CN109934017A - Check information generates and file integrality method of calibration, system, equipment and medium - Google Patents

Check information generates and file integrality method of calibration, system, equipment and medium Download PDF

Info

Publication number
CN109934017A
CN109934017A CN201910183536.4A CN201910183536A CN109934017A CN 109934017 A CN109934017 A CN 109934017A CN 201910183536 A CN201910183536 A CN 201910183536A CN 109934017 A CN109934017 A CN 109934017A
Authority
CN
China
Prior art keywords
file
hash
check information
value
secret value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910183536.4A
Other languages
Chinese (zh)
Inventor
刘晓静
刘晓航
刘以恒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Keda Technology Co Ltd
Original Assignee
Suzhou Keda Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Keda Technology Co Ltd filed Critical Suzhou Keda Technology Co Ltd
Priority to CN201910183536.4A priority Critical patent/CN109934017A/en
Publication of CN109934017A publication Critical patent/CN109934017A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of generation of check information and file integrality method of calibration, system, equipment and media, the file integrality method of calibration includes: the check information for obtaining the application file, and the check information includes the first secret value of file to be verified;Obtain file to be verified;Hash operation is executed to the file to be verified, obtains Hash Value;The Hash Value is encrypted using key, obtains the second secret value;Compare first secret value and second secret value, if it is inconsistent, verification failure.By using the present invention, completeness check is carried out to application program using hash operation and key encryption, by secondary encryption mechanism, dramatically promotes the safety and stability of application program.

