CN109934017A - Check information generates and file integrality method of calibration, system, equipment and medium - Google Patents
Check information generates and file integrality method of calibration, system, equipment and medium Download PDFInfo
- Publication number
- CN109934017A CN109934017A CN201910183536.4A CN201910183536A CN109934017A CN 109934017 A CN109934017 A CN 109934017A CN 201910183536 A CN201910183536 A CN 201910183536A CN 109934017 A CN109934017 A CN 109934017A
- Authority
- CN
- China
- Prior art keywords
- file
- hash
- check information
- value
- secret value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of generation of check information and file integrality method of calibration, system, equipment and media, the file integrality method of calibration includes: the check information for obtaining the application file, and the check information includes the first secret value of file to be verified;Obtain file to be verified;Hash operation is executed to the file to be verified, obtains Hash Value;The Hash Value is encrypted using key, obtains the second secret value;Compare first secret value and second secret value, if it is inconsistent, verification failure.By using the present invention, completeness check is carried out to application program using hash operation and key encryption, by secondary encryption mechanism, dramatically promotes the safety and stability of application program.
Description
Technical field
The present invention relates to file verification technical field more particularly to a kind of check information generates and file integrality verification side
Method, system, equipment and medium.
Background technique
The completeness check of application file is usually applied to safety and the higher occasion of stability requirement.If answered
With the file of program by after virus or wooden horse infection, some malicious codes are implanted, it may be to user's important information (as propped up
Pay password etc.) or system cause to seriously affect safely;Therefore after program file is infected or distorts, user is notified in time
Program file destroys and execute program can not, can realize the self detecting function of software to avoid above-mentioned heavy losses.
However, integrity checking method in the prior art, security level is often very low, is easy to be cracked, not be available
The integrity checking of more demanding application file with security classification, such as require the national dependent part for reaching state's Data Encryption Standard
Door, they require the application program of installation that can detect Virus entry with the algorithm of safety.In addition, for bank or security class
Application program, if the encryption of application program is cracked, critical file there is by wooden horse replace possibility, to cause to use
The major hidden danger of family information leakage.
Summary of the invention
For the problems of the prior art, the purpose of the present invention is to provide a kind of generation of check information and file integralities
Method of calibration, system, equipment and medium carry out completeness check to application program using hash operation and key encryption, to mention
Rise the safety of application file.
The embodiment of the present invention provides a kind of check information generation method, for generating the check information of application file,
Described method includes following steps:
For generating the check information of application file, described method includes following steps:
Obtain file to be processed;
Hash operation is executed to the file to be processed, obtains Hash Value;
The Hash Value is encrypted using key, the secret value of the Hash Value is obtained, as the application file
Check information.
Optionally, described that hash operation is executed to the file to be processed, including being executed to the file to be processed
SM3 hash operation.
Optionally, described to obtain Hash Value and encrypted between the Hash Value using key, further include following steps:
The Hash Value is converted into the character string of TCHAR type.
Optionally, the application file includes multiple subfiles, described to obtain application file to be processed, packet
The multiple subfiles for obtaining the application file are included, and successively using each subfile as file to be processed;
After the secret value for obtaining the Hash Value of each subfile, using the secret value of each subfile as the application program
The check information of file.
The embodiment of the present invention also provides a kind of file integrality method of calibration, for the complete of verification Application program file
Property, described method includes following steps:
It obtains the check information of the application file and obtains file to be verified, the check information includes to school
First secret value of the file tested;
Hash operation is executed to the file to be verified, obtains Hash Value;
The Hash Value is encrypted using key, obtains the second secret value;
Compare first secret value and second secret value, if it is inconsistent, verification failure.
Optionally, described that hash operation is executed to the file to be verified, including being executed to the file to be verified
SM3 hash operation.
Optionally, described to obtain Hash Value and encrypted between the Hash Value using key, further include following steps:
The Hash Value is converted into the character string of TCHAR type.
Optionally, the application file includes multiple subfiles, and the check information of the application file includes
First secret value of each subfile;
It is described to obtain file to be verified, including obtain each subfile, and successively using each subfile as described in
The file of verification;
Successively the first secret value and the second secret value of more each subfile, if the first secret value of a subfile and
Second secret value is inconsistent, then verifies failure.
