CN112711764A - Data reading and writing method and device and electronic equipment - Google Patents
Data reading and writing method and device and electronic equipment Download PDFInfo
- Publication number
- CN112711764A CN112711764A CN202011607946.6A CN202011607946A CN112711764A CN 112711764 A CN112711764 A CN 112711764A CN 202011607946 A CN202011607946 A CN 202011607946A CN 112711764 A CN112711764 A CN 112711764A
- Authority
- CN
- China
- Prior art keywords
- data
- encryption algorithm
- private key
- key
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000005192 partition Methods 0.000 description 16
- 238000013500 data storage Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a data read-write method, a data read-write device and electronic equipment, wherein data stored in a processor is encrypted by adopting a public key of a second encryption algorithm, a private key of the second encryption algorithm is encrypted by adopting a public key of a first encryption algorithm, when decryption is carried out, the private key of the first encryption algorithm needs to be obtained, the encrypted private key of the second encryption algorithm is decrypted by adopting the private key of the first encryption algorithm to obtain the private key of the second encryption algorithm, the data can be decrypted by adopting the private key of the second encryption algorithm, the decryption mode is complex, the decryption difficulty is high, and therefore the data security is improved.
Description
Technical Field
The invention relates to the field of data reading, in particular to a data reading and writing method and device and electronic equipment.
Background
At present, users often store data in a hard disk in a computer, and in order to prevent data leakage, an encryption algorithm is usually used to encrypt the data and store the encrypted data in the hard disk.
When data is encrypted, a single symmetric encryption algorithm is usually adopted to encrypt the data, and a decryption mode corresponding to the encryption mode is low in cracking difficulty, so that the data stored in a hard disk is easy to decrypt, the data is stolen, and the data security is low.
Disclosure of Invention
In view of this, the present invention provides a data reading and writing method, an apparatus and an electronic device, so as to solve the problems that data stored in a hard disk is easy to be stolen and the data security is low.
In order to solve the technical problems, the invention adopts the following technical scheme:
a data read-write method is applied to a processor, the processor stores a public key of a first encryption algorithm, a public key of a second encryption algorithm and a key ciphertext obtained by encrypting a private key of the second encryption algorithm by using the public key of the first encryption algorithm in advance, and data stored in the processor is ciphertext data obtained by performing encryption operation by using the public key of the second encryption algorithm;
the data reading and writing method comprises the following steps:
acquiring a data reading instruction input by a user, wherein the data reading instruction is used for reading ciphertext data stored in a target area;
responding to the data reading instruction, and acquiring a private key of the first encryption algorithm, which is acquired in advance in a preset acquisition mode;
obtaining the key ciphertext, and decrypting the key ciphertext by using the private key of the first encryption algorithm to obtain the private key of the second encryption algorithm;
and acquiring the ciphertext data stored in the target area, decrypting the ciphertext data by using the private key of the second encryption algorithm to obtain decrypted data, and displaying the decrypted data.
Optionally, the method further comprises:
acquiring a data writing instruction input by a user, wherein the data writing instruction comprises data to be written and a target position where the data to be written needs to be written;
and encrypting the data to be written by using the public key of the second encryption algorithm, and writing the data subjected to the encryption operation into the area corresponding to the target position.
Optionally, the obtaining a private key of the first encryption algorithm obtained in advance in a preset obtaining manner includes:
acquiring a private key of the first encryption algorithm stored in an external storage device before acquiring a data reading instruction input by a user and in a manner of reading the external storage device; the external storage device is connected to the processor through a hardware interface.
Optionally, the obtaining a private key of the first encryption algorithm obtained in advance in a preset obtaining manner includes:
obtaining a private key of the first encryption algorithm pre-stored at a target location in the processor.
Optionally, the first encryption algorithm is the SM2 algorithm; the second encryption algorithm is the SM4 algorithm.