Description

Check information generates and file integrality method of calibration, system, equipment and medium
Technical field
The present invention relates to file verification technical field more particularly to a kind of check information generates and file integrality verification side Method, system, equipment and medium.
Background technique
The completeness check of application file is usually applied to safety and the higher occasion of stability requirement.If answered With the file of program by after virus or wooden horse infection, some malicious codes are implanted, it may be to user's important information (as propped up Pay password etc.) or system cause to seriously affect safely;Therefore after program file is infected or distorts, user is notified in time Program file destroys and execute program can not, can realize the self detecting function of software to avoid above-mentioned heavy losses.
However, integrity checking method in the prior art, security level is often very low, is easy to be cracked, not be available The integrity checking of more demanding application file with security classification, such as require the national dependent part for reaching state's Data Encryption Standard Door, they require the application program of installation that can detect Virus entry with the algorithm of safety.In addition, for bank or security class Application program, if the encryption of application program is cracked, critical file there is by wooden horse replace possibility, to cause to use The major hidden danger of family information leakage.
Summary of the invention
For the problems of the prior art, the purpose of the present invention is to provide a kind of generation of check information and file integralities Method of calibration, system, equipment and medium carry out completeness check to application program using hash operation and key encryption, to mention Rise the safety of application file.
The embodiment of the present invention provides a kind of check information generation method, for generating the check information of application file, Described method includes following steps:
For generating the check information of application file, described method includes following steps:
Obtain file to be processed;
Hash operation is executed to the file to be processed, obtains Hash Value;
The Hash Value is encrypted using key, the secret value of the Hash Value is obtained, as the application file Check information.
Optionally, described that hash operation is executed to the file to be processed, including being executed to the file to be processed SM3 hash operation.
Optionally, described to obtain Hash Value and encrypted between the Hash Value using key, further include following steps:
The Hash Value is converted into the character string of TCHAR type.
Optionally, the application file includes multiple subfiles, described to obtain application file to be processed, packet The multiple subfiles for obtaining the application file are included, and successively using each subfile as file to be processed;
After the secret value for obtaining the Hash Value of each subfile, using the secret value of each subfile as the application program The check information of file.
The embodiment of the present invention also provides a kind of file integrality method of calibration, for the complete of verification Application program file Property, described method includes following steps:
It obtains the check information of the application file and obtains file to be verified, the check information includes to school First secret value of the file tested;
Hash operation is executed to the file to be verified, obtains Hash Value;
The Hash Value is encrypted using key, obtains the second secret value;
Compare first secret value and second secret value, if it is inconsistent, verification failure.
Optionally, described that hash operation is executed to the file to be verified, including being executed to the file to be verified SM3 hash operation.
Optionally, described to obtain Hash Value and encrypted between the Hash Value using key, further include following steps:
The Hash Value is converted into the character string of TCHAR type.
Optionally, the application file includes multiple subfiles, and the check information of the application file includes First secret value of each subfile;
It is described to obtain file to be verified, including obtain each subfile, and successively using each subfile as described in The file of verification;
Successively the first secret value and the second secret value of more each subfile, if the first secret value of a subfile and Second secret value is inconsistent, then verifies failure.
The embodiment of the present invention also provides a kind of file integrality check system, applied to the file integrality verification side Method, the system comprises:
File acquisition module, for obtaining the check information of the application file and obtaining file to be verified, The check information includes the first secret value of file to be verified;
Hash computing module obtains Hash Value for executing hash operation to the file to be verified;
File encryption module obtains the second secret value for encrypting the Hash Value using key;
File verification module is used for first secret value and second secret value, if it is inconsistent, verification Failure.
The embodiment of the present invention also provides a kind of file integrality calibration equipment, comprising:
Processor;
Memory, wherein being stored with the executable instruction of the processor;
Wherein, the processor is configured to carry out the file integrality method of calibration via the execution executable instruction The step of.
The embodiment of the present invention also provides a kind of computer readable storage medium, and for storing program, described program is performed Described in Shi Shixian the step of file integrality method of calibration.
Check information provided by the present invention generates and file integrality method of calibration, system, equipment and medium, use are miscellaneous It gathers operation and key encryption carries out completeness check to application program, can effectively detect virus to the implantation of file or usurp Change, or after accidentally deleting after other modifications of program file necessary to application program executes, also can detecte out, prompt user Reinstall program;By secondary encryption mechanism, virus also can be effectively prevented or after wooden horse tampers with a document, regeneration is distorted The case where Hash Value write-in verification file of file afterwards is to skip check problem, dramatically promotes the peace of application program Full property and stability.
Detailed description of the invention
Upon reading the detailed description of non-limiting embodiments with reference to the following drawings, other feature of the invention, Objects and advantages will become more apparent upon.
Fig. 1 is the flow chart of the check information generation method of one embodiment of the invention;
Fig. 2 is the flow chart of the file integrality method of calibration of one embodiment of the invention;
Fig. 3 is the flow chart of the check information generation method of a specific example of the invention;
Fig. 4 is the flow chart of the file integrality method of calibration of a specific example of the invention;
Fig. 5 is the flow chart of SM3 hash algorithm;
Fig. 6 is the flow chart that compression function handles message blocks;
Fig. 7 is the flow chart for calculating median word register;
Fig. 8 is the schematic diagram for updating each register;
Fig. 9 is the structural schematic diagram of the file integrality check system of one embodiment of the invention;