The embodiment of the present invention also provides a kind of file integrality check system, applied to the file integrality verification side
Method, the system comprises:
File acquisition module, for obtaining the check information of the application file and obtaining file to be verified,
The check information includes the first secret value of file to be verified;
Hash computing module obtains Hash Value for executing hash operation to the file to be verified;
File encryption module obtains the second secret value for encrypting the Hash Value using key;
File verification module is used for first secret value and second secret value, if it is inconsistent, verification
Failure.
The embodiment of the present invention also provides a kind of file integrality calibration equipment, comprising:
Processor;
Memory, wherein being stored with the executable instruction of the processor;
Wherein, the processor is configured to carry out the file integrality method of calibration via the execution executable instruction
The step of.
The embodiment of the present invention also provides a kind of computer readable storage medium, and for storing program, described program is performed
Described in Shi Shixian the step of file integrality method of calibration.
Check information provided by the present invention generates and file integrality method of calibration, system, equipment and medium, use are miscellaneous
It gathers operation and key encryption carries out completeness check to application program, can effectively detect virus to the implantation of file or usurp
Change, or after accidentally deleting after other modifications of program file necessary to application program executes, also can detecte out, prompt user
Reinstall program;By secondary encryption mechanism, virus also can be effectively prevented or after wooden horse tampers with a document, regeneration is distorted
The case where Hash Value write-in verification file of file afterwards is to skip check problem, dramatically promotes the peace of application program
Full property and stability.
Detailed description of the invention
Upon reading the detailed description of non-limiting embodiments with reference to the following drawings, other feature of the invention,
Objects and advantages will become more apparent upon.
Fig. 1 is the flow chart of the check information generation method of one embodiment of the invention;
Fig. 2 is the flow chart of the file integrality method of calibration of one embodiment of the invention;
Fig. 3 is the flow chart of the check information generation method of a specific example of the invention;
Fig. 4 is the flow chart of the file integrality method of calibration of a specific example of the invention;
Fig. 5 is the flow chart of SM3 hash algorithm;
Fig. 6 is the flow chart that compression function handles message blocks;
Fig. 7 is the flow chart for calculating median word register;
Fig. 8 is the schematic diagram for updating each register;
Fig. 9 is the structural schematic diagram of the file integrality check system of one embodiment of the invention;
Figure 10 is the structural schematic diagram of the file integrality calibration equipment of one embodiment of the invention;
Figure 11 is the structural schematic diagram of the computer storage medium of one embodiment of the invention.
Specific embodiment
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be with a variety of shapes
Formula is implemented, and is not understood as limited to embodiment set forth herein;On the contrary, thesing embodiments are provided so that the present invention will
Fully and completely, and by the design of example embodiment comprehensively it is communicated to those skilled in the art.It is identical attached in figure
Icon note indicates same or similar structure, thus will omit repetition thereof.
As shown in Figure 1, the embodiment of the present invention provides a kind of check information generation method, for generating application file
Check information, described method includes following steps:
S110: file to be processed is obtained;
S120: hash operation is executed to the file to be processed, obtains Hash Value;
S130: encrypting the Hash Value using key, obtain the secret value of the Hash Value, as the application program text
The check information of part, when encryption, used key can be the private key in asymmetric key, be also possible to symmetric key.
Therefore, the present invention carries out hash operation to file by step S120 first, then leads to when generating check information
Step S130 encryption hash value is crossed, obtains secret value, the check information as application file.Pass through hash operation and key
Encryption forms secondary encryption mechanism, and application file can be effectively prevented and be maliciously tampered, to improve application file
Safety.
As shown in Fig. 2, the embodiment of the present invention also provides a kind of file integrality method of calibration, for verification Application program text
The integrality of part, described method includes following steps:
S210: obtaining the check information of the application file and obtains file to be verified, the check information packet
The first secret value of file to be verified is included, wherein check information is to use check information generation method as shown in Figure 1
Obtained check information, the first secret value are to be obtained in check information generation phase using above-mentioned steps S120 and S130
The secret value of Hash Value;
S220: hash operation is executed to the file to be verified, obtains Hash Value, the algorithm types of hash operation depend on
The algorithm types that the first secret value is used in hash operation in check information;
S230: encrypting the Hash Value using key, obtains the second secret value, and when encryption, used key can be not
Private key in symmetric key, is also possible to symmetric key, and the type and content of specific key add depending in check information first
The encryption key type and content of close value;
S240: first secret value and second secret value;
S250: if consistent, success is verified;
S260: if it is inconsistent, verification failure.