A data read-write device is applied to a processor, a public key of a first encryption algorithm, a public key of a second encryption algorithm and a key ciphertext obtained by encrypting a private key of the second encryption algorithm by using the public key of the first encryption algorithm are stored in the processor in advance, and data stored in the processor is ciphertext data obtained by performing encryption operation by using the public key of the second encryption algorithm;
the data read-write device comprises:
the first instruction acquisition module is used for acquiring a data reading instruction input by a user, and the data reading instruction is used for reading ciphertext data stored in a target area;
the key acquisition module is used for responding to the data reading instruction and acquiring a private key of the first encryption algorithm acquired in advance in a preset acquisition mode;
the first decryption module is used for acquiring the key ciphertext and decrypting the key ciphertext by using the private key of the first encryption algorithm to obtain the private key of the second encryption algorithm;
and the second decryption module is used for acquiring the ciphertext data stored in the target area, decrypting the ciphertext data by using the private key of the second encryption algorithm to obtain decrypted data and displaying the decrypted data.
Optionally, the method further comprises:
the second instruction acquisition module is used for acquiring a data writing instruction input by a user, wherein the data writing instruction comprises data to be written and a target position where the data to be written needs to be written;
and the data encryption module is used for carrying out encryption operation on the data to be written by using the public key of the second encryption algorithm and writing the data after the encryption operation into the area corresponding to the target position.
Optionally, the key obtaining module is specifically configured to:
acquiring a private key of the first encryption algorithm stored in an external storage device before acquiring a data reading instruction input by a user and in a manner of reading the external storage device; the external storage device is connected to the processor through a hardware interface.
Optionally, the key obtaining module is specifically configured to:
obtaining a private key of the first encryption algorithm pre-stored at a target location in the processor.
An electronic device is used for executing the data reading and writing method.
Compared with the prior art, the invention has the following beneficial effects:
the invention provides a data read-write method, a data read-write device and electronic equipment, wherein data stored in a processor is encrypted by adopting a public key of a second encryption algorithm, a private key of the second encryption algorithm is encrypted by adopting a public key of a first encryption algorithm, when decryption is carried out, the private key of the first encryption algorithm needs to be obtained, the encrypted private key of the second encryption algorithm is decrypted by adopting the private key of the first encryption algorithm to obtain the private key of the second encryption algorithm, the data can be decrypted by adopting the private key of the second encryption algorithm, the decryption mode is complex, the decryption difficulty is high, and therefore the data security is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a method for reading and writing data according to an embodiment of the present invention;
FIG. 2 is a flowchart of another method for reading and writing data according to an embodiment of the present invention;
fig. 3 is a flowchart of a method for reading and writing data according to another embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Computers have become the most widely used tools for people to store and process information, and a large amount of user data is stored in a hard disk of the computer. How to protect these data, especially to protect sensitive data related to national security, military secrecy, etc., is an extremely important security issue. Once a computer involved in confidentiality is lost or illegally hacked, stealing or altering data therein will have serious consequences for information security.
In order to protect the confidential data stored in the hard disk, an operating system of a general computer uses an encryption algorithm to encrypt the data in a manner of storing the data in the hard disk, the encryption manner is generally a single symmetric encryption algorithm, and the same secret key is used for encryption and decryption.
In order to solve the technical problems, the inventor researches and discovers that if the private key of the encryption algorithm is encrypted, when the private key is used for decryption, the private key needs to be obtained by decryption, and then the private key is used for decrypting data, so that the decryption mode is complicated, the risk of data leakage is reduced, and the data security is high.
More specifically, in the present invention, for example, data stored in an operating system is encrypted by using a public key of a second encryption algorithm, and a private key of the second encryption algorithm is encrypted by using a public key of a first encryption algorithm, when decryption is performed, a private key of the first encryption algorithm needs to be obtained, the encrypted private key of the second encryption algorithm is decrypted by using the private key of the first encryption algorithm, so that the private key of the second encryption algorithm can be obtained, and the data can be decrypted by using the private key of the second encryption algorithm, which has a complicated decryption manner and a high decryption difficulty, thereby improving data security.
Specifically, on the basis of the above contents, an embodiment of the present invention provides a data reading and writing method, which is applied to a processor, where the processor may be the above computer or computer, and the processor stores in advance a public key of a first encryption algorithm, a public key of a second encryption algorithm, and a key ciphertext obtained by encrypting a private key of the second encryption algorithm using the public key of the first encryption algorithm.