Figure 10 is the structural schematic diagram of the file integrality calibration equipment of one embodiment of the invention;
Figure 11 is the structural schematic diagram of the computer storage medium of one embodiment of the invention.
Specific embodiment
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be with a variety of shapes Formula is implemented, and is not understood as limited to embodiment set forth herein;On the contrary, thesing embodiments are provided so that the present invention will Fully and completely, and by the design of example embodiment comprehensively it is communicated to those skilled in the art.It is identical attached in figure Icon note indicates same or similar structure, thus will omit repetition thereof.
As shown in Figure 1, the embodiment of the present invention provides a kind of check information generation method, for generating application file Check information, described method includes following steps:
S110: file to be processed is obtained;
S120: hash operation is executed to the file to be processed, obtains Hash Value;
S130: encrypting the Hash Value using key, obtain the secret value of the Hash Value, as the application program text The check information of part, when encryption, used key can be the private key in asymmetric key, be also possible to symmetric key.
Therefore, the present invention carries out hash operation to file by step S120 first, then leads to when generating check information Step S130 encryption hash value is crossed, obtains secret value, the check information as application file.Pass through hash operation and key Encryption forms secondary encryption mechanism, and application file can be effectively prevented and be maliciously tampered, to improve application file Safety.
As shown in Fig. 2, the embodiment of the present invention also provides a kind of file integrality method of calibration, for verification Application program text The integrality of part, described method includes following steps:
S210: obtaining the check information of the application file and obtains file to be verified, the check information packet The first secret value of file to be verified is included, wherein check information is to use check information generation method as shown in Figure 1 Obtained check information, the first secret value are to be obtained in check information generation phase using above-mentioned steps S120 and S130 The secret value of Hash Value;
S220: hash operation is executed to the file to be verified, obtains Hash Value, the algorithm types of hash operation depend on The algorithm types that the first secret value is used in hash operation in check information;
S230: encrypting the Hash Value using key, obtains the second secret value, and when encryption, used key can be not Private key in symmetric key, is also possible to symmetric key, and the type and content of specific key add depending in check information first The encryption key type and content of close value;
S240: first secret value and second secret value;
S250: if consistent, success is verified;
S260: if it is inconsistent, verification failure.
Therefore, the present invention carries out completeness check to application program using hash operation and key encryption, can be effectively Virus is detected to the implantation of file or is distorted, or accidentally deletes file necessary to application program executes after other modifications of program Afterwards, it also can detecte out, user prompted to reinstall program.The secondary encryption mechanism encrypted by hash operation and key, Also virus can be effectively prevented or after wooden horse tampers with a document, regeneration distort after file Hash Value write-in verification file from And the case where skipping check problem, dramatically promote the safety and stability of application program.
Safety check is carried out to file in the prior art, (Cyclic Redundancy Check, is followed the most commonly used is CRC Ring redundancy check) and MD5 (Message-Digest Algorithm, Message Digest 5).However, CRC check is without encryption, peace Congruent grade is very low.MD5 had certain secret grade using Message Digest 5, but in 2005, Chinese Wang little Yun professor The collision attack method of MD5 algorithm is given, makes MD5 algorithm that can be cracked on common computer, so that MD5 algorithm is also no longer Safety, MD5 algorithm is also no longer appropriate for the integrity checking of the application file more demanding for security classification, such as requires Reach the national correlation department of state's Data Encryption Standard, they require the application program of installation that can invade with the algorithm of safety detection virus Enter.Also just like bank or the application program of security class, if carrying out file integrality verification using MD5 algorithm, there is also MD5 It is cracked, the possibility that critical file is replaced by wooden horse, thus the major hidden danger for causing user information to reveal.
In this embodiment, the step S120 executes hash operation and step S230 to the file to be processed In, hash operation is executed to the file to be verified, including executing the operation of SM3 hash to the file to be processed.
SM3 cryptographic Hash algorithm is that the Chinese commercial cipher hash that Chinese international cryptography management board announced in 2010 is calculated Method, digital signature and verifying of the SM3 algorithm suitable for commercial cipher application, are one that realization is improved on the basis of SHA-256 Kind algorithm, the design of SM3 algorithm is more complicated, for example each round of compression function all uses 2 message words, message expanding course Each round all use 5 message words etc..The localized bumps of high probability can be effectively prevented from, effective resistance strong collision The cryptanalysises means such as difference analysis, the linear analysis of collision property and bit back tracking method.SM3 algorithm uses Merkle-Damgard Structure, message block length are 256 bits, and output Hash Value length is 256, and much higher than 128 of MD5, security level is very It is high;There are no be cracked so far.
Preferably, the step S120 obtains Hash Value and step S130 using between the key encryption Hash Value, goes back Include the steps that the character string that the Hash Value is converted into TCHAR type.
Accordingly, the step S230 obtains Hash Value and step S240 using between the key encryption Hash Value, goes back Include the steps that the character string that the Hash Value is converted into TCHAR type.
In this embodiment, the application file includes multiple subfiles, in the step S110, is obtained to be processed Application file, multiple subfiles including obtaining the application file, and successively will each subfile work For file to be processed;
In step S120, the Hash Value of each subfile is successively calculated;
In step S130, the secret value of each subfile is successively calculated, in the encryption for the Hash Value for obtaining each subfile After value, using the secret value of each subfile as the check information of the application file.
Accordingly, file to be verified is obtained in the step S210, including obtains each subfile, and successively will be each Subfile is as the file to be verified;
In the step S220 and S230, the Hash Value and the second secret value of each subfile, step S240 are successively calculated In successively more each subfile the first secret value and the second secret value, if the first secret value of a subfile and second plus It is close value it is inconsistent, then verify failure, if the first secret value and the second secret value of all subfiles are consistent, verification at Function.
As shown in figure 3, the flow chart of the check information generation method for a specific example.