Therefore, the present invention carries out completeness check to application program using hash operation and key encryption, can be effectively
Virus is detected to the implantation of file or is distorted, or accidentally deletes file necessary to application program executes after other modifications of program
Afterwards, it also can detecte out, user prompted to reinstall program.The secondary encryption mechanism encrypted by hash operation and key,
Also virus can be effectively prevented or after wooden horse tampers with a document, regeneration distort after file Hash Value write-in verification file from
And the case where skipping check problem, dramatically promote the safety and stability of application program.
Safety check is carried out to file in the prior art, (Cyclic Redundancy Check, is followed the most commonly used is CRC
Ring redundancy check) and MD5 (Message-Digest Algorithm, Message Digest 5).However, CRC check is without encryption, peace
Congruent grade is very low.MD5 had certain secret grade using Message Digest 5, but in 2005, Chinese Wang little Yun professor
The collision attack method of MD5 algorithm is given, makes MD5 algorithm that can be cracked on common computer, so that MD5 algorithm is also no longer
Safety, MD5 algorithm is also no longer appropriate for the integrity checking of the application file more demanding for security classification, such as requires
Reach the national correlation department of state's Data Encryption Standard, they require the application program of installation that can invade with the algorithm of safety detection virus
Enter.Also just like bank or the application program of security class, if carrying out file integrality verification using MD5 algorithm, there is also MD5
It is cracked, the possibility that critical file is replaced by wooden horse, thus the major hidden danger for causing user information to reveal.
In this embodiment, the step S120 executes hash operation and step S230 to the file to be processed
In, hash operation is executed to the file to be verified, including executing the operation of SM3 hash to the file to be processed.
SM3 cryptographic Hash algorithm is that the Chinese commercial cipher hash that Chinese international cryptography management board announced in 2010 is calculated
Method, digital signature and verifying of the SM3 algorithm suitable for commercial cipher application, are one that realization is improved on the basis of SHA-256
Kind algorithm, the design of SM3 algorithm is more complicated, for example each round of compression function all uses 2 message words, message expanding course
Each round all use 5 message words etc..The localized bumps of high probability can be effectively prevented from, effective resistance strong collision
The cryptanalysises means such as difference analysis, the linear analysis of collision property and bit back tracking method.SM3 algorithm uses Merkle-Damgard
Structure, message block length are 256 bits, and output Hash Value length is 256, and much higher than 128 of MD5, security level is very
It is high;There are no be cracked so far.
Preferably, the step S120 obtains Hash Value and step S130 using between the key encryption Hash Value, goes back
Include the steps that the character string that the Hash Value is converted into TCHAR type.
Accordingly, the step S230 obtains Hash Value and step S240 using between the key encryption Hash Value, goes back
Include the steps that the character string that the Hash Value is converted into TCHAR type.
In this embodiment, the application file includes multiple subfiles, in the step S110, is obtained to be processed
Application file, multiple subfiles including obtaining the application file, and successively will each subfile work
For file to be processed;
In step S120, the Hash Value of each subfile is successively calculated;
In step S130, the secret value of each subfile is successively calculated, in the encryption for the Hash Value for obtaining each subfile
After value, using the secret value of each subfile as the check information of the application file.
Accordingly, file to be verified is obtained in the step S210, including obtains each subfile, and successively will be each
Subfile is as the file to be verified;
In the step S220 and S230, the Hash Value and the second secret value of each subfile, step S240 are successively calculated
In successively more each subfile the first secret value and the second secret value, if the first secret value of a subfile and second plus
It is close value it is inconsistent, then verify failure, if the first secret value and the second secret value of all subfiles are consistent, verification at
Function.
As shown in figure 3, the flow chart of the check information generation method for a specific example.
Corresponding to above-mentioned steps S110, the configuration file of application program is obtained, a Ziwen is obtained from application file
Part judges whether current file reaches the file path end of configuration file record as file to be processed;
If reaching file path end, illustrates that the check information of application file all generates and finish, then tie
Beam current process.
If not reaching file path end, correspond to above-mentioned steps S120, the operation of SM3 hash is carried out to file, is sentenced
It is disconnected whether SM3 Hash Value to be got from file;
If SM3 Hash Value cannot be obtained, error message is written in log, then inquires next file path,
Continue step S110;
If SM3 Hash Value can be obtained, since SM3 Hash Value is 16 binary values, numeric type data cannot be deposited directly
Storage is in file medium, so also needing for SM3 Hash Value to be converted into the character string of 16 systems, since the character string of 16 systems is
Single-byte character string, and text file is stored using TCHAR double-byte encodings, so needing to convert the character string of 16 systems
At TCHAR two-octet type character string;
Above-mentioned steps S130 is then corresponded to, character string is obtained into secret value using private key encryption, school is written into secret value
It tests in information, then inquires next file path, then proceed to step S110, until all files handle completion.
As shown in figure 4, the flow chart of the file integrality method of calibration for a specific example.
Firstly, corresponding to step S210, application checks file and file to be verified are obtained, judges that current file is
The no file path end for reaching configuration file record;
If current file reaches the file path end of configuration file record, illustrate that all files are all verified into
Function, software start successfully, terminate current process;
If current file does not reach the file path end of configuration file record, correspond to above-mentioned steps S220, it is right
File to be verified carries out the operation of SM3 hash, judges whether the SM3 Hash Value that can obtain current file;
If cannot obtain, user's error message, verification failure are prompted, software starting failure terminates current process;
If SM3 hash operation can be obtained, since the first secret value in check information is the Hash Value of TCHAR type
Secret value, it is therefore desirable to obtained SM3 Hash Value be converted into the character string of 16 systems, then the character string of 16 systems is converted into
The character string of TCHAR type;
Corresponding to above-mentioned steps S230, character string progress private key encryption is obtained into the second secret value;
Corresponding to above-mentioned steps S240, corresponding first secret value of this document is obtained first from check information, judgement takes
Whether the first secret value out is empty;
If it is sky, user's error message, verification failure are prompted, software starting failure terminates current process;
If not for sky, whether the first secret value and the second secret value for comparing taking-up are consistent;
If consistent, continue to inquire next file path, then proceed to step S210, until All Files verify at
Function, then application file verifies successfully, that is, corresponds to step S250;
If inconsistent, illustrate that application file has been tampered, then correspond to step S260, prompts user's mistake letter
Breath, verification failure, software starting failure terminate current process, should reinstall application program.
SM3 hash algorithm is specifically introduced below with reference to Fig. 5~Fig. 8.
As shown in figure 5, entire SM3 hash algorithm process includes 3 message filling, piecemeal, Iteration Contraction steps.Wherein,
Input is (l < 2 length l64) message x, export the Hash Value y for 256-bit.Filling: " 1 "+k-bit (0)+64-bit, k symbol
Close the minimum nonnegative integer of 1+1+k=488mod512.B0,B1,...Bn-1For the piecemeal (total n block) of message after filling, message
Block size is 512-bit, and CF is compression function, V0,V1,...VnFor each message blocks Iteration Contraction as a result, size is 256-bit,
Finally obtained message Hash Value is y=Vn。
Compression function may be expressed as:
Vi+1=CF (Vi,Bi), i=0 ... n-1, V0=IV
IV=7380166f4914b2b9172442d7da8a0600a96f30bc163138aae38de e4db0fb0e4e
Assuming that compression function handles BiA message blocks, process are as shown in Figure 6.
Wherein, ABCDEFGH is word register, and length 32-bit, j are iteration wheel number, and TT1, TT2 are that median word is posted
Storage.
It can be seen that compression function shares 64 wheel iteration, ABCDEFGH register value is initialized as previous message blocks Bi-1
Compression result Vi。
Block extension of message refers to BiIt is extended to 132 words: W0,W1,...W67,W'0,W'1,...W'63, process is as follows:
W0,...W15: block block is divided into 16 words;
Wherein,< < < refers to circulation bitwise shift left.
As shown in fig. 7, to calculate the flow chart of median TT1 and TT2.
Wherein,
X, Y, Z are word, and ∧ is and operation, and ∨ is or operation,For inverse,For XOR operation.
SS1←((A<<12)+E+(Tj<<j))<<7
TT1←FFj(A,B,C)+D+SS2+W'j
TT2←GGj(E,F,G)+H+SS1+Wj
After the TT1 of calculating, the centre TT2, as shown in figure 8, successively updating each register.
