CN111914280A - File self-encryption and decryption method - Google Patents

File self-encryption and decryption method Download PDF

Info

Publication number
CN111914280A
CN111914280A CN202010824936.1A CN202010824936A CN111914280A CN 111914280 A CN111914280 A CN 111914280A CN 202010824936 A CN202010824936 A CN 202010824936A CN 111914280 A CN111914280 A CN 111914280A
Authority
CN
China
Prior art keywords
file
fragment
information
hash value
plaintext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010824936.1A
Other languages
Chinese (zh)
Other versions
CN111914280B (en
Inventor
杨志高
温贤强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Erren Technology Co Ltd
Original Assignee
Nanjing Erren Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Erren Technology Co Ltd filed Critical Nanjing Erren Technology Co Ltd
Priority to CN202010824936.1A priority Critical patent/CN111914280B/en
Publication of CN111914280A publication Critical patent/CN111914280A/en
Application granted granted Critical
Publication of CN111914280B publication Critical patent/CN111914280B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a file self-encryption and decryption method, which comprises the following steps: carrying out fragmentation processing on an original file to generate a plurality of file fragments, and obtaining plaintext information and fragmentation sequence of all the file fragments corresponding to the original file; combining plaintext information and fragment sequence of all file fragments, generating encryption and decryption keys according to a preset key generation strategy, and encrypting all file fragments to obtain corresponding file fragment ciphertext data; sequentially assembling all file segment ciphertext data from back to front according to a file segment storage structure from the last segment of the original file to generate corresponding file segment information; and respectively storing all the file fragment information to a plurality of storage providers. The invention can not need other auxiliary information, has no dependence on other information, is equal to other storage providers and has no central node, finally realizes the self-encryption and decryption, the self-storage management and the self-verification of the file, realizes the real decentralization, improves the safety level of the file and reduces the storage cost.

Description

File self-encryption and decryption method
Technical Field
The invention relates to the technical field of file storage, in particular to a file self-encryption and decryption method.
Background
At present, a plurality of storage service providers (various cloud disks, network disks and the like) provide storage services for users needing to store files, usually, a file user is stored in one storage service provider, and the storage service provider can conveniently acquire file information stored by the user, so that huge potential safety hazards exist. In order to protect the security of the file more effectively and reduce the risk of file information leakage as much as possible, a file owner usually encrypts the file first when storing the file to obtain an encrypted file, and then submits the encrypted file to a storage provider for storage.
Generally, an encryption algorithm (generally, a symmetric encryption algorithm) and an encryption/decryption password (simply, a key) are required for encrypting and decrypting a file, the key and a selected symmetric encryption algorithm are used for encrypting the file during encryption, and the key and the symmetric encryption algorithm during encryption are used for decrypting the file during decryption. After the file is encrypted by the method, the dependence on the key is strong, the encrypted file cannot be decrypted without the key, the file cannot be used, and the loss caused by the loss or the leakage of the key is huge for a file owner. For storage and protection of keys, the file owner needs to do this by other means, such as: the file storage method includes storing the file by itself (in this case, the file owner may also be regarded as one storage service provider) or storing the file in other storage service providers except the encrypted file storage provider, and the like, that is, at least more than two storage service providers are needed, and the file storage is relatively safe only by storing the encrypted file data and the key separately. In addition, if the key is stored in a third party (not the file owner) and the node storing the key becomes a central node, the centralization degree is high, and the following situations may occur: if the plaintext storage key has a great safety risk, the safety requirement on the storage provider is improved, and the storage cost is correspondingly increased; if the key is encrypted for storage, a cycle of information encryption storage and key protection can be involved, and the problem cannot be fundamentally solved; the above approach complicates the storage strategy and the overall cost of storing files can be relatively high.
In addition, for a storage system (storage provider), in order to ensure storage reliability, the storage system generally stores a file in a distributed manner, and when the file is stored in the distributed manner, the file is generally fragmented and stored in each storage node, and when the file is acquired, the file that is originally stored can be restored by acquiring a required file fragment. But rarely for the retrieved file. The invention patent with the patent number of CN101976322A provides a security metadata management method based on integrity check, which is characterized in that a self-encryption technology of file data is adopted at a client to encrypt the file data, a 64-fork heap hash tree is adopted at a security metadata management server to maintain hash values of file blocks, integrity protection of the hash values of the file data blocks is provided, high efficiency of access verification and data updating of a user on the file is realized, the integrity of root hashes of a plurality of 64-fork heap hash trees belonging to the same file is ensured, and concurrent access of the user on the file is supported to a certain extent. The self-encryption method of the file data comprises the steps of dividing a file into a file block set with a fixed size, calculating a hash value of each file block, generating an encryption key by using the calculated hash value, and encrypting each file block. At the same time, a 64-way heap hash tree of all file chunk hash value sets is constructed to achieve the foregoing technical effect. That is, for this patent, it is still necessary for the security metadata management server to perform unified management on all file data, even if a file self-encryption method is adopted, and the key of the file block is calculated according to the information of the security metadata, which is substantially similar to the scheme of general data encryption storage and key additional storage, the security metadata management server is a central node, and actually, decentralized processing is not completed, and the file is difficult to achieve self-management.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a file self-encryption and decryption method, the file stores encrypted information, an encryption and decryption key is generated by the stored information, only a corresponding stored file piece is needed during file restoration, other auxiliary information is not needed, the method is independent of other information, all storage providers are equal, no central node is provided, the self-encryption and decryption, self-storage management and self-verification of the file are finally realized, the real decentralization is realized, the security level of the file is improved, and the storage cost is reduced.
In order to achieve the purpose, the invention adopts the following technical scheme:
a method of file self-encryption decryption, the method comprising:
s1, carrying out fragmentation processing on the original file to generate a plurality of file fragments, and obtaining the plaintext information and fragmentation sequence of all the file fragments corresponding to the original file;
s2, generating encryption and decryption keys according to a preset key generation strategy by combining plaintext information and fragmentation sequences of all file fragments, and encrypting all file fragments to obtain corresponding file fragment ciphertext data;
s3, sequentially assembling all file segment ciphertext data from back to front according to a file segment storage structure from the last segment of the original file to generate corresponding file segment information; the file fragment information obtained by assembling each file fragment except the last file fragment comprises file fragment identification information of the current file fragment and file fragment information HASH value related information corresponding to the next file fragment;
s4, storing all the pieces of file information to a plurality of storage providers.
In order to optimize the technical scheme, the specific measures adopted further comprise:
further, in step S2, the preset key generation policy includes the following steps:
s21, carrying out HASH calculation on the plaintext information of all the file segments to obtain file segment plaintext HASH values and corresponding file segment plaintext HASH value length information;
s22, assembling all file segment plaintext HASH values according to the original file segment sequence, then performing HASH calculation to obtain a HASH value, and taking the calculated HASH value as an encryption and decryption key.
Further, in step S2, the preset key generation policy includes the following steps:
generating a random number aiming at each file segment, and storing the generated random number into each file segment;
and combining and calculating the random numbers of all the file segments to generate corresponding encryption and decryption keys.
Further, in step S3, the meaning of the file piece storage structure is as follows:
for the last file fragment, the file fragment storage structure comprises a file fragment identifier, a current file fragment plaintext HASH value length, a current file fragment encryption data length and current file fragment encryption data;
for the file slice at the middle position, the file slice storage structure comprises a file slice identifier, a HASH value of a next file slice, a HASH value length of the next file slice, a plaintext HASH value of a current file slice, a plaintext HASH value length of the current file slice, an encrypted data length of the current file slice and encrypted data of the current file slice;
for a first file slice, the file slice storage structure comprises a file slice identifier, a HASH value of a next file slice, a HASH value length of the next file slice, a plaintext HASH value of a current file slice, a plaintext HASH value length of the current file slice, an original file name length, an original file name, an encrypted data length of the current file slice and encrypted data of the current file slice;
the HASH value of the next file fragment refers to a HASH value obtained by hashing the information of the next file fragment by using a selected HASH algorithm, and the HASH value of the plaintext of the current file fragment refers to a HASH value obtained by hashing the plaintext of the file fragment corresponding to the current file fragment by using the selected HASH algorithm.
Further, in step S4, all the pieces of file information are randomly stored to the plurality of storage providers, respectively.
Further, the method further comprises:
and S5, acquiring all the file fragment information corresponding to the original file to be decrypted from the plurality of storage providers, automatically generating encryption and decryption keys by combining all the file fragment information, decrypting and verifying all the file fragment information, and assembling to obtain the original file if the verification is passed.
Further, in step S5, the process of acquiring all pieces of file information corresponding to the original files to be decrypted from the plurality of storage providers includes the following steps:
s511, searching first file fragment information of the original file from all storage providers according to the original file name;
s512, acquiring the next file fragment information from the related storage provider according to the next file fragment HASH value related information in the file fragment information;
and S513, repeating the step S512 until all the file fragment information corresponding to the original file is obtained.
Further, in step S5, the process of automatically generating the encryption and decryption keys in combination with all pieces of file information, and decrypting and verifying all pieces of file information includes the following steps:
s521, generating encryption and decryption keys according to a preset key generation strategy by combining the current file fragment plaintext HASH values and the fragment sequence of all the file fragments;
s522, decrypting the encrypted data of the current file fragment contained in one file fragment by using the encryption and decryption key and the encryption algorithm selected during encryption to obtain the plaintext data of the corresponding file fragment, verifying the decrypted plaintext data, if the verification is passed, repeating the current step until the plaintext data of all the file fragments are obtained, and otherwise, ending the process;
and S533, assembling the plaintext data of all the file segments according to the original file segmentation sequence to obtain an original file.
Further, the process of verifying the plaintext data obtained by decryption includes the following steps:
and performing HASH calculation on the decrypted plaintext data by using a selected HASH algorithm to obtain a corresponding decrypted HASH value, comparing the decrypted HASH value with the current file slice plaintext HASH value stored in the file slice, if the decrypted HASH value is consistent with the current file slice plaintext HASH value, passing the verification, otherwise, failing to pass the verification.
The invention has the beneficial effects that:
(1) the encryption and decryption passwords (keys) of the file are automatically generated and obtained according to the file information, and no additional dependence on the keys is generated.
(2) The original file can be restored by acquiring the required file piece information, and the data can be verified in the restoration process, so that the authenticity of the restored file is ensured.
(3) Data needing protection in the file fragment information are encrypted, and the obtained file fragment information cannot be used when plaintext information corresponding to the original file cannot be obtained; if any file piece is lacked, the encrypted data in the file piece cannot be decrypted even if the decryption password cannot be acquired, and any plaintext information of the original file cannot be acquired.
(4) The original file owner only needs to store the processed file fragment information in two or more storage providers randomly by using the method of the invention, so that the data safety can be effectively ensured, each storage provider is equal, no centralized node is provided, the decentralized degree is high, no special safety requirement is provided for the storage provider, the storage strategy is very simple, and the total cost of storing files is low.
(5) The method is different from the characteristic that the size of a file slice in the traditional file self-encryption method is limited, namely the size of the file slice in the traditional self-encryption method needs to be the same, invalid data can be filled to reach a fixed size when the size of the file slice in the traditional self-encryption method is not the same, storage space can be lost when the data is filled, and more storage space can be wasted after long-term accumulation; the invention has no limit to the size of the file pieces, does not require the same size of the file pieces, does not need to be filled with invalid data, has no loss of storage space, and can maximize the utilization of storage resources.
Drawings
FIG. 1 is a flow chart of a file self-encryption and decryption method of the present invention.
FIG. 2 is a flow chart of the file encrypted storage of the present invention.
Fig. 3 is a file decryption flow diagram of the present invention.
FIG. 4 is a flow chart of document authentication of the present invention.
Fig. 5 is a schematic diagram of a storage structure of a file slice according to the present invention.
Detailed Description
The present invention will now be described in further detail with reference to the accompanying drawings.
It should be noted that the terms "upper", "lower", "left", "right", "front", "back", etc. used in the present invention are for clarity of description only, and are not intended to limit the scope of the present invention, and the relative relationship between the terms and the terms is not limited by the technical contents of the essential changes.
The invention applies a symmetric encryption technology, and common symmetric encryption algorithms are as follows: DES, 3DES, AES128, AES192, AES256, AES512, Blowfish, etc. The data is encrypted by using a certain key and a selected encryption algorithm, and the encrypted data can be decrypted only by using the key during encryption and the same encryption algorithm used during encryption.
The invention applies the electronic file hash calculation technology, and the common hash algorithm is as follows: MD4, MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, etc. The electronic file can generate a character string (also called a summary and a HASH value) with a fixed length by using a selected HASH algorithm by using a HASH technology. In general, digests (HASH values) generated for different electronic files using the same HASH algorithm are different, and digests (HASH values) generated for the same electronic file using the same HASH algorithm are the same.
With reference to fig. 1, the present invention provides a file self-encryption and decryption method, including:
and S1, carrying out fragmentation processing on the original file to generate a plurality of file fragments, and obtaining the plaintext information and fragmentation sequence of all the file fragments corresponding to the original file.
And S2, generating encryption and decryption keys according to a preset key generation strategy by combining the plaintext information and the fragment sequence of all the file fragments, and encrypting all the file fragments to obtain corresponding file fragment ciphertext data.
S3, sequentially assembling all file segment ciphertext data from back to front according to a file segment storage structure from the last segment of the original file to generate corresponding file segment information; the file fragment information obtained by assembling each file fragment except the last file fragment comprises file fragment identification information of the current file fragment and file fragment information HASH value related information corresponding to the next file fragment.
S4, storing all the pieces of file information to a plurality of storage providers.
For the storage security protection of the file pieces, various existing storage systems (storage providers) have mature and reliable solutions, and the invention is not repeated. The invention provides a storage service for file fragments by using more than two storage providers (the original file owner can be one of the storage providers or not). Preferably, the fragment information (file fragments) of one file is randomly stored in the storage systems of more than two storage providers, any storage provider does not have all file fragments, and only the owner of the original file has the authority to acquire all corresponding file fragments of the original file from the related storage providers, so that the storage security of the file is further enhanced.
Further, the method further comprises:
and S5, acquiring all the file fragment information corresponding to the original file to be decrypted from the plurality of storage providers, automatically generating encryption and decryption keys by combining all the file fragment information, decrypting and verifying all the file fragment information, and assembling to obtain the original file if the verification is passed.
When the file is stored: firstly, a file is fragmented, then a data encryption password (secret key) is generated through a preset strategy, the original file fragmentation plaintext information is encrypted through the encryption password by using a certain symmetric encryption algorithm, and finally a final file fragment is generated through a specific file fragment storage structure and stored; when the file is used: the method comprises the steps of firstly obtaining all file fragments to generate file decryption passwords (secret keys) through a preset strategy, secondly obtaining file fragment encryption information from file fragment information, decrypting the file fragment encryption information by applying the decryption passwords and a corresponding symmetric encryption algorithm during encryption to obtain decrypted file fragment plaintext information, thirdly verifying the authenticity of the decrypted file fragment plaintext information, and finally assembling the decrypted file fragment plaintext information according to the sequence of original file fragments to restore the file information.
In the invention, the principle of the preset key generation strategy is that after all the file fragment information is downloaded by a user, all the file fragment information is synthesized and obtained on the basis of not depending on any external additional information, and the specific key generation scheme is not limited.
Example one
In step S2, the preset key generation policy includes the following steps:
and S21, carrying out HASH calculation on the plaintext information of all the file fragments to obtain the file fragment plaintext HASH values and corresponding file fragment plaintext HASH value length information.
S22, assembling all file segment plaintext HASH values according to the original file segment sequence, then performing HASH calculation to obtain a HASH value, and taking the calculated HASH value as an encryption and decryption key.
Example two
In step S2, the preset key generation policy includes the following steps:
and generating a random number for each file segment, and storing the generated random number into each file segment.
And combining and calculating the random numbers of all the file segments to generate corresponding encryption and decryption keys.
In the present invention, the file slice storage structure is used as an important feature of all file slices corresponding to the serial origin file, and needs to satisfy two requirements of small occupied storage space and enough information content.
One of the file slice storage structures is shown in fig. 5.
For the last file slice, the file slice storage structure comprises a file slice identifier, a current file slice plaintext HASH value length, a current file slice encrypted data length and current file slice encrypted data.
For the file slice at the middle position, the file slice storage structure comprises a file slice identifier, a HASH value of a next file slice, a HASH value length of the next file slice, a plaintext HASH value of a current file slice, a plaintext HASH value length of the current file slice, an encrypted data length of the current file slice and encrypted data of the current file slice.
For a first file slice, the file slice storage structure comprises a file slice identifier, a HASH value of a next file slice, a HASH value length of the next file slice, a plaintext HASH value of a current file slice, a plaintext HASH value length of the current file slice, an original file name length, an original file name, an encrypted data length of the current file slice, and encrypted data of the current file slice.
The HASH value of the next file fragment refers to a HASH value obtained by hashing the information of the next file fragment by using a selected HASH algorithm, and the HASH value of the plaintext of the current file fragment refers to a HASH value obtained by hashing the plaintext of the file fragment corresponding to the current file fragment by using the selected HASH algorithm.
The meaning of each part is as follows:
file piece identification: the method is used for identifying the position information of the file fragment when the original file fragment is located, and has the following values: 1 (first file slice), 2 (intermediate file slice), 3 (last file slice).
Length of HASH value of the latter file piece: the lengths of the HASH values generated by different HASH algorithms are different, and the information marks the length of the HASH value of the next file fragment, so that the file fragment information is conveniently analyzed. When the HASH value of the next file slice is less than 2 bytes, 0 is supplemented to the left, and 2 bytes are complemented. For the last file slice this value is: 00.
HASH value of the latter document piece: and obtaining the HASH value of the next file slice by using the selected HASH algorithm. All the fragmentation information (file fragments) and the fragmentation sequence of the original file can be acquired through the HASH value. The value is null for the last file slice.
File fragment plaintext HASH value length: the lengths of the HASH values generated by different HASH algorithms are different, and the information identifies the length of the HASH value of the plaintext after the original file is fragmented in the file fragment, so that the file fragment information is conveniently analyzed. When the length of the file piece plaintext HASH value is less than 2 bytes, 0 is supplemented on the left side, and 2 bytes are complemented.
File fragment plaintext HASH value: and obtaining the HASH value of the unencrypted plaintext information after the original file is fragmented by using the selected HASH algorithm.
Length of original filename: the length of the original file name is convenient for analyzing the file fragment information. When the length of the original file name is less than 2 bytes, 0 is supplemented on the left side, and 2 bytes are complemented. Except for the first file slice, the values of the other file slices are as follows: 00.
original file name: and the name of the original file is obtained through the information when the file is restored, and the restored file uses the name. The values of the other file slices except the first file slice are all null.
File slice encryption data length: the length of the file fragment encrypted data is convenient for analyzing the file fragment information. When the length of the file slice encrypted data is less than 2 bytes, 0 is supplemented on the left side, and 2 bytes are complemented.
File piece encryption data: and generating an encryption password by using a preset strategy and encrypting the original file fragmentation plaintext information by using a selected symmetric encryption algorithm to obtain encrypted data called file fragmentation encrypted data.
FIG. 2 is a flow chart of the file encrypted storage of the present invention. The method for encrypting and storing the original file mainly comprises the following steps:
1. the original file is segmented, the file is divided into more than 2 segments according to the file size by the number of the segments, the obtained segments are not more than 1M (the specific size can be adjusted according to actual needs), and the plain text information of the original file segments and the original file segmentation sequence are obtained.
2. And respectively carrying out HASH calculation on the original file fragment plaintext information by using a selected HASH algorithm to obtain a file fragment plaintext HASH value (called as a file fragment plaintext HASH value) and file fragment plaintext HASH value length information.
3. And generating an encryption password (key) according to a preset strategy.
4. And respectively encrypting the plain text information of the original file fragments by using the encryption password and the selected symmetric encryption algorithm to obtain encrypted data (called file fragment encrypted data).
5. And sequentially assembling the file fragment information from the last fragment of the original file according to the file fragment storage structure.
6. And assembling the last file piece information, and assembling the last file piece information according to the file piece storage structure.
7. And assembling penultimate file fragment information, obtaining the HASH value of the last file fragment information and the HASH value length of the last file fragment information by using the selected HASH algorithm, and then assembling the file fragment information according to the text fragment storage structure.
8. And assembling other file slice information, assembling the other file slice information according to the mode of the previous step, and adding the original file name length and the original file name information to the first file slice.
9. All the file fragment information is delivered to more than two storage systems (also called storage providers) for storage.
Fig. 3 is a file decryption flow diagram of the present invention.
The method of the invention mainly comprises the following steps:
(1) and searching for the first file fragment information of the original file from all storage providers according to the original file name.
(2) And respectively acquiring other related file fragment information from related storage providers according to the HASH value of the next file fragment in the file fragment information, and determining the original file fragment sequence according to the relation of the HASH value of the next file fragment. If the file film is tampered, the HASH value of the file film is changed, the originally stored file film cannot be obtained, and the authenticity of the stored information can be effectively verified.
(3) And judging whether the file fragment information is completely acquired, if any file fragment information is not acquired, failing to acquire the file, and ending the process.
(4) And generating a decryption password (key) according to a preset strategy. Any piece of fragment information is lacked, the decryption password cannot be acquired, and the mode can effectively ensure the security of the secret key.
(5) And decrypting the file fragment encrypted data of each file fragment by using the decryption password and a symmetric encryption algorithm selected during encryption to obtain plain text data of the original file fragment.
(6) And (optional) when in decryption, the clear text data of the original file fragments obtained after decryption is verified at the same time: and carrying out HASH calculation on the original file fragmentation plaintext data by using the selected HASH algorithm to obtain a corresponding HASH value (for short, a decrypted HASH value). Comparing the decrypted HASH value to the fragmented plaintext HASH value: if the two are consistent, the decryption is successful; and if the data are inconsistent, tampering the data, failing to acquire the original file, and ending the process. The verification ensures that the file is credible by effectively identifying the authenticity of the data.
(7) And if the encrypted data of all the file fragments are decrypted successfully, assembling the plain text data of all the original file fragments according to the original file fragment sequence to obtain the original file, and obtaining the original file successfully.
FIG. 4 is a flow chart of document authentication of the present invention. The process of verifying the plaintext data obtained by decryption comprises the following steps: and performing HASH calculation on the decrypted plaintext data by using a selected HASH algorithm to obtain a corresponding decrypted HASH value, comparing the decrypted HASH value with the current file slice plaintext HASH value stored in the file slice, if the decrypted HASH value is consistent with the current file slice plaintext HASH value, passing the verification, otherwise, failing to pass the verification.
The method of the invention is also suitable for the scenes of online transmission and non-network offline transmission of the files through the network: when the network is transmitted on line or without network off line, the method of the invention is used for processing the original file to obtain a batch of file fragments, the file fragments are respectively transmitted to the destination by different modes, and then the original file is restored by the original file acquisition process.
The above is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above-mentioned embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may be made by those skilled in the art without departing from the principle of the invention.

Claims (9)

1. A method for self-encrypting and decrypting a file, the method comprising:
s1, carrying out fragmentation processing on the original file to generate a plurality of file fragments, and obtaining the plaintext information and fragmentation sequence of all the file fragments corresponding to the original file;
s2, generating encryption and decryption keys according to a preset key generation strategy by combining plaintext information and fragmentation sequences of all file fragments, and encrypting all file fragments to obtain corresponding file fragment ciphertext data;
s3, sequentially assembling all file segment ciphertext data from back to front according to a file segment storage structure from the last segment of the original file to generate corresponding file segment information; the file fragment information obtained by assembling each file fragment except the last file fragment comprises file fragment identification information of the current file fragment and file fragment information HASH value related information corresponding to the next file fragment;
s4, storing all the pieces of file information to a plurality of storage providers.
2. The file self-encryption and decryption method according to claim 1, wherein in step S2, the preset key generation policy comprises the following steps:
s21, carrying out HASH calculation on the plaintext information of all the file segments to obtain file segment plaintext HASH values and corresponding file segment plaintext HASH value length information;
s22, assembling all file segment plaintext HASH values according to the original file segment sequence, then performing HASH calculation to obtain a HASH value, and taking the calculated HASH value as an encryption and decryption key.
3. The file self-encryption and decryption method according to claim 1, wherein in step S2, the preset key generation policy comprises the following steps:
generating a random number aiming at each file segment, and storing the generated random number into each file segment;
and combining and calculating the random numbers of all the file segments to generate corresponding encryption and decryption keys.
4. The file self-encryption and decryption method according to claim 1, wherein in step S3, the meaning of the file fragment storage structure is as follows:
for the last file fragment, the file fragment storage structure comprises a file fragment identifier, a current file fragment plaintext HASH value length, a current file fragment encryption data length and current file fragment encryption data;
for the file slice at the middle position, the file slice storage structure comprises a file slice identifier, a HASH value of a next file slice, a HASH value length of the next file slice, a plaintext HASH value of a current file slice, a plaintext HASH value length of the current file slice, an encrypted data length of the current file slice and encrypted data of the current file slice;
for a first file slice, the file slice storage structure comprises a file slice identifier, a HASH value of a next file slice, a HASH value length of the next file slice, a plaintext HASH value of a current file slice, a plaintext HASH value length of the current file slice, an original file name length, an original file name, an encrypted data length of the current file slice and encrypted data of the current file slice;
the HASH value of the next file fragment refers to a HASH value obtained by hashing the information of the next file fragment by using a selected HASH algorithm, and the HASH value of the plaintext of the current file fragment refers to a HASH value obtained by hashing the plaintext of the file fragment corresponding to the current file fragment by using the selected HASH algorithm.
5. The file self-encryption and decryption method of claim 1, wherein in step S4, all pieces of file information are randomly stored to a plurality of storage providers, respectively.
6. The file self-encryption decryption method of claim 4, wherein the method further comprises:
and S5, acquiring all the file fragment information corresponding to the original file to be decrypted from the plurality of storage providers, automatically generating encryption and decryption keys by combining all the file fragment information, decrypting and verifying all the file fragment information, and assembling to obtain the original file if the verification is passed.
7. The method for self-encrypting and decrypting the file according to claim 6, wherein in step S5, the process of obtaining all the file fragment information corresponding to the original file to be decrypted from the plurality of storage providers includes the steps of:
s511, searching first file fragment information of the original file from all storage providers according to the original file name;
s512, acquiring the next file fragment information from the related storage provider according to the next file fragment HASH value related information in the file fragment information;
and S513, repeating the step S512 until all the file fragment information corresponding to the original file is obtained.
8. The method for self-encrypting and decrypting the file according to claim 6, wherein in step S5, the process of automatically generating the encryption and decryption keys in combination with all the file piece information, and decrypting and verifying all the file piece information includes the following steps:
s521, generating encryption and decryption keys according to a preset key generation strategy by combining the current file fragment plaintext HASH values and the fragment sequence of all the file fragments;
s522, decrypting the encrypted data of the current file fragment contained in one file fragment by using the encryption and decryption key and the encryption algorithm selected during encryption to obtain the plaintext data of the corresponding file fragment, verifying the decrypted plaintext data, if the verification is passed, repeating the current step until the plaintext data of all the file fragments are obtained, and otherwise, ending the process;
and S533, assembling the plaintext data of all the file segments according to the original file segmentation sequence to obtain an original file.
9. The file self-encryption and decryption method according to claim 8, wherein the process of verifying the plaintext data obtained by decryption comprises the following steps:
and performing HASH calculation on the decrypted plaintext data by using a selected HASH algorithm to obtain a corresponding decrypted HASH value, comparing the decrypted HASH value with the current file slice plaintext HASH value stored in the file slice, if the decrypted HASH value is consistent with the current file slice plaintext HASH value, passing the verification, otherwise, failing to pass the verification.
CN202010824936.1A 2020-08-17 2020-08-17 File self-encryption and decryption method Active CN111914280B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010824936.1A CN111914280B (en) 2020-08-17 2020-08-17 File self-encryption and decryption method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010824936.1A CN111914280B (en) 2020-08-17 2020-08-17 File self-encryption and decryption method

Publications (2)

Publication Number Publication Date
CN111914280A true CN111914280A (en) 2020-11-10
CN111914280B CN111914280B (en) 2024-05-17

Family

ID=73278930

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010824936.1A Active CN111914280B (en) 2020-08-17 2020-08-17 File self-encryption and decryption method

Country Status (1)

Country Link
CN (1) CN111914280B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106611128A (en) * 2016-07-19 2017-05-03 四川用联信息技术有限公司 Secondary encryption-based data validation and data recovery algorithm in cloud storage
CN107153794A (en) * 2016-03-03 2017-09-12 腾讯科技(深圳)有限公司 File encrypting method and device, file decryption method and apparatus
CN108182367A (en) * 2017-12-15 2018-06-19 西安电子科技大学 A kind of encrypted data chunk client De-weight method for supporting data update
CN108681760A (en) * 2018-05-15 2018-10-19 浙江鲸腾网络科技有限公司 Data transmission method for uplink, method of reseptance and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107153794A (en) * 2016-03-03 2017-09-12 腾讯科技(深圳)有限公司 File encrypting method and device, file decryption method and apparatus
CN106611128A (en) * 2016-07-19 2017-05-03 四川用联信息技术有限公司 Secondary encryption-based data validation and data recovery algorithm in cloud storage
CN108182367A (en) * 2017-12-15 2018-06-19 西安电子科技大学 A kind of encrypted data chunk client De-weight method for supporting data update
CN108681760A (en) * 2018-05-15 2018-10-19 浙江鲸腾网络科技有限公司 Data transmission method for uplink, method of reseptance and device

Also Published As

Publication number Publication date
CN111914280B (en) 2024-05-17

Similar Documents

Publication Publication Date Title
US9977918B2 (en) Method and system for verifiable searchable symmetric encryption
EP3361408B1 (en) Verifiable version control on authenticated and/or encrypted electronic documents
US7324648B1 (en) Method and apparatus for secure key delivery for decrypting bulk digital content files at an unsecure site
EP1515215B1 (en) Method and apparatus for secure delivery and rights management of digital content by means of document indexing
CN110213042A (en) A kind of cloud data duplicate removal method based on no certification agency re-encryption
KR101656434B1 (en) Secure data cache
CN107220559B (en) Encryption storage method for non-tamperable file
US7299500B1 (en) Method and apparatus for secure delivery and rights management of digital content at an unsecure site
CN106612320A (en) Encrypted data dereplication method for cloud storage
CN104283668B (en) The method and device of applied cryptography is obtained based on mobile terminal
US20130290731A1 (en) Systems and methods for storing and verifying security information
CN103607393A (en) Data safety protection method based on data partitioning
KR101989813B1 (en) Generating and verifying the alternative data in a specified format
CN104809407A (en) Method and system for encrypting, decrypting and verifying cloud storage front end data
Jayapandian et al. Secure deduplication for cloud storage using interactive message-locked encryption with convergent encryption, to reduce storage space
CN103116730A (en) Deciphering method and system of data protection application programming interface (DPAPI) enciphered data
CN115225409B (en) Cloud data safety duplicate removal method based on multi-backup joint verification
CN112906056A (en) Cloud storage key security management method based on block chain
CN113067702A (en) Identity-based encryption method supporting ciphertext equivalence test function
WO2024088082A1 (en) Method and device for auditing data integrity, and storage medium
CN104780048B (en) The image file encryption system and method for a kind of lightweight
CN1707450A (en) Method and apparatus for protecting data confidentiality and integrity in memory equipment
CN113626859B (en) Method, system, equipment and medium for supporting encryption protection of key escrow personal file
US20130290732A1 (en) Systems and methods for storing and verifying security information
CN104794243B (en) Third party's cipher text retrieval method based on filename

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant