Large file transmission protection method based on fragment encryption
Technical Field
The invention relates to the technical field of internet data transmission protection, in particular to a large file transmission protection method based on fragment encryption.
Background
The large file transmission protection mainly comprises two aspects, one is protection of the transmission process, and the other is that the large file transmission protection cannot be normally used after being downloaded by an unknown person. For the two aspects, the current large file transmission protection technology mainly has channel-based protection, such as https protocol transmission and file-based protection, that is, transmission after complete encryption or shell adding is performed on a file. Both techniques suffer from significant drawbacks.
The encryption mode based on channel protection only protects the file from being stolen in the transmission process, but has no way to ensure whether the file is used by an unauthorized person after the transmission is finished. In addition, this method is equivalent to encrypting all the contents transmitted through the channel, and therefore inevitably affects the file transmission speed.
The file is protected based on a full-text encryption and shell adding mode, so that the safety of the file can be effectively protected, the file is transmitted and transmitted after the file is transmitted and transmitted, and the file does not need to be transmitted through an encryption channel. But as files are now larger and larger, especially some files may reach dozens of hundreds of GB, the full encryption processing is performed on the file. One is that the encryption time is long, and the other is that the file can be used only after being decrypted after being acquired, so that the processing is time-consuming for both the user and the content publisher.
Disclosure of Invention
The invention mainly aims to overcome the defects in the prior art and provide a large file transmission protection technology based on fragment encryption. In order to solve the technical problem, the solution of the invention is as follows:
the large file transmission protection method based on fragment encryption comprises the following steps:
step (1): the method comprises the following steps of carrying out fragment encryption operation before transmission and protecting a large file, and specifically comprises the following substeps:
step A: acquiring the file size of a large file, wherein bytes are taken as a statistical unit;
and B: according to the size of the file obtained in the step A, splitting the large file by a certain splitting unit (50,000,000 bytes are used as the splitting unit), and if the size of the last part of fragments is not enough than the size of the splitting unit, directly and independently forming one part of fragments to obtain the fragments formed by splitting the large file;
and C: according to the splitting result in the step B, calculating the position and the length of the split fragments of the splitting result, namely, obtaining a fragment position (randomly obtaining a position from 0 to 48,000,000 bytes) from the first fragment, and then randomly taking a value as the length of the fragment within the range of 1 to 2 percent of the length of the splitting unit; sequentially acquiring the fragment positions and the fragment lengths of all the fragments in the splitting result in the step B;
step D: c, extracting fragment data with corresponding positions and lengths from the large file according to the calculation result of the step C, and filling random data with the same length as the fragment data in the corresponding positions of the large file;
step E: d, splicing all the fragment data extracted in the step D together, and then carrying out encryption processing (adopting a DES encryption algorithm) to form a fragment encryption result;
step F: combining the fragment encryption result obtained in the step E with the large file which is obtained in the step D and filled with the random data to form a final result file;
step G: transmitting the final result file obtained in the step F;
step (2): after the transmission is finished, the fragment decryption operation is carried out, and the large file is decrypted for use, and the method specifically comprises the following substeps:
step H: acquiring a transmitted encrypted file;
step I: splitting the encrypted file obtained in the step H to obtain a fragment encryption result and a large file filled with random data;
step J: decrypting the fragment encryption result obtained in the step I to obtain the positions of all fragments and related fragment data;
step K: and D, according to the fragment data and the position obtained in the step J, carrying out reduction processing on the large file which is obtained in the step I and filled with the random data, wherein the reduction result is the required original file.
In the present invention, the method for splicing the fragment data in step E specifically includes the following steps:
step a: d, splicing all the fragment positions and corresponding information obtained in the step D in pairs according to the positions and the information, wherein the middle part is that the fragment positions and the corresponding information are used as separators to be separated, and obtaining fragment pairs of fragment positions and corresponding fragment information combinations; each fragment pair is a fragment pair character string of 'fragment position: fragment information';
step b: splicing all the spliced fragment pairs obtained in the step a, and separating the spliced fragment pairs by using the fragment position as a separator to obtain a fragment pair combined character string (namely, a result of 'fragment position: fragment information: fragment position: fragment information' is finally formed, wherein only three fragment pairs are exemplified here, and the real result is related to the number of the specific fragment pairs);
step c: and c, encrypting the combined character string of the fragments obtained in the step b (by adopting a DES encryption algorithm) to form fragment encryption results.
In the present invention, in the step F, the method for merging the fragment encryption result and the large file filled with the random data specifically includes the following steps:
step d: calculating the length of the fragment encryption result formed in the step E;
step e: saving the fragment encryption result length obtained in the step d by 64 bytes;
step f: splicing the 64-byte fragment encryption result length information generated in the step e to the tail part of the fragment encryption result to form a complete information block of the fragment encryption result;
step g: and f, splicing the complete information block of the fragment encryption result generated in the step f to the tail part of the large file filled with the random data to form a final result file.
In the present invention, in the step I, the method for splitting the encrypted file specifically includes: intercepting the last 64 bytes of the encrypted file to obtain the length of a fragment encryption result; and h, intercepting the fragment encryption result from the tail part of the encryption file of which the last 64 bytes are intercepted in the step h, wherein the residual file of which the fragment encryption result is intercepted is the large file which is filled with random data.
In the present invention, the step J is specifically realized by the following steps:
step h: c, decrypting the fragment encryption result by using the key which is the same as the encryption processing in the step c to obtain a decryption result;
step i: separating the decryption result according to the fragment position, the fragment information and the fragment pair;
step j: and (e) separating all the fragment pairs obtained in the step i according to the ":" in the fragment pairs, and splitting the fragment positions and the fragment information.
In the present invention, the step K is specifically realized by the following steps:
step k: according to the fragment positions obtained in the step J, finding corresponding fragment positions in the large file filled with random data;
step l: filling the fragment information corresponding to the fragment position into the fragment position found in the step k;
step m: repeating the step k and the step l until the same processing is carried out on all the fragment positions and the fragment information obtained in the step J;
step n: and (5) after the step m is completed, restoring the original large file.
Compared with the prior art, the invention has the beneficial effects that:
1. compared with a channel-based protection method, the method has the advantages that not only is encryption protection carried out in the transmission process, but also the protection effect is achieved after the file is received, and the method can be normally used only after the file is normally decrypted; meanwhile, encryption is not needed in the transmission process, and the transmission performance is also obviously improved.
2. Compared with the method for encrypting and enclosuring the full file, the method has the advantages that the time for encrypting before transmission and decrypting after receiving the file is obviously reduced, so that the method can be more efficiently used, and the time waste in the two processes is reduced.
Drawings
FIG. 1 is a flow diagram of fragmenting encryption of a large file prior to transmission.
Fig. 2 is a flow chart of fragment decryption of a file after receiving the file.
Detailed Description
The invention relates to a large file transmission protection technology, and is an application of a computer technology in the technical field of internet. In the implementation process of the invention, the application of a plurality of software functional modules is involved. The applicant believes that the skilled person will be fully enabled to implement the invention by applying his own software programming skills in conjunction with the prior art after perusal of the application documents and an accurate understanding of the principles of implementation and the objects of the invention, which are not listed again by the applicant whenever the application documents of the invention are referred to in this category.
The invention is described in further detail below with reference to the following detailed description and accompanying drawings:
a large file transmission protection method based on fragment encryption is characterized in that a fragment encryption operation is carried out before transmission to protect a large file, and a fragment decryption operation is carried out after transmission to decrypt the large file.
First, as shown in fig. 1, a file is fragmented and encrypted before transmission, specifically as follows:
step A: and acquiring the file size of the large file, wherein bytes are taken as a statistical unit.
And B: according to the file size obtained in the step A, the length of the file is equally divided by taking 50,000,000 bytes as a splitting unit, and if the last part is not equally divided, the file is directly and independently divided into one part.
And C: and C, according to the splitting result in the step B, calculating the fragment position and the fragment length of each splitting result. The positions of the fragments are obtained from the first part, a position is randomly obtained from bytes 0 to 48,000,000, and a fragment length is randomly obtained according to the range of 1% to 2% of the unit length. And C, sequentially acquiring all the splitting results of the step B, and performing the above calculation to acquire corresponding fragment positions and fragment lengths.
Step D: and C, extracting fragment data with corresponding positions and lengths from the large file according to the calculation result of C, and filling random data with the same length as the fragment data in the corresponding positions of the large file.
Step E: and D, performing DES encryption processing on the result obtained in the step D after all the fragments are spliced together to form a fragment encryption result.
The splicing method of the fragment information and the position specifically comprises the following steps:
step a: and D, splicing all the fragment positions and corresponding information obtained in the step D in pairs by using the positions and the information, and separating by using the position as a separator. Finally, each fragment pair forms a fragment pair string of "fragment location:: fragment information". The pair of fragments is a combination of fragment position and corresponding fragment information.
Step b: and c, splicing all the spliced fragment pairs obtained in the step a, and separating by taking the obtained result as a separator. The result of "fragment position:: fragment information:: fragment position:: fragment information" is finally formed, here only three are listed, the true result being related to the specific number of pairs of fragments.
Step c: and D, performing DES encryption on the combined character string of the fragments in the step b to form fragment encryption results.
Step F: and D, combining the fragment encryption result obtained by the processing in the step D with the large file filled with the random data to form a final result file. And D, replacing the fragment information of the corresponding fragment position with the random data in the step D.
The method for combining the fragment encryption result and the large file filled with the random data specifically comprises the following steps:
step d: the length of the fragmentation encryption result formed by step E is calculated.
Step e: and d, using 64 bytes to store the fragment encryption result length obtained in the step d.
Step f: and e, splicing the 64-byte fragment encryption result length information generated in the step e to the tail part of the fragment encryption result to form a fragment encryption result complete information block.
Step g: and f, splicing the complete information block of the fragment encryption result generated in the step f to the tail part of the large file filled with the random data to form a final result file.
Step G: and F, transmitting the file processed in the step F.
Then, as shown in fig. 2, fragment decryption is performed after the file is received, specifically as follows:
step H: and acquiring the transmitted encrypted file.
Step I: and D, splitting the encrypted file obtained in the step H, and obtaining a fragment encryption result and a large file filled with random data. The concrete implementation is as follows:
step h: the last 64 bytes are intercepted from the file retrieved in step H.
Step i: and h, acquiring the fragment encryption result length according to the 64 bytes acquired in the step h.
Step j: and according to the fragment encryption result length obtained in the step i, intercepting the fragment encryption result from the tail part of the file of which the last 64 bytes are intercepted in the step h.
Step k: and f, intercepting the fragment encryption result through the step j to obtain a large file filled with random data.
Step J: and D, decrypting the fragment encryption result obtained in the step I, and obtaining the positions of all fragments and related fragment data. The concrete implementation is as follows:
step l: and c, decrypting the fragment encryption result by using the same key as the DES encryption in the step c.
Step m: and (c) separating the decryption result of the step (l) in the formula (I) to form a fragment pair with a fragment position formula (fragment information) structure.
Step n: and c, separating and splitting all the fragment pairs in the step m into fragment positions and fragment information.
Step K: and D, restoring the large file which is filled with the random data and acquired in the step I according to the fragment data and the position acquired in the step J. The concrete implementation is as follows:
step o: and D, finding the corresponding fragment position in the large file filled with the random data according to the fragment position acquired in the step J.
Step p: the fragment location found in step o populates the location with corresponding fragment information.
Step q: and repeating the step o and the step p to perform the same processing on all the fragment positions and the fragment information acquired in the step J.
Step r: and (5) restoring the original large file after the step q is completed.
Step L: and the result of the reduction in the step K is the final original file.
Finally, it should be noted that the above-mentioned list is only a specific embodiment of the present invention. It is obvious that the present invention is not limited to the above embodiments, but many variations are possible. All modifications which can be derived or suggested by a person skilled in the art from the disclosure of the present invention are to be considered within the scope of the invention.