Corresponding to above-mentioned steps S110, the configuration file of application program is obtained, a Ziwen is obtained from application file Part judges whether current file reaches the file path end of configuration file record as file to be processed;
If reaching file path end, illustrates that the check information of application file all generates and finish, then tie Beam current process.
If not reaching file path end, correspond to above-mentioned steps S120, the operation of SM3 hash is carried out to file, is sentenced It is disconnected whether SM3 Hash Value to be got from file;
If SM3 Hash Value cannot be obtained, error message is written in log, then inquires next file path, Continue step S110;
If SM3 Hash Value can be obtained, since SM3 Hash Value is 16 binary values, numeric type data cannot be deposited directly Storage is in file medium, so also needing for SM3 Hash Value to be converted into the character string of 16 systems, since the character string of 16 systems is Single-byte character string, and text file is stored using TCHAR double-byte encodings, so needing to convert the character string of 16 systems At TCHAR two-octet type character string;
Above-mentioned steps S130 is then corresponded to, character string is obtained into secret value using private key encryption, school is written into secret value It tests in information, then inquires next file path, then proceed to step S110, until all files handle completion.
As shown in figure 4, the flow chart of the file integrality method of calibration for a specific example.
Firstly, corresponding to step S210, application checks file and file to be verified are obtained, judges that current file is The no file path end for reaching configuration file record;
If current file reaches the file path end of configuration file record, illustrate that all files are all verified into Function, software start successfully, terminate current process;
If current file does not reach the file path end of configuration file record, correspond to above-mentioned steps S220, it is right File to be verified carries out the operation of SM3 hash, judges whether the SM3 Hash Value that can obtain current file;
If cannot obtain, user's error message, verification failure are prompted, software starting failure terminates current process;
If SM3 hash operation can be obtained, since the first secret value in check information is the Hash Value of TCHAR type Secret value, it is therefore desirable to obtained SM3 Hash Value be converted into the character string of 16 systems, then the character string of 16 systems is converted into The character string of TCHAR type;
Corresponding to above-mentioned steps S230, character string progress private key encryption is obtained into the second secret value;
Corresponding to above-mentioned steps S240, corresponding first secret value of this document is obtained first from check information, judgement takes Whether the first secret value out is empty;
If it is sky, user's error message, verification failure are prompted, software starting failure terminates current process;
If not for sky, whether the first secret value and the second secret value for comparing taking-up are consistent;
If consistent, continue to inquire next file path, then proceed to step S210, until All Files verify at Function, then application file verifies successfully, that is, corresponds to step S250;
If inconsistent, illustrate that application file has been tampered, then correspond to step S260, prompts user's mistake letter Breath, verification failure, software starting failure terminate current process, should reinstall application program.
SM3 hash algorithm is specifically introduced below with reference to Fig. 5~Fig. 8.
As shown in figure 5, entire SM3 hash algorithm process includes 3 message filling, piecemeal, Iteration Contraction steps.Wherein, Input is (l < 2 length l64) message x, export the Hash Value y for 256-bit.Filling: " 1 "+k-bit (0)+64-bit, k symbol Close the minimum nonnegative integer of 1+1+k=488mod512.B0,B1,...Bn-1For the piecemeal (total n block) of message after filling, message Block size is 512-bit, and CF is compression function, V0,V1,...VnFor each message blocks Iteration Contraction as a result, size is 256-bit, Finally obtained message Hash Value is y=Vn
Compression function may be expressed as:
Vi+1=CF (Vi,Bi), i=0 ... n-1, V0=IV
IV=7380166f4914b2b9172442d7da8a0600a96f30bc163138aae38de e4db0fb0e4e
Assuming that compression function handles BiA message blocks, process are as shown in Figure 6.
Wherein, ABCDEFGH is word register, and length 32-bit, j are iteration wheel number, and TT1, TT2 are that median word is posted Storage.
It can be seen that compression function shares 64 wheel iteration, ABCDEFGH register value is initialized as previous message blocks Bi-1 Compression result Vi
Block extension of message refers to BiIt is extended to 132 words: W0,W1,...W67,W'0,W'1,...W'63, process is as follows:
W0,...W15: block block is divided into 16 words;
Wherein,< < < refers to circulation bitwise shift left.
As shown in fig. 7, to calculate the flow chart of median TT1 and TT2.
Wherein,
X, Y, Z are word, and ∧ is and operation, and ∨ is or operation,For inverse,For XOR operation.
SS1←((A<<12)+E+(Tj<<j))<<7
TT1←FFj(A,B,C)+D+SS2+W'j
TT2←GGj(E,F,G)+H+SS1+Wj
After the TT1 of calculating, the centre TT2, as shown in figure 8, successively updating each register.
Wherein,
As shown in figure 9, the embodiment of the present invention also provides a kind of file integrality check system, it is complete applied to the file Whole property method of calibration, the system comprises:
File acquisition module M100, for obtaining the check information of the application file and obtaining text to be verified Part, the check information include the first secret value of file to be verified;
Hash computing module M200 obtains Hash Value for executing hash operation to the file to be verified;
File encryption module M300 obtains the second secret value for encrypting the Hash Value using key;
File verification module M400 is used for first secret value and second secret value, if it is inconsistent, Verification failure.
The embodiment of the present invention also provides a kind of file integrality calibration equipment, including processor;Memory, wherein being stored with The executable instruction of the processor;Wherein, the processor is configured to execute via the executable instruction is executed described File integrality method of calibration the step of.
Person of ordinary skill in the field it is understood that various aspects of the invention can be implemented as system, method or Program product.Therefore, various aspects of the invention can be embodied in the following forms, it may be assumed that complete hardware embodiment, complete The embodiment combined in terms of full Software Implementation (including firmware, microcode etc.) or hardware and software, can unite here Referred to as circuit, " module " or " system ".
The electronic equipment 600 of this embodiment according to the present invention is described referring to Fig. 9.The electronics that Fig. 9 is shown Equipment 600 is only an example, should not function to the embodiment of the present invention and use scope bring any restrictions.
As shown in Figure 10, electronic equipment 600 is showed in the form of universal computing device.The component of electronic equipment 600 can be with Including but not limited to: at least one processing unit 610, at least one storage unit 620, the different system components of connection (including are deposited Storage unit 620 and processing unit 610) bus 630, display unit 640 etc..
Wherein, the storage unit is stored with program code, and said program code can be held by the processing unit 610 Row, so that the processing unit 610 executes described in this specification above-mentioned electronic prescription circulation processing method part according to this The step of inventing various illustrative embodiments.For example, the processing unit 610 can execute step as shown in Figure 2.
The storage unit 620 may include the readable medium of volatile memory cell form, such as random access memory Unit (RAM) 6201 and/or cache memory unit 6202 can further include read-only memory unit (ROM) 6203.
The storage unit 620 can also include program/practical work with one group of (at least one) program module 6205 Tool 6204, such program module 6205 includes but is not limited to: operating system, one or more application program, other programs It may include the realization of network environment in module and program data, each of these examples or certain combination.
Bus 630 can be to indicate one of a few class bus structures or a variety of, including storage unit bus or storage Cell controller, peripheral bus, graphics acceleration port, processing unit use any bus structures in a variety of bus structures Local bus.
Electronic equipment 600 can also be with one or more external equipments 700 (such as keyboard, sensing equipment, bluetooth equipment Deng) communication, can also be enabled a user to one or more equipment interact with the electronic equipment 600 communicate, and/or with make Any equipment (such as the router, modulation /demodulation that the electronic equipment 600 can be communicated with one or more of the other calculating equipment Device etc.) communication.This communication can be carried out by input/output (I/O) interface 650.Also, electronic equipment 600 can be with By network adapter 660 and one or more network (such as local area network (LAN), wide area network (WAN) and/or public network, Such as internet) communication.Network adapter 660 can be communicated by bus 630 with other modules of electronic equipment 600.It should Understand, although not shown in the drawings, other hardware and/or software module can be used in conjunction with electronic equipment 600, including but unlimited In: microcode, device driver, redundant processing unit, external disk drive array, RAID system, tape drive and number According to backup storage system etc..
The embodiment of the present invention also provides a kind of computer readable storage medium, and for storing program, described program is performed Described in Shi Shixian the step of file integrality method of calibration.In some possible embodiments, various aspects of the invention It is also implemented as a kind of form of program product comprising program code, when described program product is run on the terminal device When, said program code is retouched for executing the terminal device in this specification above-mentioned electronic prescription circulation processing method part The step of various illustrative embodiments according to the present invention stated.
With reference to shown in Figure 11, describe embodiment according to the present invention for realizing above-mentioned check information generation method Program product 800, can be using portable compact disc read only memory (CD-ROM) and including program code, and can be It is run on terminal device, such as PC.However, program product of the invention is without being limited thereto, and in this document, readable storage Medium can be any tangible medium for including or store program, which can be commanded execution system, device or device Using or it is in connection.
Described program product can be using any combination of one or more readable mediums.Readable medium can be readable letter Number medium or readable storage medium storing program for executing.Readable storage medium storing program for executing for example can be but be not limited to electricity, magnetic, optical, electromagnetic, infrared ray or System, device or the device of semiconductor, or any above combination.The more specific example of readable storage medium storing program for executing is (non exhaustive List) include: electrical connection with one or more conducting wires, portable disc, hard disk, random access memory (RAM), read-only Memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc read only memory (CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.
The computer readable storage medium may include in a base band or the data as the propagation of carrier wave a part are believed Number, wherein carrying readable program code.The data-signal of this propagation can take various forms, including but not limited to electromagnetism Signal, optical signal or above-mentioned any appropriate combination.Readable storage medium storing program for executing can also be any other than readable storage medium storing program for executing Readable medium, the readable medium can send, propagate or transmit for by instruction execution system, device or device use or Person's program in connection.The program code for including on readable storage medium storing program for executing can transmit with any suitable medium, packet Include but be not limited to wireless, wired, optical cable, RF etc. or above-mentioned any appropriate combination.
The program for executing operation of the present invention can be write with any combination of one or more programming languages Code, described program design language include object oriented program language-Java, C++ etc., further include conventional Procedural programming language-such as " C " language or similar programming language.Program code can be fully in user It calculates and executes in equipment, partly executes on a user device, being executed as an independent software package, partially in user's calculating Upper side point is executed on a remote computing or is executed in remote computing device or server completely.It is being related to far Journey calculates in the situation of equipment, and remote computing device can pass through the network of any kind, including local area network (LAN) or wide area network (WAN), it is connected to user calculating equipment, or, it may be connected to external computing device (such as utilize ISP To be connected by internet).
In conclusion compared with prior art, check information provided by the present invention generates and file integrality verification side Method, system, equipment and storage medium have the advantage that
Check information provided by the present invention generates and file integrality method of calibration, system, equipment and medium, use are miscellaneous It gathers operation and key encryption carries out completeness check to application program, can effectively detect virus to the implantation of file or usurp Change, or after accidentally deleting after other modifications of program file necessary to application program executes, also can detecte out, prompt user Reinstall program;By secondary encryption mechanism, virus also can be effectively prevented or after wooden horse tampers with a document, regeneration is distorted The case where Hash Value write-in verification file of file afterwards is to skip check problem, dramatically promotes the peace of application program Full property and stability.
The above content is a further detailed description of the present invention in conjunction with specific preferred embodiments, and it cannot be said that Specific implementation of the invention is only limited to these instructions.For those of ordinary skill in the art to which the present invention belongs, exist Under the premise of not departing from present inventive concept, a number of simple deductions or replacements can also be made, all shall be regarded as belonging to of the invention Protection scope.

Claims (10)

1. a kind of check information generation method, which is characterized in that for generating the check information of application file, the method Include the following steps:
Obtain file to be processed;
Hash operation is executed to the file to be processed, obtains Hash Value;
The Hash Value is encrypted using key, obtains the secret value of the Hash Value, the verification as the application file Information.
2. check information generation method according to claim 1, which is characterized in that described to be held to the file to be processed Row hash operation, including executing the operation of SM3 hash to the file to be processed.
3. check information generation method according to claim 1, which is characterized in that described to obtain Hash Value and using key It encrypts between the Hash Value, further includes following steps:
The Hash Value is converted into the character string of TCHAR type.
4. check information generation method according to claim 1, which is characterized in that the application file includes multiple Subfile, described to obtain application file to be processed, multiple subfiles including obtaining the application file, and according to It is secondary using each subfile as file to be processed;
After the secret value for obtaining the Hash Value of each subfile, using the secret value of each subfile as the application file Check information.
5. a kind of file integrality method of calibration, which is characterized in that for the integrality of verification Application program file, the method Include the following steps:
It obtains the check information of the application file and obtains file to be verified, the check information includes to be verified First secret value of file;
Hash operation is executed to the file to be verified, obtains Hash Value;
The Hash Value is encrypted using key, obtains the second secret value;
Compare first secret value and second secret value, if it is inconsistent, verification failure.
6. file integrality method of calibration according to claim 5, which is characterized in that described to obtain Hash Value and using close Key encrypts between the Hash Value, further includes following steps:
The Hash Value is converted into the character string of TCHAR type.
7. file integrality method of calibration according to claim 5, which is characterized in that the application file includes more A subfile, the check information of the application file include the first secret value of each subfile;
It is described to obtain file to be verified, including each subfile is obtained, and successively using each subfile as described to be verified File;
Successively the first secret value and the second secret value of more each subfile, if the first secret value of a subfile and second Secret value is inconsistent, then verifies failure.
8. a kind of file integrality check system, which is characterized in that applied to file described in any one of claim 5 to 7 Integrity checking method, the system comprises:
File acquisition module, it is described for obtaining the check information of the application file and obtaining file to be verified Check information includes the first secret value of file to be verified;
Hash computing module obtains Hash Value for executing hash operation to the file to be verified;
File encryption module obtains the second secret value for encrypting the Hash Value using key;
File verification module is used for first secret value and second secret value, if it is inconsistent, verification is lost It loses.
9. a kind of file integrality calibration equipment characterized by comprising
Processor;
Memory, wherein being stored with the executable instruction of the processor;
Wherein, the processor is configured to come described in any one of perform claim requirement 5 to 7 via the execution executable instruction File integrality method of calibration the step of.
10. a kind of computer readable storage medium, for storing program, which is characterized in that described program is performed realization power Benefit require any one of 5 to 7 described in file integrality method of calibration the step of.
CN201910183536.4A 2019-03-12 2019-03-12 Check information generates and file integrality method of calibration, system, equipment and medium Pending CN109934017A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910183536.4A CN109934017A (en) 2019-03-12 2019-03-12 Check information generates and file integrality method of calibration, system, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910183536.4A CN109934017A (en) 2019-03-12 2019-03-12 Check information generates and file integrality method of calibration, system, equipment and medium

Publications (1)

Publication Number Publication Date
CN109934017A true CN109934017A (en) 2019-06-25

Family

ID=66986755

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910183536.4A Pending CN109934017A (en) 2019-03-12 2019-03-12 Check information generates and file integrality method of calibration, system, equipment and medium

Country Status (1)

Country Link
CN (1) CN109934017A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110289960A (en) * 2019-06-28 2019-09-27 兆讯恒达微电子技术(北京)有限公司 A kind of method of the anti-injection attack of public key cryptography algorithm coprocessor
CN110941861A (en) * 2019-12-16 2020-03-31 中国南方电网有限责任公司 File protection method and device, computer equipment and medium
CN111538512A (en) * 2020-04-16 2020-08-14 山东正中信息技术股份有限公司 OTA (over the air) firmware upgrading method, device and equipment
CN112613033A (en) * 2020-12-15 2021-04-06 北京鼎普科技股份有限公司 Method and device for safely calling executable file
CN113572819A (en) * 2021-06-30 2021-10-29 深圳市证通云计算有限公司 SM3 cryptographic algorithm-based SFTP file transmission summary verification method
CN113721956A (en) * 2021-08-26 2021-11-30 广州擎天实业有限公司 Method for updating control program of excitation system
CN114064462A (en) * 2021-11-01 2022-02-18 中金金融认证中心有限公司 Device and method for verifying application program and related product

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2854070A1 (en) * 2013-09-27 2015-04-01 Samsung Electronics Co., Ltd Method and apparatus of creating application package, method and apparatus of executing application package, and recording medium storing application package
CN104915591A (en) * 2014-03-10 2015-09-16 联想(北京)有限公司 Data processing method and electronic equipment
CN105491062A (en) * 2015-12-30 2016-04-13 北京神州绿盟信息安全科技股份有限公司 Client software protection method and device, and client
CN107508801A (en) * 2017-08-04 2017-12-22 安徽智圣通信技术股份有限公司 A kind of file tamper-proof method and device
CN108650210A (en) * 2018-03-14 2018-10-12 深圳市中易通安全芯科技有限公司 A kind of Verification System and method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2854070A1 (en) * 2013-09-27 2015-04-01 Samsung Electronics Co., Ltd Method and apparatus of creating application package, method and apparatus of executing application package, and recording medium storing application package
CN104915591A (en) * 2014-03-10 2015-09-16 联想(北京)有限公司 Data processing method and electronic equipment
CN105491062A (en) * 2015-12-30 2016-04-13 北京神州绿盟信息安全科技股份有限公司 Client software protection method and device, and client
CN107508801A (en) * 2017-08-04 2017-12-22 安徽智圣通信技术股份有限公司 A kind of file tamper-proof method and device
CN108650210A (en) * 2018-03-14 2018-10-12 深圳市中易通安全芯科技有限公司 A kind of Verification System and method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
VELSHAROON: "Android中签名原理和安全性分析之META-INF文件讲解", 《HTTP://WWW.CHENGLONG.REN/2016/12/30/ANDROID》 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110289960A (en) * 2019-06-28 2019-09-27 兆讯恒达微电子技术(北京)有限公司 A kind of method of the anti-injection attack of public key cryptography algorithm coprocessor
CN110289960B (en) * 2019-06-28 2022-03-18 兆讯恒达科技股份有限公司 Method for preventing injection type attack of public key cryptographic algorithm coprocessor
CN110941861A (en) * 2019-12-16 2020-03-31 中国南方电网有限责任公司 File protection method and device, computer equipment and medium
CN110941861B (en) * 2019-12-16 2022-04-29 中国南方电网有限责任公司 File protection method and device, computer equipment and medium
CN111538512A (en) * 2020-04-16 2020-08-14 山东正中信息技术股份有限公司 OTA (over the air) firmware upgrading method, device and equipment
CN112613033A (en) * 2020-12-15 2021-04-06 北京鼎普科技股份有限公司 Method and device for safely calling executable file
CN113572819A (en) * 2021-06-30 2021-10-29 深圳市证通云计算有限公司 SM3 cryptographic algorithm-based SFTP file transmission summary verification method
CN113721956A (en) * 2021-08-26 2021-11-30 广州擎天实业有限公司 Method for updating control program of excitation system
CN113721956B (en) * 2021-08-26 2024-02-20 广州擎天实业有限公司 Method for updating excitation system control program
CN114064462A (en) * 2021-11-01 2022-02-18 中金金融认证中心有限公司 Device and method for verifying application program and related product

Similar Documents

Publication Publication Date Title
CN109934017A (en) Check information generates and file integrality method of calibration, system, equipment and medium
CN109313690B (en) Self-contained encrypted boot policy verification
US10904006B2 (en) Method and apparatus for cryptographic data processing
US8891768B2 (en) Increasing data security in enterprise applications by obfuscating encryption keys
EP1299789B1 (en) Method of detecting malicious code
RU2696425C1 (en) Method of two-dimensional control and data integrity assurance
US8650649B1 (en) Systems and methods for determining whether to evaluate the trustworthiness of digitally signed files based on signer reputation
JPWO2012164721A1 (en) Key information generating apparatus and key information generating method
EP3316160A1 (en) Authentication method and apparatus for reinforced software
CN110245466B (en) Software integrity protection and verification method, system, device and storage medium
US11755406B2 (en) Error identification in executed code
CN103500202A (en) Security protection method and system for light-weight database
KR101913644B1 (en) Code-based encryption apparatus and method capable of message authentication
US20120030543A1 (en) Protection of application in memory
Wen et al. Efficient fuzzy extractor implementations for PUF based authentication
WO2017197869A1 (en) Version file checking method and apparatus, encryption method and apparatus, and storage medium
CN113434876A (en) Data encryption method and device, memory controller, chip and electronic equipment
EP3937419B1 (en) Electronic device using homomorphic encryption and encrypted data processing method thereof
CN110572371B (en) Identity uniqueness check control method based on HTML5 local storage mechanism
KR101893504B1 (en) A file integrity test in linux environment device and method
EP3306505B1 (en) Information input method and device
KR102425916B1 (en) Device and method for lattice-based fuzzy extraction supporting variable length fuzzy data
US12045121B2 (en) Security IC and operating method thereof
US20240195636A1 (en) Hardened Encoded Message Check for RSA Signature Verification
US20230153186A1 (en) Security ic and operating method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190625