In practical application, the first encryption algorithm is an SM2 algorithm, the SM2 algorithm is an asymmetric encryption algorithm, the second encryption algorithm is an SM4 algorithm, and the SM4 algorithm is a symmetric encryption algorithm. And encrypting the private key of the SM4 algorithm by using the public key of the SM2 algorithm to obtain a key ciphertext, and storing the key ciphertext in the data device.
The data stored in the processor is ciphertext data obtained by performing encryption operation by using the public key of the second encryption algorithm, namely the SM4 algorithm.
When data storage is carried out, the hard disk is partitioned into a safe partition and other partitions in advance, the data security level in the safe partition is high, encryption and decryption are carried out by adopting the method disclosed by the invention, the data security level of other partitions is low, and encryption and decryption can be carried out by adopting a conventional encryption and decryption method.
When the safety partition is created, two links of selecting the path of the partition and setting the size of the partition are included. A system partition is realized in a drive layer, a mapping relation is established between the system partition and a special format file on a hard disk, and any data stored in the system partition is encrypted and then written into a specified file. The secure partition is indistinguishable from other disk partitions to the user.
Referring to fig. 1, the data reading and writing method applied to the processor includes:
and S11, acquiring a data reading instruction input by a user.
In practical applications, a user may operate a computer through an input device, such as a keyboard, a mouse, and the like, and if the user wants to open a certain file in the D-disk, the user may double click the file, and at this time, a data reading instruction input by the user is received, where the data reading instruction is used to perform a reading operation on ciphertext data stored in a target area, that is, data stored in the file.
And S12, responding to the data reading instruction, and acquiring the private key of the first encryption algorithm acquired in advance in a preset acquisition mode.
Because the data stored in the processor in the invention is encrypted by the public key of the second encryption algorithm, namely the ciphertext data after the public key of the SM4 algorithm is encrypted, and the private key of the second encryption algorithm is encrypted by the public key of the first encryption algorithm, when data is read, firstly, the private key of the first encryption algorithm needs to be obtained, the private key of the SM4 algorithm is encrypted by using the public key of the SM2 algorithm to obtain a key ciphertext, the private key of the SM4 algorithm is obtained by decrypting the data to be read by using the private key of the SM4 algorithm, and the data to be read is obtained.
Taking the first encryption algorithm as the SM2 algorithm, and the second encryption algorithm as the SM4 algorithm as an example:
the public key of the SM2 algorithm encrypts the key of the SM4 algorithm, and the encrypted key ciphertext and the public key information can be directly stored in the local storage space of the computer; the computer decrypts the SM2 algorithm on the key ciphertext by reading the certificate (private key) in the external storage device to obtain the key of the SM4 algorithm. And after the secret key of the SM4 algorithm is obtained, encryption and decryption reading and writing based on the SM4 algorithm can be carried out on the secure partition.
The original information input by the user is used as a key seed to generate a key pair of < public key and private key > of the SM2 algorithm and a key of the SM4 algorithm. The private key store of the user's SM2 algorithm may be sent to and stored in an external storage device.
In practical application, in order to avoid the problem that the private key of the first encryption algorithm is directly stored in the processor, when the processor is attacked, the private key of the first encryption algorithm is directly obtained, and the data storage security is low, in this embodiment, the private key of the first encryption algorithm is stored in an external storage device, such as a USB disk, and the external storage device is connected to the processor through a hardware interface, such as when the external storage device is a USB disk, the external storage device is connected to a computer through a USB interface.
Before a data reading instruction input by a user is acquired, a processor, such as a computer, firstly judges whether an external storage device is accessed to an operating system through a USB interface at present, if the external storage device is accessed, whether a private key of a first encryption algorithm can be acquired from an external memory, and if the private key of the first encryption algorithm is not acquired, any operation on the content of a security partition is forbidden.
If the private key of the first encryption algorithm can be obtained, the private key of the first encryption algorithm is obtained and stored in the target position in the processor, and the validity period of the private key of the first encryption algorithm is set, wherein the validity period can be determined according to actual conditions, such as one day, two days and the like.
Therefore, in this embodiment, when obtaining the private key of the first encryption algorithm, the private key of the first encryption algorithm pre-stored in the target location in the processor is generally obtained first, and if the private key of the first encryption algorithm is not obtained, it indicates that the private key of the first encryption algorithm is not stored in the target location or the private key of the first encryption algorithm stored in the target location has expired, and at this time, the private key of the first encryption algorithm stored in the external storage device is obtained in a manner of performing a read operation on the external storage device before obtaining a data read instruction input by a user.
In summary, the obtaining the private key of the first encryption algorithm obtained in advance through a preset obtaining manner includes:
acquiring a private key of the first encryption algorithm stored in an external storage device before acquiring a data reading instruction input by a user and in a manner of reading the external storage device; the external storage device is connected to the processor through a hardware interface.
Or, comprising:
obtaining a private key of the first encryption algorithm pre-stored at a target location in the processor.
And S13, obtaining the key ciphertext, and performing decryption operation on the key ciphertext by using the private key of the first encryption algorithm to obtain the private key of the second encryption algorithm.
In this embodiment, a stored key ciphertext is obtained, and the private key of the first encryption algorithm is used to decrypt the key ciphertext to obtain a private key of the second encryption algorithm.
And S14, acquiring the ciphertext data stored in the target area, and decrypting the ciphertext data by using the private key of the second encryption algorithm to obtain decrypted data and displaying the decrypted data.
After the private key of the second encryption algorithm is obtained, directly reading the ciphertext data stored in the target area, encrypting the ciphertext data by adopting the public key of the second encryption algorithm, directly decrypting the ciphertext data by using the private key of the second encryption algorithm to obtain decrypted data, and then displaying the decrypted data.
In this embodiment, the first encryption algorithm is an SM2 algorithm; the second encryption algorithm is an SM4 algorithm, and in addition, other implementation manners may also be available in this embodiment, for example, the first encryption algorithm is an SM2 algorithm; the second encryption algorithm is an SM2 algorithm, and the first encryption algorithm is an SM4 algorithm; the second encryption algorithm is an SM4 algorithm, and the first encryption algorithm is an SM4 algorithm; the second encryption algorithm is an SM2 algorithm and the like.
In addition, in order to ensure the security of the key, after the data is decrypted, the operating system clears the private key information of the SM2 algorithm and the key information of the SM4 algorithm, which are temporarily stored in the system memory.
Thirdly, in order to solve the problems of low encryption speed and high error rate of the existing encryption software on the hard disk, the invention adopts the bottom layer drive to realize the functions of the encryption and decryption module, and compared with the application layer encryption technology, the invention has the advantages of higher running speed and more stable encryption and decryption operation.
In this embodiment, the data stored in the processor is encrypted by using the public key of the second encryption algorithm, and the private key of the second encryption algorithm is encrypted by using the public key of the first encryption algorithm, so that when decryption is performed, the private key of the first encryption algorithm needs to be obtained, the encrypted private key of the second encryption algorithm is decrypted by using the private key of the first encryption algorithm, and the private key of the second encryption algorithm can be used to decrypt the data, so that the decryption method is complex, the decryption difficulty is high, and the data security is improved.
In addition, the invention also has the following advantages:
1) the SM2 asymmetric encryption algorithm and the SM4 symmetric encryption algorithm are complementary to realize encryption safety and high speed.
2) The strategy of hard disk partition is adopted to encrypt the files in the partition in blocks, so that the encryption of the files can be realized, and the encryption of the application program can be realized.
3) The encryption and decryption technology is realized by the bottom layer driver, the system works in the kernel layer protected by the system, the running speed is higher, and the encryption and decryption operation is more stable.
4) The private key of the SM2 algorithm is stored and protected by using the external storage device separated from the computer, the risk that the private key is directly stored in the computer and is attacked and acquired is avoided, and the safety of application data is enhanced.
In the foregoing embodiment, a data reading operation is described, and in addition, the present invention is also applicable to a data writing operation, specifically, referring to fig. 2, the data reading and writing method further includes:
and S21, acquiring a data writing instruction input by a user.
In practical applications, a user may write data, such as creating a new folder, writing content in a certain file, and the like, and receive an input data writing command. The data writing instruction comprises data to be written (such as a newly-created folder) and a target position (such as a C disc or a D disc) to which the data to be written needs to be written.
And S22, carrying out encryption operation on the data to be written by using the public key of the second encryption algorithm, and writing the data after the encryption operation into the area corresponding to the target position.
And similarly performing encryption operation on the data to be written by using the public key of the second encryption algorithm as other stored data in the processor, and writing the data after the encryption operation into the area corresponding to the target position after the encryption is completed so as to ensure that the encrypted data is stored when the data is stored.
In the embodiment, data writing operation can be supported, data can be written according to user requirements, the written data is encrypted, and the data security is guaranteed.
Optionally, on the basis of the embodiment of the data reading and writing method, another embodiment of the present invention provides a data reading and writing device, which is applied to a processor, where the processor stores in advance a public key of a first encryption algorithm, a public key of a second encryption algorithm, and a key ciphertext obtained by encrypting a private key of the second encryption algorithm using the public key of the first encryption algorithm, and the data stored in the processor is ciphertext data obtained by performing an encryption operation using the public key of the second encryption algorithm;
the data read-write device comprises:
the first instruction obtaining module 11 is configured to obtain a data reading instruction input by a user, where the data reading instruction is used to perform a reading operation on ciphertext data stored in a target area;
the key acquisition module 12 is configured to respond to the data reading instruction and acquire a private key of the first encryption algorithm, which is acquired in advance in a preset acquisition manner;
the first decryption module 13 is configured to obtain the key ciphertext, and perform a decryption operation on the key ciphertext by using a private key of the first encryption algorithm to obtain a private key of the second encryption algorithm;
and the second decryption module 14 is configured to obtain the ciphertext data stored in the target area, perform decryption operation on the ciphertext data by using the private key of the second encryption algorithm, obtain decrypted data, and display the decrypted data.
Further, still include:
the second instruction acquisition module is used for acquiring a data writing instruction input by a user, wherein the data writing instruction comprises data to be written and a target position where the data to be written needs to be written;
and the data encryption module is used for carrying out encryption operation on the data to be written by using the public key of the second encryption algorithm and writing the data after the encryption operation into the area corresponding to the target position.
Further, the key obtaining module is specifically configured to:
acquiring a private key of the first encryption algorithm stored in an external storage device before acquiring a data reading instruction input by a user and in a manner of reading the external storage device; the external storage device is connected to the processor through a hardware interface.
Further, the key obtaining module is specifically configured to:
obtaining a private key of the first encryption algorithm pre-stored at a target location in the processor.
Further, the first encryption algorithm is an SM2 algorithm; the second encryption algorithm is the SM4 algorithm.
In this embodiment, the data stored in the processor is encrypted by using the public key of the second encryption algorithm, and the private key of the second encryption algorithm is encrypted by using the public key of the first encryption algorithm, so that when decryption is performed, the private key of the first encryption algorithm needs to be obtained, the encrypted private key of the second encryption algorithm is decrypted by using the private key of the first encryption algorithm, and the private key of the second encryption algorithm can be used to decrypt the data, so that the decryption method is complex, the decryption difficulty is high, and the data security is improved.
It should be noted that, for the working process of each module in this embodiment, please refer to the corresponding description in the above embodiments, which is not described herein again.
Optionally, on the basis of the embodiments of the data reading and writing method and apparatus, another embodiment of the present invention provides an electronic device, configured to execute the data reading and writing method.
Specifically, the data reading and writing method includes:
acquiring a data reading instruction input by a user, wherein the data reading instruction is used for reading ciphertext data stored in a target area;
responding to the data reading instruction, and acquiring a private key of the first encryption algorithm, which is acquired in advance in a preset acquisition mode;
obtaining the key ciphertext, and decrypting the key ciphertext by using the private key of the first encryption algorithm to obtain the private key of the second encryption algorithm;
and acquiring the ciphertext data stored in the target area, decrypting the ciphertext data by using the private key of the second encryption algorithm to obtain decrypted data, and displaying the decrypted data.
Further, still include:
acquiring a data writing instruction input by a user, wherein the data writing instruction comprises data to be written and a target position where the data to be written needs to be written;
and encrypting the data to be written by using the public key of the second encryption algorithm, and writing the data subjected to the encryption operation into the area corresponding to the target position.
Further, acquiring the private key of the first encryption algorithm, which is acquired in advance through a preset acquisition mode, includes:
acquiring a private key of the first encryption algorithm stored in an external storage device before acquiring a data reading instruction input by a user and in a manner of reading the external storage device; the external storage device is connected to the processor through a hardware interface.
Further, acquiring the private key of the first encryption algorithm, which is acquired in advance through a preset acquisition mode, includes:
obtaining a private key of the first encryption algorithm pre-stored at a target location in the processor.
Further, the first encryption algorithm is an SM2 algorithm; the second encryption algorithm is the SM4 algorithm.
In this embodiment, the data stored in the processor is encrypted by using the public key of the second encryption algorithm, and the private key of the second encryption algorithm is encrypted by using the public key of the first encryption algorithm, so that when decryption is performed, the private key of the first encryption algorithm needs to be obtained, the encrypted private key of the second encryption algorithm is decrypted by using the private key of the first encryption algorithm, and the private key of the second encryption algorithm can be used to decrypt the data, so that the decryption method is complex, the decryption difficulty is high, and the data security is improved.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A data read-write method is characterized by being applied to a processor, wherein a public key of a first encryption algorithm, a public key of a second encryption algorithm and a key ciphertext obtained by encrypting a private key of the second encryption algorithm by using the public key of the first encryption algorithm are stored in the processor in advance, and data stored in the processor is ciphertext data obtained by performing encryption operation by using the public key of the second encryption algorithm;
the data reading and writing method comprises the following steps:
acquiring a data reading instruction input by a user, wherein the data reading instruction is used for reading ciphertext data stored in a target area;
responding to the data reading instruction, and acquiring a private key of the first encryption algorithm, which is acquired in advance in a preset acquisition mode;
obtaining the key ciphertext, and decrypting the key ciphertext by using the private key of the first encryption algorithm to obtain the private key of the second encryption algorithm;
and acquiring the ciphertext data stored in the target area, decrypting the ciphertext data by using the private key of the second encryption algorithm to obtain decrypted data, and displaying the decrypted data.
2. A method for reading and writing data according to claim 1, further comprising:
acquiring a data writing instruction input by a user, wherein the data writing instruction comprises data to be written and a target position where the data to be written needs to be written;
and encrypting the data to be written by using the public key of the second encryption algorithm, and writing the data subjected to the encryption operation into the area corresponding to the target position.
3. The data reading and writing method according to claim 1, wherein obtaining the private key of the first encryption algorithm obtained in advance in a preset obtaining manner includes:
acquiring a private key of the first encryption algorithm stored in an external storage device before acquiring a data reading instruction input by a user and in a manner of reading the external storage device; the external storage device is connected to the processor through a hardware interface.
4. The data reading and writing method according to claim 1, wherein obtaining the private key of the first encryption algorithm obtained in advance in a preset obtaining manner includes:
obtaining a private key of the first encryption algorithm pre-stored at a target location in the processor.
5. A method for reading and writing data according to claim 1, wherein the first encryption algorithm is SM2 algorithm; the second encryption algorithm is the SM4 algorithm.
6. A data read-write device is characterized by being applied to a processor, wherein a public key of a first encryption algorithm, a public key of a second encryption algorithm and a key ciphertext obtained by encrypting a private key of the second encryption algorithm by using the public key of the first encryption algorithm are stored in the processor in advance, and data stored in the processor is ciphertext data obtained by performing encryption operation by using the public key of the second encryption algorithm;
the data read-write device comprises:
the first instruction acquisition module is used for acquiring a data reading instruction input by a user, and the data reading instruction is used for reading ciphertext data stored in a target area;
the key acquisition module is used for responding to the data reading instruction and acquiring a private key of the first encryption algorithm acquired in advance in a preset acquisition mode;
the first decryption module is used for acquiring the key ciphertext and decrypting the key ciphertext by using the private key of the first encryption algorithm to obtain the private key of the second encryption algorithm;
and the second decryption module is used for acquiring the ciphertext data stored in the target area, decrypting the ciphertext data by using the private key of the second encryption algorithm to obtain decrypted data and displaying the decrypted data.
7. The data read/write apparatus according to claim 6, further comprising:
the second instruction acquisition module is used for acquiring a data writing instruction input by a user, wherein the data writing instruction comprises data to be written and a target position where the data to be written needs to be written;
and the data encryption module is used for carrying out encryption operation on the data to be written by using the public key of the second encryption algorithm and writing the data after the encryption operation into the area corresponding to the target position.
8. The data reading/writing apparatus according to claim 6, wherein the key obtaining module is specifically configured to:
acquiring a private key of the first encryption algorithm stored in an external storage device before acquiring a data reading instruction input by a user and in a manner of reading the external storage device; the external storage device is connected to the processor through a hardware interface.
9. The data reading/writing apparatus according to claim 6, wherein the key obtaining module is specifically configured to:
obtaining a private key of the first encryption algorithm pre-stored at a target location in the processor.
10. An electronic device, characterized in that it is adapted to perform the method of reading and writing data according to any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011607946.6A CN112711764A (en) | 2020-12-30 | 2020-12-30 | Data reading and writing method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011607946.6A CN112711764A (en) | 2020-12-30 | 2020-12-30 | Data reading and writing method and device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112711764A true CN112711764A (en) | 2021-04-27 |
Family
ID=75547170
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011607946.6A Pending CN112711764A (en) | 2020-12-30 | 2020-12-30 | Data reading and writing method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112711764A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113452688A (en) * | 2021-06-24 | 2021-09-28 | 山东三未信安信息科技有限公司 | Image encryption and decryption method and device based on SM4 and SM2 algorithms |
| CN114531236A (en) * | 2022-03-02 | 2022-05-24 | 杭州华澜微电子股份有限公司 | Key processing method and device and electronic equipment |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1936870A (en) * | 2005-09-23 | 2007-03-28 | 中国科学院计算技术研究所 | Hard-disc fan-area data enciphering and deciphering method and system |
| CN1991799A (en) * | 2005-12-31 | 2007-07-04 | 联想(北京)有限公司 | Safety memory device and data management method |
| CN201181472Y (en) * | 2008-02-29 | 2009-01-14 | 北京华大恒泰科技有限责任公司 | Hardware key device and movable memory system |
| CN101625654A (en) * | 2008-07-10 | 2010-01-13 | 福建升腾资讯有限公司 | Method and system for restoring encrypted backup of embedded systems |
| CN103077359A (en) * | 2012-12-26 | 2013-05-01 | 华为技术有限公司 | Data decryption method, device and system |
| CN104868996A (en) * | 2014-02-25 | 2015-08-26 | 中兴通讯股份有限公司 | Data encryption and decryption method, device thereof, and terminal |
| CN105447407A (en) * | 2015-11-11 | 2016-03-30 | 中国建设银行股份有限公司 | Off-line data encryption method and decryption method and corresponding apparatus and system |
| CN107666386A (en) * | 2016-07-27 | 2018-02-06 | 复凌科技(上海)有限公司 | A kind of data safe transmission method and device |
| CN108133155A (en) * | 2017-12-29 | 2018-06-08 | 北京联想核芯科技有限公司 | Data encryption storage method and device |
| CN109766731A (en) * | 2019-01-11 | 2019-05-17 | 深圳忆联信息***有限公司 | Encryption data processing method, device and computer equipment based on solid state hard disk |
| CN110138557A (en) * | 2019-05-28 | 2019-08-16 | 上海兆芯集成电路有限公司 | Data processing equipment and data processing method |
| CN110602703A (en) * | 2019-09-17 | 2019-12-20 | 深圳市太美亚电子科技有限公司 | Bluetooth communication data encryption method, terminal and system for BLE |
| CN110795740A (en) * | 2019-09-29 | 2020-02-14 | 深圳市火乐科技发展有限公司 | Starting method and related device |
-
2020
- 2020-12-30 CN CN202011607946.6A patent/CN112711764A/en active Pending
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1936870A (en) * | 2005-09-23 | 2007-03-28 | 中国科学院计算技术研究所 | Hard-disc fan-area data enciphering and deciphering method and system |
| CN1991799A (en) * | 2005-12-31 | 2007-07-04 | 联想(北京)有限公司 | Safety memory device and data management method |
| CN201181472Y (en) * | 2008-02-29 | 2009-01-14 | 北京华大恒泰科技有限责任公司 | Hardware key device and movable memory system |
| CN101625654A (en) * | 2008-07-10 | 2010-01-13 | 福建升腾资讯有限公司 | Method and system for restoring encrypted backup of embedded systems |
| CN103077359A (en) * | 2012-12-26 | 2013-05-01 | 华为技术有限公司 | Data decryption method, device and system |
| CN104868996A (en) * | 2014-02-25 | 2015-08-26 | 中兴通讯股份有限公司 | Data encryption and decryption method, device thereof, and terminal |
| CN105447407A (en) * | 2015-11-11 | 2016-03-30 | 中国建设银行股份有限公司 | Off-line data encryption method and decryption method and corresponding apparatus and system |
| CN107666386A (en) * | 2016-07-27 | 2018-02-06 | 复凌科技(上海)有限公司 | A kind of data safe transmission method and device |
| CN108133155A (en) * | 2017-12-29 | 2018-06-08 | 北京联想核芯科技有限公司 | Data encryption storage method and device |
| CN109766731A (en) * | 2019-01-11 | 2019-05-17 | 深圳忆联信息***有限公司 | Encryption data processing method, device and computer equipment based on solid state hard disk |
| CN110138557A (en) * | 2019-05-28 | 2019-08-16 | 上海兆芯集成电路有限公司 | Data processing equipment and data processing method |
| CN110602703A (en) * | 2019-09-17 | 2019-12-20 | 深圳市太美亚电子科技有限公司 | Bluetooth communication data encryption method, terminal and system for BLE |
| CN110795740A (en) * | 2019-09-29 | 2020-02-14 | 深圳市火乐科技发展有限公司 | Starting method and related device |
Non-Patent Citations (1)
| Title |
|---|
| 苑树波 等: "《网络信息安全》", 31 December 2016, 山东科学技术出版社, pages: 43 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113452688A (en) * | 2021-06-24 | 2021-09-28 | 山东三未信安信息科技有限公司 | Image encryption and decryption method and device based on SM4 and SM2 algorithms |
| CN113452688B (en) * | 2021-06-24 | 2022-07-08 | 山东三未信安信息科技有限公司 | Image encryption and decryption method and device based on SM4 and SM2 algorithms |
| CN114531236A (en) * | 2022-03-02 | 2022-05-24 | 杭州华澜微电子股份有限公司 | Key processing method and device and electronic equipment |
| CN114531236B (en) * | 2022-03-02 | 2023-10-31 | 杭州华澜微电子股份有限公司 | Key processing method and device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7428306B2 (en) | Encryption apparatus and method for providing an encrypted file system | |
| EP1012691B1 (en) | Encrypting file system and method | |
| KR100678927B1 (en) | Method and portable storage device for allocating secure area in insecure area | |
| EP3667535B1 (en) | Storage data encryption and decryption device and method | |
| EP2528004A1 (en) | Secure removable media and method for managing the same | |
| US20080235521A1 (en) | Method and encryption tool for securing electronic data storage devices | |
| US8750519B2 (en) | Data protection system, data protection method, and memory card | |
| US20120237024A1 (en) | Security System Using Physical Key for Cryptographic Processes | |
| TW200947202A (en) | System and method for providing secure access to system memory | |
| US20080123858A1 (en) | Method and apparatus for accessing an encrypted file system using non-local keys | |
| EP2108145A2 (en) | Protecting secrets in an untrusted recipient | |
| CN112711764A (en) | Data reading and writing method and device and electronic equipment | |
| CN111399770B (en) | Data storage mode conversion method, device and storage medium | |
| CN111177773B (en) | Full disk encryption and decryption method and system based on network card ROM | |
| Chang et al. | User-friendly deniable storage for mobile devices | |
| CN111191277A (en) | Hidden encryption and confidentiality method for optical disk file and optical disk medium | |
| US20210266301A1 (en) | Secure application processing systems and methods | |
| CN111159726A (en) | Full disk encryption and decryption method and system based on UEFI (unified extensible firmware interface) environment variable | |
| CN110855429A (en) | Software key protection method based on TPM | |
| US11283600B2 (en) | Symmetrically encrypt a master passphrase key | |
| CN112287415B (en) | USB storage device access control method, system, medium, device and application | |
| CN107688729B (en) | Application program protection system and method based on trusted host | |
| CN110837627A (en) | Software copyright authentication method, system and equipment based on hard disk serial number | |
| CN215219695U (en) | Data security device | |
| GB2434887A (en) | Access control by encrypting stored data with a key based on a "fingerprint" of the device storing the data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |