it impossible to obtain the plaintext encryption key without permission, so that the solution cannot be solved. Confidential object files for improved security.

在阅读并理解了附图和详细描述后,可以明白其他方面。Other aspects will be apparent upon reading and understanding the drawings and detailed description.

附图概述BRIEF abstract

图1为本发明实施例对初始密钥变换的密钥变换方法的步骤流程图;1 is a flow chart showing the steps of a key conversion method for initial key conversion according to an embodiment of the present invention;

图2为本发明实施例的密钥变换方法中生成变换表的具体步骤流程图一;2 is a first flowchart of a specific step of generating a conversion table in a key conversion method according to an embodiment of the present invention;

图3为本发明实施例的密钥变换方法中生成变换表的具体步骤流程图二;3 is a second flowchart of a specific step of generating a conversion table in a key conversion method according to an embodiment of the present invention;

图4为本发明实施例对保护密钥逆变换的密钥变换方法的步骤流程图;4 is a flow chart showing the steps of a key conversion method for inverse transform of a protection key according to an embodiment of the present invention;

图5为本发明实施例对初始密钥变换的密钥变换装置的结构示意图;FIG. 5 is a schematic structural diagram of a key conversion apparatus for initial key conversion according to an embodiment of the present invention; FIG.

图6为本发明实施例对保护密钥逆变换的密钥变换装置的结构示意图。FIG. 6 is a schematic structural diagram of a key conversion apparatus for inverse transform of a protection key according to an embodiment of the present invention.

本发明的较佳实施方式Preferred embodiment of the invention

为使本发明要解决的技术问题、技术方案和优点更加清楚,下面将结合附图及具体实施例进行详细描述。The technical problems, the technical solutions, and the advantages of the present invention will be more clearly described in the following description.

针对现有的软件保护使用加密密钥对DEX文件加密后,加密密钥存储于内存中或者明文写入文件中,易被攻击者获得用于解密DEX文件,破解原程序,安全性低的问题,本文公开了一种密钥变换方法,将加密密钥变换后存储在文件中,实现了在未经允许的情况下无法获得明文的加密密钥的方案。After encrypting the DEX file with the encryption key for the existing software protection, the encryption key is stored in the memory or written in the plaintext file, which is easy for the attacker to obtain the problem of decrypting the DEX file, cracking the original program, and having low security. This paper discloses a key conversion method, which converts an encryption key and stores it in a file, thereby realizing a scheme in which an encryption key of a plaintext cannot be obtained without permission.

实施例一Embodiment 1

如图1所示,一种密钥变换方法,所述方法包括:As shown in FIG. 1, a key conversion method includes:

步骤11,获取矩阵库中的一目标矩阵,所述目标矩阵为可逆矩阵;Step 11: Obtain a target matrix in the matrix library, where the target matrix is an invertible matrix;

步骤12,在使用初始密钥对目标文件进行加密后,根据所述目标矩阵对所述初始密钥进行变换,生成保护密钥;Step 12: After encrypting the target file by using the initial key, transform the initial key according to the target matrix to generate a protection key.

步骤13,将所述保护密钥以及所述保护密钥的密钥恢复文件存储到动态库文件中;其中,所述保护密钥能够通过所述密钥恢复文件逆变换恢复为初始密钥。Step 13: Store the protection key and the key recovery file of the protection key into a dynamic library file; wherein the protection key can be restored to an initial key by the key recovery file inverse transformation.

本发明实施例的密钥变换方法,在矩阵库中获取到一可逆矩阵作为目标 矩阵后,将对目标文件加密的初始密钥根据该目标矩阵进行变换,生成保护密钥,并将该保护密钥和其密钥恢复文件存储到动态文件库中。这样,安装包打包后,应用终端运行安装包时,可通过动态文件库中的密钥恢复文件将保护密钥逆变换恢复为初始密钥,再使用初始密钥对目标文件解密。采用对初始密钥的变换的方案,使得在未经允许的情况下无法获得明文的加密密钥,从而无法解密目标文件,提升了安全性能。The key transformation method of the embodiment of the present invention acquires an invertible matrix as a target in the matrix library. After the matrix, the initial key for encrypting the target file is transformed according to the target matrix to generate a protection key, and the protection key and its key recovery file are stored in the dynamic file library. In this way, after the installation package is packaged, when the application terminal runs the installation package, the protection key can be reverse transformed to the initial key through the key recovery file in the dynamic file library, and the target file is decrypted using the initial key. The scheme of transforming the initial key is adopted, so that the plaintext encryption key cannot be obtained without permission, so that the target file cannot be decrypted, and the security performance is improved.

可选地,所述矩阵库的构建步骤包括:Optionally, the step of constructing the matrix library includes:

步骤14,获取满足第一规则的所有矩阵,得到一矩阵集,所述第一规则是矩阵为N×N的二元矩阵,其中,N为大于等于2的整数;Step 14: Obtain all matrices satisfying the first rule, and obtain a matrix set. The first rule is a binary matrix whose matrix is N×N, where N is an integer greater than or equal to 2;

步骤15,在所述矩阵集中获取预设数量的满足第二规则的所有矩阵,得到矩阵库,所述第二规则是矩阵为可逆矩阵。Step 15: Obtain a preset number of all matrices satisfying the second rule in the matrix set to obtain a matrix library, where the second rule is that the matrix is an invertible matrix.

由于常用的初始密钥为128位,为了便于变换运算,在构建矩阵库时,首先获取所有N×N的二元矩阵得到一矩阵集作为待选矩阵,N为大于等于2的整数。而由于密钥的使用性质,需要在变换后也能够快捷的恢复,所以,再次挑选矩阵集中可逆的矩阵,同时为了保证选取目标矩阵时能够具有较大的随机性,挑选构建矩阵库的可逆矩阵数量要达到预设数量,该预设数量可以由工作人员进行设置。Since the commonly used initial key is 128 bits, in order to facilitate the transform operation, when constructing the matrix library, first obtain all N×N binary matrices to obtain a matrix set as the candidate matrix, and N is an integer greater than or equal to 2. However, due to the nature of the use of the key, it is also necessary to quickly recover after the transformation. Therefore, the reversible matrix in the matrix set is again selected, and in order to ensure that the target matrix can have a large randomness, the reversible matrix of the constructed matrix library is selected. The number must reach the preset number, which can be set by the staff.

可选地,步骤12包括:Optionally, step 12 includes:

步骤121a,将所述初始密钥乘以所述目标矩阵,得到的运算结果为保护密钥;或者Step 121a, multiplying the initial key by the target matrix, and obtaining an operation result as a protection key; or

步骤121b,根据所述目标矩阵生成一变换表,在所述变换表中查找所述初始密钥的变换结果,将所述变换结果作为保护密钥。Step 121b: Generate a conversion table according to the target matrix, search for a transformation result of the initial key in the transformation table, and use the transformation result as a protection key.

获取到目标矩阵后,就可对初始密钥进行变换,可以直接使用目标矩阵,用初始密钥乘以该目标矩阵,得到的结果即为保护密钥,对于二元运算,乘法即与运算。如目标矩阵是M矩阵, After the target matrix is obtained, the initial key can be transformed. The target matrix can be directly used, and the target matrix is multiplied by the initial key, and the obtained result is the protection key. For the binary operation, the multiplication is the AND operation. If the target matrix is an M matrix,

Figure PCTCN2016083934-appb-000001
Figure PCTCN2016083934-appb-000001

将128位的初始密钥分成多个8位数据,每个8位数据依次乘该矩阵M,得到变换结果。The 128-bit initial key is divided into a plurality of 8-bit data, and each 8-bit data is sequentially multiplied by the matrix M to obtain a transformed result.

也可以根据该目标矩阵线生成一变换表,通过查找表的方式,查找出初始密钥的变换结果,得到最终的保护密钥。A transformation table may also be generated according to the target matrix line, and the transformation result of the initial key is found by means of a lookup table to obtain a final protection key.

其中,如图2所示,步骤121b中,根据所述目标矩阵生成一变换表的方式一,包括:As shown in FIG. 2, in step 121b, a method 1 for generating a conversion table according to the target matrix includes:

步骤121b1a,设置第一输入数据和第二输入数据;Step 121b1a, setting first input data and second input data;

步骤121b2a,将所述第一输入数据和第二输入数据的组合数据乘以所述目标矩阵,得到所有输出结果;Step 121b2a, multiplying the combined data of the first input data and the second input data by the target matrix to obtain all output results;

步骤121b3a,根据第一输入数据和第二输入数据的取值和所述输出结果,生成变换表。Step 121b3a generates a conversion table based on the values of the first input data and the second input data and the output result.

上述步骤是变换表的生成方式,首先会设置两个输入数据,第一输入数据和第二输入数据,将这两个数据的每一种组合情况都乘以目标矩阵,得到所有输出结果,然后根据第一输入数据和第二输入数据的取值和输出结果,最终生成变换表。The above steps are the generation method of the conversion table. First, two input data, a first input data and a second input data are set, and each combination of the two data is multiplied by the target matrix to obtain all the output results, and then A conversion table is finally generated according to the values of the first input data and the second input data and the output result.

其中,所述第一输入数据和所述第二输入数据为十六进制数。The first input data and the second input data are hexadecimal numbers.

如第一输入数据为X,第二输入数据为Y,X和Y的取值范围为0~f,组合数据XY乘以已选定的目标矩阵后,得到的所有输出结果,生成变换表即如下所示: For example, if the first input data is X, the second input data is Y, X and Y are in the range of 0 to f, and the combined data XY is multiplied by the selected target matrix, and all the output results are obtained, and a conversion table is generated. As follows:

Figure PCTCN2016083934-appb-000002
Figure PCTCN2016083934-appb-000002

由于运算的特殊性,还应该了解到其中第一输入数据X和第二输入数据Y的组合数据与目标矩阵相乘的运算结果等于输入组合数据是0Y(0表示X取0)的输出结果和X0(0表示Y取0)的输出结果相异或,因此,如图3所示,步骤121b中,根据所述目标矩阵生成一变换表的方式二,包括:Due to the particularity of the operation, it should also be understood that the result of the operation of multiplying the combined data of the first input data X and the second input data Y by the target matrix is equal to the output result of the input combined data being 0Y (0 means X is 0) and The output result of X0 (0 means Y is 0) is different or different. Therefore, as shown in FIG. 3, in step 121b, a method 2 of generating a conversion table according to the target matrix includes:

步骤121b1b,设置第一输入数据和第二输入数据;Step 121b1b, setting first input data and second input data;

步骤121b2b,获取第一输入数据为0时,所述第一输入数据和第二输入数据的组合数据乘以所述目标矩阵得到的第一输出结果;Step 121b2b, when the first input data is 0, the combined output data of the first input data and the second input data is multiplied by the target matrix to obtain a first output result;

步骤121b3b,获取第二输入数据为0时,所述第一输入数据和第二输入数据的组合数据乘以所述目标矩阵得到的第二输出结果;Step 121b3b, when the second input data is 0, the combined data of the first input data and the second input data is multiplied by the second output result obtained by the target matrix;

步骤121b4b,根据第一输入数据和第二输入数据的取值和所述第一输出结果和所述第二输出结果,生成变换表。Step 121b4b, generating a conversion table according to the values of the first input data and the second input data and the first output result and the second output result.

上述变换表的生成方式二中,通过步骤121b1b-121b4b的生成方式,相当只获取了上表所示的变换表中输出结果的第一行和第一列。In the second generation method of the above-described conversion table, only the first row and the first column of the output result in the conversion table shown in the above table are acquired by the generation method of the steps 121b1b to 121b4b.

不论变换表的具体实现形式,在变换表生成后,即可以进行初始密钥到保护密钥的变换了,步骤121b中,在所述变换表中查找所述初始密钥的变换结果,包括:Regardless of the specific implementation of the conversion table, after the transformation table is generated, the transformation of the initial key to the protection key may be performed. In step 121b, the transformation result of the initial key is searched in the transformation table, including:

步骤121b4a/121b5b,根据所述第一输入数据和第二输入数据的数据形式,将所述初始密钥进行数据形式的变换,得到变换初始密钥;Steps 121b4a/121b5b, according to the data form of the first input data and the second input data, transform the initial key into a data form to obtain a transformed initial key;

步骤121b5a/121b6b,根据所述变换初始密钥,在所述变换表中查找对应的变换结果。Step 121b5a/121b6b searches for a corresponding transformation result in the conversion table according to the transformation initial key.

对于上述两种变换表的实现形式,查找表时,都要先根据第一输入数据 和第二输入数据的数据形式将初始密码进行一下变换,方便直接查找,以第一输入数据和第二输入数据为十六进制数为例,如二进制初始密码的一组8位01101010数据转化为十六进制数是6A,那么,在查找表中,查找第一输入数据为6,第二输入数据为A对应的输出结果,然后将初始密码的对应的所有输出结果按照同样的方式找出来,就得到了变换结果,也就是得到了保护密钥。其中,对于第二种方式生成的变换表,在确定了变换初始密钥后,若不能在表中直接查找到,就需要先查找对应的0Y的输出结果和X0的输出结果,然后再进行异或得到的结果才为变换结果,即保护密钥。For the implementation form of the above two conversion tables, when searching for a table, first according to the first input data And the data form of the second input data is used to transform the initial password to facilitate direct searching. The first input data and the second input data are hexadecimal numbers, for example, a set of 8-bit 01101010 data conversion of the binary initial password. If the hexadecimal number is 6A, then in the lookup table, find the first input data as 6, the second input data is the output result corresponding to A, and then find all the corresponding output results of the initial password in the same way. When you come out, you get the result of the transformation, which is the protection key. For the conversion table generated by the second method, if the transformation initial key is determined, if it cannot be directly found in the table, the corresponding 0Y output result and the X0 output result need to be searched first, and then the difference is performed. Or the result is the result of the transformation, that is, the protection key.

由于对初始密钥的变换方式不同,因此,所述密钥恢复文件为所述目标矩阵、所述目标矩阵的逆矩阵或所述目标矩阵的对应的变换表。Since the manner of transforming the initial key is different, the key recovery file is the target matrix, an inverse matrix of the target matrix, or a corresponding conversion table of the target matrix.

若是使用目标矩阵直接对初始密钥进行变换的,在进行逆变换时,只要使用该目标矩阵的逆矩阵,用保护密钥乘以逆矩阵,得到的运算结果就是初始密钥。这时,密钥恢复文件为该目标矩阵或该目标矩阵的逆矩阵。其中,在密钥恢复文件为该目标矩阵时,进行逆变换前,还要根据该目标矩阵得到其对应的逆矩阵。If the initial key is directly transformed using the target matrix, the inverse of the target matrix is used, and the inverse key is multiplied by the protection key, and the obtained operation result is the initial key. At this time, the key recovery file is the inverse matrix of the target matrix or the target matrix. Wherein, when the key recovery file is the target matrix, before the inverse transform, the corresponding inverse matrix is obtained according to the target matrix.

若是使用目标矩阵的变换表对初始密钥进行变换的,在进行逆变换时,可通过变换表逆向查找,查找对应保护密钥的输入数据,也就能够得到初始密钥。当然,若变换表只保存了输出结果,就还需要目标矩阵的逆矩阵,通过输出结果和逆矩阵相乘得到输入数据来获得初始密钥。If the initial key is transformed using the conversion table of the target matrix, the inverse key can be reversely searched by the conversion table to find the input data corresponding to the protection key, and the initial key can be obtained. Of course, if the conversion table only saves the output result, the inverse matrix of the target matrix is also needed, and the input data is obtained by multiplying the output result and the inverse matrix to obtain the initial key.

综上所述,本发明实施例的方法,在矩阵库中获取到一可逆矩阵作为目标矩阵后,将对目标文件加密的初始密钥根据该目标矩阵进行变换,生成保护密钥,并将该保护密钥和其密钥恢复文件存储到动态文件库中。这样,安装包打包后,应用终端运行安装包时,可通过动态文件中的密钥恢复文件将保护密钥逆变换恢复为初始密钥,再使用初始密钥对目标文件解密。通过对初始密钥的变换,使得在未经允许的情况下无法获得明文的加密密钥,从而无法解密目标文件,提升了安全性能。In summary, in the method of the embodiment of the present invention, after obtaining an invertible matrix as the target matrix in the matrix library, the initial key for encrypting the target file is transformed according to the target matrix to generate a protection key, and the The protection key and its key recovery file are stored in a dynamic file library. In this way, after the installation package is packaged, when the application terminal runs the installation package, the protection key can be reverse transformed to the initial key by using the key recovery file in the dynamic file, and then the target file is decrypted using the initial key. By transforming the initial key, the plaintext encryption key cannot be obtained without permission, and the target file cannot be decrypted, thereby improving the security performance.

实施例二Embodiment 2

如图4所示,本发明的实施例还提供了一种密钥变换方法,所述方法包括: As shown in FIG. 4, an embodiment of the present invention further provides a key conversion method, where the method includes:

步骤21,获取保存在动态库文件中的密钥恢复文件和保护密钥;Step 21: Acquire a key recovery file and a protection key stored in the dynamic library file.

步骤22,根据所述密钥恢复文件对所述保护密钥进行逆变换,得到初始密钥。Step 22: Perform inverse transformation on the protection key according to the key recovery file to obtain an initial key.

该实施例中,运行安装包时,要获取保存在动态库文件中的密钥恢复文件和保护密钥,然后通过密钥恢复文件将保护密钥逆变换恢复为初始密钥,再使用初始密钥对目标文件解密,实现在未经允许的情况下无法获得明文的加密密钥,从而无法解密目标文件,提升了安全性能。In this embodiment, when the installation package is run, the key recovery file and the protection key stored in the dynamic library file are obtained, and then the protection key is inversely transformed into the initial key by the key recovery file, and then the initial key is used. The key decrypts the target file, so that the plaintext encryption key cannot be obtained without permission, so that the target file cannot be decrypted, and the security performance is improved.

其中,所述密钥恢复文件为所述目标矩阵、所述目标矩阵的逆矩阵或所述目标矩阵的对应的变换表;The key recovery file is the target matrix, an inverse matrix of the target matrix, or a corresponding conversion table of the target matrix;

可选地,步骤22,包括:Optionally, step 22 includes:

将所述保护密钥乘以所述目标矩阵的逆矩阵,得到的运算结果为初始密钥;或者Multiplying the protection key by an inverse matrix of the target matrix, and the obtained operation result is an initial key; or

在所述变换表中查找对应所述保护密钥的第一输入数据和第二输入数据,得到的所有第一输入数据和第二输入数据为初始密钥。The first input data and the second input data corresponding to the protection key are searched in the conversion table, and all the first input data and the second input data obtained are initial keys.

由于对初始密钥的变换方式不同,因此,密钥恢复文件为目标矩阵、目标矩阵的逆矩阵或目标矩阵的对应的变换表。Since the conversion method of the initial key is different, the key recovery file is a target matrix, an inverse matrix of the target matrix, or a corresponding conversion table of the target matrix.

可选地,若是使用目标矩阵直接对初始密钥进行变换的,在进行逆变换时,只要使用该目标矩阵的逆矩阵,保护密钥乘以逆矩阵,得到的运算结果就是初始密钥。这样,密钥恢复文件为该目标矩阵或该目标矩阵的逆矩阵。其中,在密钥恢复文件为该目标矩阵时,进行逆变换前,还要根据该目标矩阵得到其对应的逆矩阵。Optionally, if the initial key is directly transformed by using the target matrix, when the inverse transform is performed, the protection key is multiplied by the inverse matrix by using the inverse matrix of the target matrix, and the obtained operation result is the initial key. Thus, the key recovery file is the inverse matrix of the target matrix or the target matrix. Wherein, when the key recovery file is the target matrix, before the inverse transform, the corresponding inverse matrix is obtained according to the target matrix.

若是使用目标矩阵的变换表对初始密钥进行变换的,在进行逆变换时,可通过变换表逆向查找,查找对应保护密钥的输入数据,也就能够得到初始密钥。此时,密钥恢复文件为变换表。当然,若变换表只保存了输出结果,就还需要目标矩阵的逆矩阵,通过输出结果和逆矩阵相乘得到输入数据来获得初始密钥。If the initial key is transformed using the conversion table of the target matrix, the inverse key can be reversely searched by the conversion table to find the input data corresponding to the protection key, and the initial key can be obtained. At this time, the key recovery file is a conversion table. Of course, if the conversion table only saves the output result, the inverse matrix of the target matrix is also needed, and the input data is obtained by multiplying the output result and the inverse matrix to obtain the initial key.

综上所述,本发明实施例的方法,获取存在动态库文件中的密钥恢复文件和保护密钥,然后通过密钥恢复文件将保护密钥逆变换恢复为初始密钥,再使用初始密钥对目标文件解密,实现在未经允许的情况下无法获得明文的 加密密钥,从而无法解密目标文件,提升了安全性能。In summary, the method in the embodiment of the present invention obtains a key recovery file and a protection key in a dynamic library file, and then restores the protection key inverse transformation to an initial key through the key recovery file, and then uses the initial key. The key decrypts the target file, so that the plaintext cannot be obtained without permission. The encryption key prevents the target file from being decrypted, improving security.

实施例三Embodiment 3

如图5所示,本发明的实施例还提供了一种密钥变换装置,所述装置包括:As shown in FIG. 5, an embodiment of the present invention further provides a key conversion apparatus, where the apparatus includes:

第一获取模块10,设置为获取矩阵库中的一目标矩阵,所述目标矩阵为可逆矩阵;The first obtaining module 10 is configured to acquire a target matrix in the matrix library, where the target matrix is an invertible matrix;

保护密钥生成模块20,设置为在使用初始密钥对目标文件进行加密后,根据所述目标矩阵对所述初始密钥进行变换,生成保护密钥;The protection key generation module 20 is configured to: after encrypting the target file by using the initial key, transform the initial key according to the target matrix to generate a protection key;

存储模块30,设置为将所述保护密钥以及所述保护密钥的密钥恢复文件存储到动态库文件中;其中,所述保护密钥能够通过所述密钥恢复文件逆变换恢复为初始密钥。The storage module 30 is configured to store the protection key and the key recovery file of the protection key into a dynamic library file; wherein the protection key can be restored to an initial state by the key recovery file inverse transformation Key.

其中,所述装置还包括:Wherein, the device further comprises:

第二获取模块,设置为获取满足第一规则的所有矩阵,得到一矩阵集,所述第一规则是矩阵为N×N的二元矩阵,其中,N为大于等于2的整数;a second acquiring module, configured to acquire all matrices satisfying the first rule, to obtain a matrix set, where the first rule is a binary matrix whose matrix is N×N, where N is an integer greater than or equal to 2;

第三获取模块,设置为在所述矩阵集中获取预设数量的满足第二规则的所有矩阵,得到矩阵库,所述第二规则是矩阵为可逆矩阵。The third obtaining module is configured to obtain a preset number of all matrices satisfying the second rule in the matrix set to obtain a matrix library, where the second rule is that the matrix is a reversible matrix.

其中,所述保护密钥生成模块具体为:The protection key generation module is specifically:

第一保护密钥生成子模块,设置为将所述初始密钥乘以所述目标矩阵,得到的运算结果为保护密钥;a first protection key generation submodule, configured to multiply the initial key by the target matrix, and obtain an operation result as a protection key;

第二保护密钥生成子模块,设置为根据所述目标矩阵生成一变换表,在所述变换表中查找所述初始密钥的变换结果,将所述变换结果作为保护密钥。The second protection key generation submodule is configured to generate a conversion table according to the target matrix, search for a transformation result of the initial key in the transformation table, and use the transformation result as a protection key.

其中,所述第二保护密钥生成子模块包括:The second protection key generation submodule includes:

第一设置单元,设置为设置第一输入数据和第二输入数据;a first setting unit configured to set the first input data and the second input data;

运算单元,设置为将所述第一输入数据和第二输入数据的组合数据乘以所述目标矩阵,得到所有输出结果;An arithmetic unit configured to multiply the combined data of the first input data and the second input data by the target matrix to obtain all output results;

第一变换表生成单元,设置为根据第一输入数据和第二输入数据的取值和所述输出结果,生成变换表。The first conversion table generating unit is configured to generate a conversion table based on the values of the first input data and the second input data and the output result.

可选地,其中,所述第二保护密钥生成子模块包括: Optionally, the second protection key generation submodule includes:

第二设置单元,设置为设置第一输入数据和第二输入数据;a second setting unit configured to set the first input data and the second input data;

第一获取单元,设置为获取第一输入数据为0时,所述第一输入数据和第二输入数据的组合数据乘以所述目标矩阵得到的第一输出结果;a first obtaining unit, configured to acquire, when the first input data is 0, a combination of the first input data and the second input data by a first output result obtained by multiplying the target matrix;

第二获取单元,设置为获取第二输入数据为0时,所述第一输入数据和第二输入数据的组合数据乘以所述目标矩阵得到的第二输出结果;a second obtaining unit, configured to acquire, when the second input data is 0, the combined data of the first input data and the second input data is multiplied by the second output result obtained by the target matrix;

第二变换表生成单元,设置为根据第一输入数据和第二输入数据的取值和所述第一输出结果和第二输出结果,生成变换表。The second conversion table generating unit is configured to generate a conversion table according to the values of the first input data and the second input data and the first output result and the second output result.

其中,所述第一输入数据和所述第二输入数据为十六进制数。The first input data and the second input data are hexadecimal numbers.

可选地,其中,所述第二保护密钥生成子模块,还包括包括:Optionally, the second protection key generation submodule further includes:

数据形式变换单元,设置为根据所述第一输入数据和第二输入数据的数据形式,将所述初始密钥进行数据形式的变换,得到变换初始密钥;The data form transformation unit is configured to perform transformation of the initial key into a data form according to the data form of the first input data and the second input data to obtain a transformation initial key;

查找单元,设置为根据所述变换初始密钥,在所述变换表中查找对应的变换结果。The searching unit is configured to search for a corresponding transformation result in the transformation table according to the transformation initial key.

其中,所述密钥恢复文件为所述目标矩阵、所述目标矩阵的逆矩阵或所述目标矩阵的对应的变换表。The key recovery file is the target matrix, an inverse matrix of the target matrix, or a corresponding conversion table of the target matrix.

本发明实施例的装置,在矩阵库中获取到一可逆矩阵作为目标矩阵后,将对目标文件加密的初始密钥根据该目标矩阵进行变换,生成保护密钥,并将该保护密钥和其密钥恢复文件存储到动态文件库中。这样,安装包打包后,应用终端运行安装包时,可通过动态文件中的密钥恢复文件将保护密钥逆变换恢复为初始密钥,再使用初始密钥对目标文件解密。对初始密钥的变换,使得在未经允许的情况下无法获得明文的加密密钥,从而无法解密目标文件,提升了安全性能。In the apparatus of the embodiment of the present invention, after obtaining an invertible matrix as a target matrix in the matrix library, the initial key for encrypting the target file is transformed according to the target matrix to generate a protection key, and the protection key and the protection key thereof are The key recovery file is stored in a dynamic file library. In this way, after the installation package is packaged, when the application terminal runs the installation package, the protection key can be reverse transformed to the initial key by using the key recovery file in the dynamic file, and then the target file is decrypted using the initial key. The transformation of the initial key makes it impossible to obtain the plaintext encryption key without permission, thereby failing to decrypt the target file and improving the security performance.

需要说明的是,该装置是对应上述对初始密钥进行变换的密钥变换方法的装置,上述实施例一中的密钥变换方法的实现方式适用于该装置,也能达到相同的技术效果。It should be noted that the device is a device corresponding to the key conversion method for converting the initial key. The implementation of the key conversion method in the first embodiment is applicable to the device, and the same technical effect can be achieved.

实施例四Embodiment 4

如图6所示,本发明的实施例还提供了一种密钥变换装置,其中,所述装置包括:As shown in FIG. 6, an embodiment of the present invention further provides a key conversion apparatus, where the apparatus includes:

第二获取模块40,设置为获取保存在动态库文件中的密钥恢复文件和保 护密钥;The second obtaining module 40 is configured to obtain a key recovery file and a security file saved in the dynamic library file. Protection key

保护密钥逆变换模块50,设置为根据所述密钥恢复文件对所述保护密钥进行逆变换,得到初始密钥。The protection key inverse transform module 50 is configured to inverse transform the protection key according to the key recovery file to obtain an initial key.

其中,所述密钥恢复文件为所述目标矩阵、所述目标矩阵的逆矩阵或所述目标矩阵的对应的变换表;The key recovery file is the target matrix, an inverse matrix of the target matrix, or a corresponding conversion table of the target matrix;

可选地,其中,所述保护密钥逆变换模块包括:Optionally, the protection key inverse transform module includes:

第一初始密钥逆变换子模块,设置为将所述保护密钥乘以所述目标矩阵的逆矩阵,得到的运算结果为初始密钥;a first initial key inverse transform submodule, configured to multiply the protection key by an inverse matrix of the target matrix, and obtain an operation result as an initial key;

第二初始密钥逆变换子模块,设置为在所述变换表中查找对应所述保护密钥的第一输入数据和第二输入数据,得到的所有第一输入数据和第二输入数据为初始密钥。a second initial key inverse transform submodule configured to search for the first input data and the second input data corresponding to the protection key in the conversion table, and obtain all initial input data and second input data as initial Key.

本发明实施例的装置,获取存在动态库文件中的密钥恢复文件和保护密钥,然后通过密钥恢复文件将保护密钥逆变换恢复为初始密钥,再使用初始密钥对目标文件解密,实现在未经允许的情况下无法获得明文的加密密钥,从而无法解密目标文件,提升了安全性能。The device of the embodiment of the present invention obtains the key recovery file and the protection key in the dynamic library file, and then restores the protection key inverse transformation to the initial key through the key recovery file, and then decrypts the target file by using the initial key. The encryption key of the plaintext cannot be obtained without permission, so that the target file cannot be decrypted, and the security performance is improved.

需要说明的是,该装置是对应上述对保护密钥逆变换恢复为初始密钥的密钥变换方法的装置,上述实施例二中的密钥变换方法的实现方式适用于该装置,也能达到相同的技术效果。It should be noted that the device is a device corresponding to the key conversion method for restoring the protection key inverse transform to the initial key, and the implementation manner of the key conversion method in the second embodiment is applicable to the device. The same technical effect.

实施例五Embodiment 5

本发明的实施例还提供了一种终端,包括如上所述的密钥变换装置。Embodiments of the present invention also provide a terminal comprising the key conversion apparatus as described above.

本发明实施例的终端,在矩阵库中获取到一可逆矩阵作为目标矩阵后,将对目标文件加密的初始密钥根据该目标矩阵进行变换,生成保护密钥,并将该保护密钥和其密钥恢复文件存储到动态文件库中。这样,安装包打包后,应用终端运行安装包时,可通过动态文件中的密钥恢复文件将保护密钥逆变换恢复为初始密钥,再使用初始密钥对目标文件解密。对初始密钥的变换,使得在未经允许的情况下无法获得明文的加密密钥,从而无法解密目标文件,提升了安全性能。After acquiring an invertible matrix as a target matrix in the matrix library, the terminal that encrypts the target file is transformed according to the target matrix to generate a protection key, and the protection key and the The key recovery file is stored in a dynamic file library. In this way, after the installation package is packaged, when the application terminal runs the installation package, the protection key can be reverse transformed to the initial key by using the key recovery file in the dynamic file, and then the target file is decrypted using the initial key. The transformation of the initial key makes it impossible to obtain the plaintext encryption key without permission, thereby failing to decrypt the target file and improving the security performance.

需要说明的是,该终端是对应上述对初始密钥进行变换的密钥变换方法的终端,上述实施例一中密钥变换方法的实现方式适用于该终端,也能达到 相同的技术效果。It should be noted that the terminal is a terminal corresponding to the key conversion method for transforming the initial key, and the implementation manner of the key conversion method in the first embodiment is applicable to the terminal, and can also be achieved. The same technical effect.

实施例六Embodiment 6

本发明的实施例还提供了一种终端,包括如上所述的密钥变换装置。Embodiments of the present invention also provide a terminal comprising the key conversion apparatus as described above.

本发明实施例的终端,获取存在动态库文件中的密钥恢复文件和保护密钥,然后通过密钥恢复文件将保护密钥逆变换恢复为初始密钥,再使用初始密钥对目标文件解密,实现在未经允许的情况下无法获得明文的加密密钥,从而无法解密目标文件,提升了安全性能。The terminal in the embodiment of the present invention acquires the key recovery file and the protection key in the dynamic library file, and then restores the protection key inverse transformation to the initial key through the key recovery file, and then decrypts the target file by using the initial key. The encryption key of the plaintext cannot be obtained without permission, so that the target file cannot be decrypted, and the security performance is improved.

需要说明的是,该终端是对应上述对保护密钥逆变换恢复为初始密钥的密钥变换方法的终端,上述实施例二中密钥变换方法的实现方式适用于该终端,也能达到相同的技术效果。It should be noted that the terminal is a terminal corresponding to the key conversion method for restoring the protection key inverse transform to the initial key. The implementation manner of the key conversion method in the second embodiment is applicable to the terminal, and can also achieve the same. Technical effect.

实施例七Example 7

本发明实施例还提供一种计算机可读存储介质,存储有程序指令,当该程序指令被处理器执行时实现本发明实施例一所提供的一种密钥变换方法。The embodiment of the present invention further provides a computer readable storage medium, which stores program instructions, and implements a key conversion method provided by Embodiment 1 of the present invention when the program instructions are executed by the processor.

实施例八Example eight

本发明实施例还提供一种计算机可读存储介质,存储有程序指令,当该程序指令被处理器执行时可实现本发明实施例二所提供的一种密钥变换方法。The embodiment of the present invention further provides a computer readable storage medium, which stores program instructions, and when the program instructions are executed by the processor, a key conversion method provided by Embodiment 2 of the present invention can be implemented.

本发明实施例中,模块可以用软件实现,以便由各种类型的处理器执行。举例来说,一个标识的可执行代码模块可以包括计算机指令的一个或多个物理或者逻辑块,举例来说,其可以被构建为对象、过程或函数。尽管如此,所标识模块的可执行代码无需物理地位于一起,而是可以包括存储在不同位里上的不同的指令,当这些指令逻辑上结合在一起时,其构成模块并且实现该模块的规定目的。In an embodiment of the invention, the modules may be implemented in software for execution by various types of processors. For example, an identified executable code module can comprise one or more physical or logical blocks of computer instructions, which can be constructed, for example, as an object, procedure, or function. Nonetheless, the executable code of the identified modules need not be physically located together, but may include different instructions stored in different bits that, when logically combined, constitute a module and implement the provisions of the module. purpose.

工业实用性Industrial applicability

本发明的技术方案,通过对初始密钥的变换,使得在未经允许的情况下无法获得明文的加密密钥,从而无法解密目标文件,提升了安全性能。 According to the technical solution of the present invention, by changing the initial key, the encryption key of the plaintext cannot be obtained without permission, so that the target file cannot be decrypted, and the security performance is improved.

Claims (22)

一种密钥变换方法,包括:A key conversion method includes: 获取矩阵库中的一目标矩阵,所述目标矩阵为可逆矩阵;Obtaining a target matrix in the matrix library, the target matrix being an invertible matrix; 在使用初始密钥对目标文件进行加密后,根据所述目标矩阵对所述初始密钥进行变换,生成保护密钥;After the target file is encrypted by using the initial key, the initial key is transformed according to the target matrix to generate a protection key; 将所述保护密钥以及所述保护密钥的密钥恢复文件存储到动态库文件中;其中,所述保护密钥能够通过所述密钥恢复文件逆变换后恢复为初始密钥。And storing the protection key and the key recovery file of the protection key into a dynamic library file; wherein the protection key can be restored to an initial key by inverse transformation of the key recovery file. 根据权利要求1所述的密钥变换方法,其中,所述矩阵库的构建步骤包括:The key conversion method according to claim 1, wherein the step of constructing the matrix library comprises: 获取满足第一规则的所有矩阵,得到一矩阵集,所述第一规则是矩阵为N×N的二元矩阵,其中,N为大于等于2的整数;Obtaining all the matrices satisfying the first rule, and obtaining a matrix set, where the first rule is a binary matrix whose matrix is N×N, where N is an integer greater than or equal to 2; 在所述矩阵集中获取预设数量的满足第二规则的所有矩阵,得到矩阵库,所述第二规则是矩阵为可逆矩阵。Obtaining a preset number of all matrices satisfying the second rule in the matrix set to obtain a matrix library, and the second rule is that the matrix is an invertible matrix. 根据权利要求1所述的密钥变换方法,其中,所述根据所述目标矩阵对所述初始密钥进行变换,生成保护密钥,包括:The key conversion method according to claim 1, wherein the transforming the initial key according to the target matrix to generate a protection key comprises: 将所述初始密钥乘以所述目标矩阵,得到的运算结果为保护密钥;或者Multiplying the initial key by the target matrix, and the obtained operation result is a protection key; or 根据所述目标矩阵生成一变换表,在所述变换表中查找所述初始密钥的变换结果,将所述变换结果作为保护密钥。Generating a conversion table according to the target matrix, searching a transformation result of the initial key in the transformation table, and using the transformation result as a protection key. 根据权利要求3所述的密钥变换方法,其中,所述根据所述目标矩阵生成一变换表,包括:The key conversion method according to claim 3, wherein the generating a conversion table according to the target matrix comprises: 设置第一输入数据和第二输入数据;Setting first input data and second input data; 将所述第一输入数据和第二输入数据的组合数据乘以所述目标矩阵,得到所有输出结果;Multiplying the combined data of the first input data and the second input data by the target matrix to obtain all output results; 根据第一输入数据和第二输入数据的取值和所述输出结果,生成变换表。A conversion table is generated based on the values of the first input data and the second input data and the output result. 根据权利要求3所述的密钥变换方法,其中,所述根据所述目标矩阵生成一变换表,具体包括:The key conversion method according to claim 3, wherein the generating a conversion table according to the target matrix comprises: 设置第一输入数据和第二输入数据; Setting first input data and second input data; 获取第一输入数据为0时,所述第一输入数据和第二输入数据的组合数据乘以所述目标矩阵得到的第一输出结果;When the first input data is 0, the combined data of the first input data and the second input data is multiplied by the first output result obtained by the target matrix; 获取第二输入数据为0时,所述第一输入数据和第二输入数据的组合数据乘以所述目标矩阵得到的第二输出结果;When the second input data is 0, the combined data of the first input data and the second input data is multiplied by the second output result obtained by the target matrix; 根据第一输入数据和第二输入数据的取值和所述第一输出结果和第二输出结果,生成变换表。A conversion table is generated based on the values of the first input data and the second input data and the first output result and the second output result. 根据权利要求4或5所述的密钥变换方法,其中,所述第一输入数据和所述第二输入数据为十六进制数。The key conversion method according to claim 4 or 5, wherein the first input data and the second input data are hexadecimal numbers. 根据权利要求4或5所述的密钥变换方法,其中,所述在所述变换表中查找所述初始密钥的变换结果,包括:The key conversion method according to claim 4 or 5, wherein the searching for the transformation result of the initial key in the conversion table comprises: 根据所述第一输入数据和第二输入数据的数据形式,将所述初始密钥进行数据形式的变换,得到变换初始密钥;And converting, according to the data form of the first input data and the second input data, the initial key into a data form to obtain a transformed initial key; 根据所述变换初始密钥,在所述变换表中查找对应的变换结果。Finding a corresponding transform result in the conversion table according to the transform initial key. 根据权利要求3所述的密钥变换方法,其中,所述密钥恢复文件为所述目标矩阵、所述目标矩阵的逆矩阵或所述目标矩阵对应的变换表。The key conversion method according to claim 3, wherein the key recovery file is the target matrix, an inverse matrix of the target matrix, or a conversion table corresponding to the target matrix. 一种密钥变换方法,包括:A key conversion method includes: 获取保存在动态库文件中的密钥恢复文件和保护密钥;Obtain the key recovery file and protection key saved in the dynamic library file; 根据所述密钥恢复文件对所述保护密钥进行逆变换,得到初始密钥。The protection key is inversely transformed according to the key recovery file to obtain an initial key. 根据权利要求9所述的密钥变换方法,其中,所述密钥恢复文件为所述目标矩阵、所述目标矩阵的逆矩阵或所述目标矩阵对应的变换表;The key conversion method according to claim 9, wherein the key recovery file is the target matrix, an inverse matrix of the target matrix, or a conversion table corresponding to the target matrix; 其中,所述根据所述密钥恢复文件对所述保护密钥进行逆变换,得到初始密钥,包括:The performing the inverse transformation on the protection key according to the key recovery file to obtain an initial key, including: 将所述保护密钥乘以所述目标矩阵的逆矩阵,得到的运算结果为初始密钥;或者Multiplying the protection key by an inverse matrix of the target matrix, and the obtained operation result is an initial key; or 在所述变换表中查找对应所述保护密钥的第一输入数据和第二输入数据,得到的所有第一输入数据和第二输入数据为初始密钥。The first input data and the second input data corresponding to the protection key are searched in the conversion table, and all the first input data and the second input data obtained are initial keys. 一种密钥变换装置,包括:A key conversion device includes: 第一获取模块,设置为获取矩阵库中的一目标矩阵,所述目标矩阵为可逆矩阵; a first acquiring module, configured to acquire a target matrix in the matrix library, where the target matrix is an invertible matrix; 保护密钥生成模块,设置为在使用初始密钥对目标文件进行加密后,根据所述目标矩阵对所述初始密钥进行变换,生成保护密钥;a protection key generation module, configured to: after encrypting the target file by using the initial key, transform the initial key according to the target matrix to generate a protection key; 存储模块,设置为将所述保护密钥以及所述保护密钥的密钥恢复文件存储到动态库文件中;其中,所述保护密钥能够通过所述密钥恢复文件逆变换恢复为初始密钥。a storage module, configured to store the protection key and the key recovery file of the protection key into a dynamic library file; wherein the protection key can be restored to an initial density by inverse transformation of the key recovery file key. 根据权利要求11所述的密钥变换装置,其中,所述装置还包括:The key conversion device of claim 11, wherein the device further comprises: 第二获取模块,设置为获取满足第一规则的所有矩阵,得到一矩阵集,所述第一规则是矩阵为N×N的二元矩阵,其中,N为大于等于2的整数;a second acquiring module, configured to acquire all matrices satisfying the first rule, to obtain a matrix set, where the first rule is a binary matrix whose matrix is N×N, where N is an integer greater than or equal to 2; 第三获取模块,设置为在所述矩阵集中获取预设数量的满足第二规则的所有矩阵,得到矩阵库,所述第二规则是矩阵为可逆矩阵。The third obtaining module is configured to obtain a preset number of all matrices satisfying the second rule in the matrix set to obtain a matrix library, where the second rule is that the matrix is a reversible matrix. 根据权利要求11所述的密钥变换装置,其中,所述保护密钥生成模块包括:The key conversion device according to claim 11, wherein the protection key generation module comprises: 第一保护密钥生成子模块,设置为将所述初始密钥乘以所述目标矩阵,得到的运算结果为保护密钥;a first protection key generation submodule, configured to multiply the initial key by the target matrix, and obtain an operation result as a protection key; 第二保护密钥生成子模块,设置为根据所述目标矩阵生成一变换表,在所述变换表中查找所述初始密钥的变换结果,将所述变换结果作为保护密钥。The second protection key generation submodule is configured to generate a conversion table according to the target matrix, search for a transformation result of the initial key in the transformation table, and use the transformation result as a protection key. 根据权利要求13所述的密钥变换装置,其中,所述第二保护密钥生成子模块包括:The key conversion device according to claim 13, wherein the second protection key generation submodule comprises: 第一设置单元,设置为设置第一输入数据和第二输入数据;a first setting unit configured to set the first input data and the second input data; 运算单元,设置为将所述第一输入数据和第二输入数据的组合数据乘以所述目标矩阵,得到所有输出结果;An arithmetic unit configured to multiply the combined data of the first input data and the second input data by the target matrix to obtain all output results; 第一变换表生成单元,设置为根据第一输入数据和第二输入数据的取值和所述输出结果,生成变换表。The first conversion table generating unit is configured to generate a conversion table based on the values of the first input data and the second input data and the output result. 根据权利要求13所述的密钥变换装置,其中,所述第二保护密钥生成子模块包括:The key conversion device according to claim 13, wherein the second protection key generation submodule comprises: 第二设置单元,设置为设置第一输入数据和第二输入数据;a second setting unit configured to set the first input data and the second input data; 第一获取单元,设置为获取第一输入数据为0时,所述第一输入数据和第二输入数据的组合数据乘以所述目标矩阵得到的第一输出结果;a first obtaining unit, configured to acquire, when the first input data is 0, a combination of the first input data and the second input data by a first output result obtained by multiplying the target matrix; 第二获取单元,设置为获取第二输入数据为0时,所述第一输入数据和 第二输入数据的组合数据乘以所述目标矩阵得到的第二输出结果;a second obtaining unit, configured to: when the second input data is 0, the first input data and The combined data of the second input data is multiplied by the second output result obtained by the target matrix; 第二变换表生成单元,设置为根据第一输入数据和第二输入数据的取值和所述第一输出结果或第二输出结果,生成变换表。The second conversion table generating unit is configured to generate a conversion table according to the values of the first input data and the second input data and the first output result or the second output result. 根据权利要求14或15所述的密钥变换装置,其中,所述第一输入数据和所述第二输入数据为十六进制数。The key conversion device according to claim 14 or 15, wherein said first input data and said second input data are hexadecimal numbers. 根据权利要求14或15所述的密钥变换装置,其中,所述第二保护密钥生成子模块还包括:The key conversion device according to claim 14 or 15, wherein the second protection key generation sub-module further comprises: 数据形式变换单元,设置为根据所述第一输入数据和第二输入数据的数据形式,将所述初始密钥进行数据形式的变换,得到变换初始密钥;The data form transformation unit is configured to perform transformation of the initial key into a data form according to the data form of the first input data and the second input data to obtain a transformation initial key; 查找单元,设置为根据所述变换初始密钥,在所述变换表中查找对应的变换结果。The searching unit is configured to search for a corresponding transformation result in the transformation table according to the transformation initial key. 根据权利要求13所述的密钥变换装置,其中,所述密钥恢复文件为所述目标矩阵、所述目标矩阵的逆矩阵或所述目标矩阵的对应的变换表。The key conversion device according to claim 13, wherein the key recovery file is the target matrix, an inverse matrix of the target matrix, or a corresponding conversion table of the target matrix. 一种密钥变换装置,包括:A key conversion device includes: 第二获取模块,设置为获取保存在动态库文件中的密钥恢复文件和保护密钥;a second obtaining module, configured to obtain a key recovery file and a protection key stored in the dynamic library file; 保护密钥逆变换模块,设置为根据所述密钥恢复文件对所述保护密钥进行逆变换,得到初始密钥。The protection key inverse transform module is configured to inverse transform the protection key according to the key recovery file to obtain an initial key. 根据权利要求19所述的密钥变换装置,其中,所述密钥恢复文件为所述目标矩阵、所述目标矩阵的逆矩阵或所述目标矩阵的对应的变换表;The key conversion device according to claim 19, wherein the key recovery file is the target matrix, an inverse matrix of the target matrix, or a corresponding conversion table of the target matrix; 其中,所述保护密钥逆变换模块包括:The protection key inverse transform module includes: 第一初始密钥逆变换子模块,设置为将所述保护密钥乘以所述目标矩阵的逆矩阵,得到的运算结果为初始密钥;a first initial key inverse transform submodule, configured to multiply the protection key by an inverse matrix of the target matrix, and obtain an operation result as an initial key; 第二初始密钥逆变换子模块,设置为在所述变换表中查找对应所述保护密钥的第一输入数据和第二输入数据,得到的所有第一输入数据和第二输入数据为初始密钥。a second initial key inverse transform submodule configured to search for the first input data and the second input data corresponding to the protection key in the conversion table, and obtain all initial input data and second input data as initial Key. 一种终端,包括如权利要求11-18任一项所述的密钥变换装置。A terminal comprising the key conversion device according to any one of claims 11-18. 一种终端,包括如权利要求19或20所述的密钥变换装置。 A terminal comprising the key conversion device according to claim 19 or 20.
PCT/CN2016/083934 2015-07-02 2016-05-30 Key transformation method, apparatus, and terminal Ceased WO2017000726A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510381277.8 2015-07-02
CN201510381277.8A CN106330435A (en) 2015-07-02 2015-07-02 Key transformation method and device, and terminal

Publications (1)

Publication Number Publication Date
WO2017000726A1 true WO2017000726A1 (en) 2017-01-05

Family

ID=57607816

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/083934 Ceased WO2017000726A1 (en) 2015-07-02 2016-05-30 Key transformation method, apparatus, and terminal

Country Status (2)

Country Link
CN (1) CN106330435A (en)
WO (1) WO2017000726A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111544893A (en) * 2020-04-30 2020-08-18 福建天晴在线互动科技有限公司 Reinforcing method and system for preventing code flow from being forged in game
CN111737689A (en) * 2020-06-10 2020-10-02 北京奇艺世纪科技有限公司 Data processing method, processor, electronic device, storage medium, and program product

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107181593A (en) * 2017-06-05 2017-09-19 上海爱信诺航芯电子科技有限公司 A kind of microcontroller object code guard method and system
CN107612683B (en) * 2017-09-30 2020-10-27 上海众人网络安全技术有限公司 An encryption and decryption method, apparatus, system, device and storage medium
CN109818734B (en) * 2017-11-21 2021-07-27 中国移动通信有限公司研究院 A basic key distribution method, device and medium
CN109450881B (en) * 2018-10-26 2019-10-15 天津海泰方圆科技有限公司 A kind of data transmission system, method and device
CN111641636A (en) * 2020-05-28 2020-09-08 中国联合网络通信集团有限公司 Method, system, equipment and storage medium for data security communication of Internet of things
CN113656810B (en) * 2021-07-16 2024-07-12 五八同城信息技术有限公司 Application encryption method and device, electronic equipment and storage medium
CN113613246A (en) * 2021-10-08 2021-11-05 江苏倍斯特物联网技术有限公司 Communication data transmission method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101311942A (en) * 2007-05-23 2008-11-26 西门子(中国)有限公司 Software encryption and decryption method and encryption and decryption device
CN102355350A (en) * 2011-06-30 2012-02-15 北京邮电大学 File encryption method applied for mobile intelligent terminal and system thereof
US20120321074A1 (en) * 2009-07-23 2012-12-20 France Telecom Method for conversion of a first encryption into a second encryption
CN103259643A (en) * 2012-08-14 2013-08-21 苏州大学 Matrix fully homomorphic encryption method
CN104009835A (en) * 2014-05-16 2014-08-27 南京邮电大学 A file encryption and decryption method capable of parallel computing in a cloud storage system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100531032C (en) * 2004-05-13 2009-08-19 华为技术有限公司 Method for storing cipher key

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101311942A (en) * 2007-05-23 2008-11-26 西门子(中国)有限公司 Software encryption and decryption method and encryption and decryption device
US20120321074A1 (en) * 2009-07-23 2012-12-20 France Telecom Method for conversion of a first encryption into a second encryption
CN102355350A (en) * 2011-06-30 2012-02-15 北京邮电大学 File encryption method applied for mobile intelligent terminal and system thereof
CN103259643A (en) * 2012-08-14 2013-08-21 苏州大学 Matrix fully homomorphic encryption method
CN104009835A (en) * 2014-05-16 2014-08-27 南京邮电大学 A file encryption and decryption method capable of parallel computing in a cloud storage system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111544893A (en) * 2020-04-30 2020-08-18 福建天晴在线互动科技有限公司 Reinforcing method and system for preventing code flow from being forged in game
CN111544893B (en) * 2020-04-30 2023-09-01 福建天晴在线互动科技有限公司 Reinforcing method and system for preventing code flow forging based on game
CN111737689A (en) * 2020-06-10 2020-10-02 北京奇艺世纪科技有限公司 Data processing method, processor, electronic device, storage medium, and program product

Also Published As

Publication number Publication date
CN106330435A (en) 2017-01-11

Similar Documents

Publication Publication Date Title
WO2017000726A1 (en) Key transformation method, apparatus, and terminal
US9021269B2 (en) Blind hashing
CA3066678C (en) Processing data queries in a logically sharded data store
US10873450B2 (en) Cryptographic key generation for logically sharded data stores
US9935951B2 (en) Remote blind hashing
US9760737B2 (en) Techniques for integrated circuit data path confidentiality and extensions thereof
Prakash et al. Data encryption and decryption algorithms using key rotations for data security in cloud system
US8767959B2 (en) Block encryption
CN105681039A (en) Method and device for secret key generation and corresponding decryption
CN114928438B (en) Elliptic curve digital signature calculation method and device for resisting memory information leakage attack
CA3065767C (en) Cryptographic key generation for logically sharded data stores
GB2514428A (en) Enabling access to data
JP7256862B2 (en) Secure communication method and system between protected containers
WO2021114850A1 (en) Method and apparatus for encrypting and decrypting and reading and writing messages, computer device, and storage medium
CN111949999A (en) Apparatus and method for managing data
CN105959099A (en) A method for implementing SSR password encryption
CN114765529A (en) Homomorphic encryption storage method and device for distributed data, electronic equipment and computer readable medium
KR102017379B1 (en) A method and apparatus for hash encryption using image vector processing
CN104504310A (en) Method and device for software protection based on shell technology
Yang et al. Achieve thumbnail preserving encryption by sum preserving approaches for images
CN111324897B (en) Image encryption method and device and image decryption method and device
CN117063439A (en) Method and computer-based system for key management
EP4546705A1 (en) System and method for providing keyless encryption and decryption
CN117955636A (en) A highly secure sensitive data access method and system
Rajitha et al. Cryptographic Key Protection in a Cryptoprocessor

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16817090

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16817090

Country of ref document: EP

Kind code of ref document: A1