Wherein,
As shown in figure 9, the embodiment of the present invention also provides a kind of file integrality check system, it is complete applied to the file
Whole property method of calibration, the system comprises:
File acquisition module M100, for obtaining the check information of the application file and obtaining text to be verified
Part, the check information include the first secret value of file to be verified;
Hash computing module M200 obtains Hash Value for executing hash operation to the file to be verified;
File encryption module M300 obtains the second secret value for encrypting the Hash Value using key;
File verification module M400 is used for first secret value and second secret value, if it is inconsistent,
Verification failure.
The embodiment of the present invention also provides a kind of file integrality calibration equipment, including processor;Memory, wherein being stored with
The executable instruction of the processor;Wherein, the processor is configured to execute via the executable instruction is executed described
File integrality method of calibration the step of.
Person of ordinary skill in the field it is understood that various aspects of the invention can be implemented as system, method or
Program product.Therefore, various aspects of the invention can be embodied in the following forms, it may be assumed that complete hardware embodiment, complete
The embodiment combined in terms of full Software Implementation (including firmware, microcode etc.) or hardware and software, can unite here
Referred to as circuit, " module " or " system ".
The electronic equipment 600 of this embodiment according to the present invention is described referring to Fig. 9.The electronics that Fig. 9 is shown
Equipment 600 is only an example, should not function to the embodiment of the present invention and use scope bring any restrictions.
As shown in Figure 10, electronic equipment 600 is showed in the form of universal computing device.The component of electronic equipment 600 can be with
Including but not limited to: at least one processing unit 610, at least one storage unit 620, the different system components of connection (including are deposited
Storage unit 620 and processing unit 610) bus 630, display unit 640 etc..
Wherein, the storage unit is stored with program code, and said program code can be held by the processing unit 610
Row, so that the processing unit 610 executes described in this specification above-mentioned electronic prescription circulation processing method part according to this
The step of inventing various illustrative embodiments.For example, the processing unit 610 can execute step as shown in Figure 2.
The storage unit 620 may include the readable medium of volatile memory cell form, such as random access memory
Unit (RAM) 6201 and/or cache memory unit 6202 can further include read-only memory unit (ROM) 6203.
The storage unit 620 can also include program/practical work with one group of (at least one) program module 6205
Tool 6204, such program module 6205 includes but is not limited to: operating system, one or more application program, other programs
It may include the realization of network environment in module and program data, each of these examples or certain combination.
Bus 630 can be to indicate one of a few class bus structures or a variety of, including storage unit bus or storage
Cell controller, peripheral bus, graphics acceleration port, processing unit use any bus structures in a variety of bus structures
Local bus.
Electronic equipment 600 can also be with one or more external equipments 700 (such as keyboard, sensing equipment, bluetooth equipment
Deng) communication, can also be enabled a user to one or more equipment interact with the electronic equipment 600 communicate, and/or with make
Any equipment (such as the router, modulation /demodulation that the electronic equipment 600 can be communicated with one or more of the other calculating equipment
Device etc.) communication.This communication can be carried out by input/output (I/O) interface 650.Also, electronic equipment 600 can be with
By network adapter 660 and one or more network (such as local area network (LAN), wide area network (WAN) and/or public network,
Such as internet) communication.Network adapter 660 can be communicated by bus 630 with other modules of electronic equipment 600.It should
Understand, although not shown in the drawings, other hardware and/or software module can be used in conjunction with electronic equipment 600, including but unlimited
In: microcode, device driver, redundant processing unit, external disk drive array, RAID system, tape drive and number
According to backup storage system etc..
The embodiment of the present invention also provides a kind of computer readable storage medium, and for storing program, described program is performed
Described in Shi Shixian the step of file integrality method of calibration.In some possible embodiments, various aspects of the invention
It is also implemented as a kind of form of program product comprising program code, when described program product is run on the terminal device
When, said program code is retouched for executing the terminal device in this specification above-mentioned electronic prescription circulation processing method part
The step of various illustrative embodiments according to the present invention stated.
With reference to shown in Figure 11, describe embodiment according to the present invention for realizing above-mentioned check information generation method
Program product 800, can be using portable compact disc read only memory (CD-ROM) and including program code, and can be
It is run on terminal device, such as PC.However, program product of the invention is without being limited thereto, and in this document, readable storage
Medium can be any tangible medium for including or store program, which can be commanded execution system, device or device
Using or it is in connection.
Described program product can be using any combination of one or more readable mediums.Readable medium can be readable letter
Number medium or readable storage medium storing program for executing.Readable storage medium storing program for executing for example can be but be not limited to electricity, magnetic, optical, electromagnetic, infrared ray or
System, device or the device of semiconductor, or any above combination.The more specific example of readable storage medium storing program for executing is (non exhaustive
List) include: electrical connection with one or more conducting wires, portable disc, hard disk, random access memory (RAM), read-only
Memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc read only memory
(CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.
The computer readable storage medium may include in a base band or the data as the propagation of carrier wave a part are believed
Number, wherein carrying readable program code.The data-signal of this propagation can take various forms, including but not limited to electromagnetism
Signal, optical signal or above-mentioned any appropriate combination.Readable storage medium storing program for executing can also be any other than readable storage medium storing program for executing
Readable medium, the readable medium can send, propagate or transmit for by instruction execution system, device or device use or
Person's program in connection.The program code for including on readable storage medium storing program for executing can transmit with any suitable medium, packet
Include but be not limited to wireless, wired, optical cable, RF etc. or above-mentioned any appropriate combination.
The program for executing operation of the present invention can be write with any combination of one or more programming languages
Code, described program design language include object oriented program language-Java, C++ etc., further include conventional
Procedural programming language-such as " C " language or similar programming language.Program code can be fully in user
It calculates and executes in equipment, partly executes on a user device, being executed as an independent software package, partially in user's calculating
Upper side point is executed on a remote computing or is executed in remote computing device or server completely.It is being related to far
Journey calculates in the situation of equipment, and remote computing device can pass through the network of any kind, including local area network (LAN) or wide area network
(WAN), it is connected to user calculating equipment, or, it may be connected to external computing device (such as utilize ISP
To be connected by internet).
In conclusion compared with prior art, check information provided by the present invention generates and file integrality verification side
Method, system, equipment and storage medium have the advantage that
Check information provided by the present invention generates and file integrality method of calibration, system, equipment and medium, use are miscellaneous
It gathers operation and key encryption carries out completeness check to application program, can effectively detect virus to the implantation of file or usurp
Change, or after accidentally deleting after other modifications of program file necessary to application program executes, also can detecte out, prompt user
Reinstall program;By secondary encryption mechanism, virus also can be effectively prevented or after wooden horse tampers with a document, regeneration is distorted
The case where Hash Value write-in verification file of file afterwards is to skip check problem, dramatically promotes the peace of application program
Full property and stability.
The above content is a further detailed description of the present invention in conjunction with specific preferred embodiments, and it cannot be said that
Specific implementation of the invention is only limited to these instructions.For those of ordinary skill in the art to which the present invention belongs, exist
Under the premise of not departing from present inventive concept, a number of simple deductions or replacements can also be made, all shall be regarded as belonging to of the invention
Protection scope.
Claims (10)
1. a kind of check information generation method, which is characterized in that for generating the check information of application file, the method
Include the following steps:
Obtain file to be processed;
Hash operation is executed to the file to be processed, obtains Hash Value;
The Hash Value is encrypted using key, obtains the secret value of the Hash Value, the verification as the application file
Information.
2. check information generation method according to claim 1, which is characterized in that described to be held to the file to be processed
Row hash operation, including executing the operation of SM3 hash to the file to be processed.
3. check information generation method according to claim 1, which is characterized in that described to obtain Hash Value and using key
It encrypts between the Hash Value, further includes following steps:
The Hash Value is converted into the character string of TCHAR type.
4. check information generation method according to claim 1, which is characterized in that the application file includes multiple
Subfile, described to obtain application file to be processed, multiple subfiles including obtaining the application file, and according to
It is secondary using each subfile as file to be processed;
After the secret value for obtaining the Hash Value of each subfile, using the secret value of each subfile as the application file
Check information.
5. a kind of file integrality method of calibration, which is characterized in that for the integrality of verification Application program file, the method
Include the following steps:
It obtains the check information of the application file and obtains file to be verified, the check information includes to be verified
First secret value of file;
Hash operation is executed to the file to be verified, obtains Hash Value;
The Hash Value is encrypted using key, obtains the second secret value;
Compare first secret value and second secret value, if it is inconsistent, verification failure.
6. file integrality method of calibration according to claim 5, which is characterized in that described to obtain Hash Value and using close
Key encrypts between the Hash Value, further includes following steps:
The Hash Value is converted into the character string of TCHAR type.
7. file integrality method of calibration according to claim 5, which is characterized in that the application file includes more
A subfile, the check information of the application file include the first secret value of each subfile;
It is described to obtain file to be verified, including each subfile is obtained, and successively using each subfile as described to be verified
File;
Successively the first secret value and the second secret value of more each subfile, if the first secret value of a subfile and second
Secret value is inconsistent, then verifies failure.
8. a kind of file integrality check system, which is characterized in that applied to file described in any one of claim 5 to 7
Integrity checking method, the system comprises:
File acquisition module, it is described for obtaining the check information of the application file and obtaining file to be verified
Check information includes the first secret value of file to be verified;
Hash computing module obtains Hash Value for executing hash operation to the file to be verified;
File encryption module obtains the second secret value for encrypting the Hash Value using key;
File verification module is used for first secret value and second secret value, if it is inconsistent, verification is lost
It loses.
9. a kind of file integrality calibration equipment characterized by comprising
Processor;
Memory, wherein being stored with the executable instruction of the processor;
Wherein, the processor is configured to come described in any one of perform claim requirement 5 to 7 via the execution executable instruction
File integrality method of calibration the step of.
10. a kind of computer readable storage medium, for storing program, which is characterized in that described program is performed realization power
Benefit require any one of 5 to 7 described in file integrality method of calibration the step of.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910183536.4A CN109934017A (en) | 2019-03-12 | 2019-03-12 | Check information generates and file integrality method of calibration, system, equipment and medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910183536.4A CN109934017A (en) | 2019-03-12 | 2019-03-12 | Check information generates and file integrality method of calibration, system, equipment and medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109934017A true CN109934017A (en) | 2019-06-25 |
Family
ID=66986755
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910183536.4A Pending CN109934017A (en) | 2019-03-12 | 2019-03-12 | Check information generates and file integrality method of calibration, system, equipment and medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109934017A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110289960A (en) * | 2019-06-28 | 2019-09-27 | 兆讯恒达微电子技术(北京)有限公司 | A kind of method of the anti-injection attack of public key cryptography algorithm coprocessor |
CN110941861A (en) * | 2019-12-16 | 2020-03-31 | 中国南方电网有限责任公司 | File protection method and device, computer equipment and medium |
CN111538512A (en) * | 2020-04-16 | 2020-08-14 | 山东正中信息技术股份有限公司 | OTA (over the air) firmware upgrading method, device and equipment |
CN112613033A (en) * | 2020-12-15 | 2021-04-06 | 北京鼎普科技股份有限公司 | Method and device for safely calling executable file |
CN113572819A (en) * | 2021-06-30 | 2021-10-29 | 深圳市证通云计算有限公司 | SM3 cryptographic algorithm-based SFTP file transmission summary verification method |
CN113721956A (en) * | 2021-08-26 | 2021-11-30 | 广州擎天实业有限公司 | Method for updating control program of excitation system |
CN114064462A (en) * | 2021-11-01 | 2022-02-18 | 中金金融认证中心有限公司 | Device and method for verifying application program and related product |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2854070A1 (en) * | 2013-09-27 | 2015-04-01 | Samsung Electronics Co., Ltd | Method and apparatus of creating application package, method and apparatus of executing application package, and recording medium storing application package |
CN104915591A (en) * | 2014-03-10 | 2015-09-16 | 联想(北京)有限公司 | Data processing method and electronic equipment |
CN105491062A (en) * | 2015-12-30 | 2016-04-13 | 北京神州绿盟信息安全科技股份有限公司 | Client software protection method and device, and client |
CN107508801A (en) * | 2017-08-04 | 2017-12-22 | 安徽智圣通信技术股份有限公司 | A kind of file tamper-proof method and device |
CN108650210A (en) * | 2018-03-14 | 2018-10-12 | 深圳市中易通安全芯科技有限公司 | A kind of Verification System and method |
-
2019
- 2019-03-12 CN CN201910183536.4A patent/CN109934017A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2854070A1 (en) * | 2013-09-27 | 2015-04-01 | Samsung Electronics Co., Ltd | Method and apparatus of creating application package, method and apparatus of executing application package, and recording medium storing application package |
CN104915591A (en) * | 2014-03-10 | 2015-09-16 | 联想(北京)有限公司 | Data processing method and electronic equipment |
CN105491062A (en) * | 2015-12-30 | 2016-04-13 | 北京神州绿盟信息安全科技股份有限公司 | Client software protection method and device, and client |
CN107508801A (en) * | 2017-08-04 | 2017-12-22 | 安徽智圣通信技术股份有限公司 | A kind of file tamper-proof method and device |
CN108650210A (en) * | 2018-03-14 | 2018-10-12 | 深圳市中易通安全芯科技有限公司 | A kind of Verification System and method |
Non-Patent Citations (1)
Title |
---|
VELSHAROON: "Android中签名原理和安全性分析之META-INF文件讲解", 《HTTP://WWW.CHENGLONG.REN/2016/12/30/ANDROID》 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110289960A (en) * | 2019-06-28 | 2019-09-27 | 兆讯恒达微电子技术(北京)有限公司 | A kind of method of the anti-injection attack of public key cryptography algorithm coprocessor |
CN110289960B (en) * | 2019-06-28 | 2022-03-18 | 兆讯恒达科技股份有限公司 | Method for preventing injection type attack of public key cryptographic algorithm coprocessor |
CN110941861A (en) * | 2019-12-16 | 2020-03-31 | 中国南方电网有限责任公司 | File protection method and device, computer equipment and medium |
CN110941861B (en) * | 2019-12-16 | 2022-04-29 | 中国南方电网有限责任公司 | File protection method and device, computer equipment and medium |
CN111538512A (en) * | 2020-04-16 | 2020-08-14 | 山东正中信息技术股份有限公司 | OTA (over the air) firmware upgrading method, device and equipment |
CN112613033A (en) * | 2020-12-15 | 2021-04-06 | 北京鼎普科技股份有限公司 | Method and device for safely calling executable file |
CN113572819A (en) * | 2021-06-30 | 2021-10-29 | 深圳市证通云计算有限公司 | SM3 cryptographic algorithm-based SFTP file transmission summary verification method |
CN113721956A (en) * | 2021-08-26 | 2021-11-30 | 广州擎天实业有限公司 | Method for updating control program of excitation system |
CN113721956B (en) * | 2021-08-26 | 2024-02-20 | 广州擎天实业有限公司 | Method for updating excitation system control program |
CN114064462A (en) * | 2021-11-01 | 2022-02-18 | 中金金融认证中心有限公司 | Device and method for verifying application program and related product |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109934017A (en) | Check information generates and file integrality method of calibration, system, equipment and medium | |
CN109313690B (en) | Self-contained encrypted boot policy verification | |
US10904006B2 (en) | Method and apparatus for cryptographic data processing | |
US8891768B2 (en) | Increasing data security in enterprise applications by obfuscating encryption keys | |
EP1299789B1 (en) | Method of detecting malicious code | |
RU2696425C1 (en) | Method of two-dimensional control and data integrity assurance | |
US8650649B1 (en) | Systems and methods for determining whether to evaluate the trustworthiness of digitally signed files based on signer reputation | |
JPWO2012164721A1 (en) | Key information generating apparatus and key information generating method | |
EP3316160A1 (en) | Authentication method and apparatus for reinforced software | |
CN110245466B (en) | Software integrity protection and verification method, system, device and storage medium | |
US11755406B2 (en) | Error identification in executed code | |
CN103500202A (en) | Security protection method and system for light-weight database | |
KR101913644B1 (en) | Code-based encryption apparatus and method capable of message authentication | |
US20120030543A1 (en) | Protection of application in memory | |
Wen et al. | Efficient fuzzy extractor implementations for PUF based authentication | |
WO2017197869A1 (en) | Version file checking method and apparatus, encryption method and apparatus, and storage medium | |
CN113434876A (en) | Data encryption method and device, memory controller, chip and electronic equipment | |
EP3937419B1 (en) | Electronic device using homomorphic encryption and encrypted data processing method thereof | |
CN110572371B (en) | Identity uniqueness check control method based on HTML5 local storage mechanism | |
KR101893504B1 (en) | A file integrity test in linux environment device and method | |
EP3306505B1 (en) | Information input method and device | |
KR102425916B1 (en) | Device and method for lattice-based fuzzy extraction supporting variable length fuzzy data | |
US12045121B2 (en) | Security IC and operating method thereof | |
US20240195636A1 (en) | Hardened Encoded Message Check for RSA Signature Verification | |
US20230153186A1 (en) | Security ic and operating method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190625 |