CN112995204B - Method, device, equipment and storage medium for safely reading Protonmail encrypted mail - Google Patents
Method, device, equipment and storage medium for safely reading Protonmail encrypted mail Download PDFInfo
- Publication number
- CN112995204B CN112995204B CN202110387604.6A CN202110387604A CN112995204B CN 112995204 B CN112995204 B CN 112995204B CN 202110387604 A CN202110387604 A CN 202110387604A CN 112995204 B CN112995204 B CN 112995204B
- Authority
- CN
- China
- Prior art keywords
- encrypted
- key
- sekrit
- protonmail
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/42—Mailbox-related aspects, e.g. synchronisation of mailboxes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
One or more embodiments of the present specification provide a method, an apparatus, a device, and a storage medium for secure reading of a ProtonMail encrypted mail, the method including: obtaining SEKRIT parameters of a Protonmail encrypted; decrypting the SEKRIT parameter to obtain a decrypted character string; obtaining a private key based on the decrypted character string and the current login user name; and decrypting the Protonmail encrypted mail based on the private key to obtain the mail content of the Protonmail encrypted mail. According to the method and the device, after the SEKRIT parameter in the ProtonMiil encrypted mail is decrypted, the private key is obtained by combining the user name, so that the mail content is safely obtained based on the private key, the personal privacy data of a user is protected, and the situation that lawbreakers steal the user data is effectively prevented.
Description
Technical Field
One or more embodiments of the present description relate to the field of communications technologies, and more particularly, to secure reading of ProtonMail encrypted mail.
Background
ProtonMatil uses end-to-end encryption and fully closed encryption techniques to secure mail, which means that the mail content cannot be revealed to third parties. However, the ProtonMail mail data is not absolutely secure, and thus, the ProtonMail mail data can be utilized by some lawless persons, so that the leakage of user information or mail content can cause loss to users more or less.
Disclosure of Invention
In view of the above, an object of one or more embodiments of the present disclosure is to provide a method, an apparatus, a device, and a storage medium for securely reading a ProtonMail encrypted mail, so as to solve the above-mentioned problem of leakage of user information or mail content.
In view of the above object, one or more embodiments of the present specification provide a method for secure reading of ProtonMail encrypted mail, including:
obtaining SEKRIT parameters of a Protonmail encrypted;
decrypting the SEKRIT parameter to obtain a decrypted character string;
obtaining a private key based on the decrypted character string and the current login user name;
and decrypting the Protonmail based on the private key to obtain the mail content of the Protonmail.
Optionally, the obtaining the SEKRIT parameter of the ProtonMail encrypted mail includes:
constructing a simulation application program for simulating ProtonMail;
reading a ProtonAilKey based on the simulation application program;
reading the SEKRIT parameter in the ch.protomail.android _ references.xml file from a directory based on the ProtonMailKey.
Optionally, the decrypting the SEKRIT parameter to obtain the decrypted character string includes:
performing Base64 decoding on the attribute VALUE SEKRIT _ VALUE of the SEKRIT parameter to obtain a decoded attribute VALUE SEKRIT _ VALUE _ Base 64;
and decrypting the decoded attribute VALUE SEKRIT _ VALUE _ Base64 based on the Cipher instance with the initialization mode of RSA/ECB/PKCS1Padding and the parameter key of ProtonMatilKey to obtain a decrypted character string SEKRIT _ DECRYPTED.
Optionally, obtaining a private key based on the decrypted character string and the currently logged-in user name includes:
coding the current login user name to obtain a coded user name;
generating the private key encryption value based on the decrypted character string and the encoded user name;
and decrypting the private key encrypted value to obtain the private key.
Optionally, encoding the currently logged-in user name to obtain an encoded user name, including:
and performing base64 encoding on the currently logged user name username, so as to obtain an encoded user name username _ base 64.
Optionally, the generating the private key encrypted value based on the decrypted character string and the encoded user name includes:
performing SHA-256 encryption on the decrypted character string to obtain an encrypted character string SEKRIT _ KEY;
encrypting the character string 'priv _ KEY' by taking a Cipher instance and a parameter KEY of an AES mode as the encrypted character string SEKRIT _ KEY to obtain an encrypted character string priv _ KEY _ encrypted;
and performing base64 encoding on the encrypted character string priv _ key _ encrypted to obtain the private key encryption value priv _ key _ encrypted _ base 64.
Optionally, the decrypting the attribute value corresponding to the private key encrypted value to obtain the private key includes:
reading an attribute value private _ key _ value _ encrypted corresponding to the private key encryption value private _ key _ encrypted _ base 64;
performing base64 decoding on the attribute value private _ key _ value _ encrypted to obtain a decoded attribute value private _ key _ value _ encrypted _ base 64;
and decrypting the decoded attribute value private _ KEY _ value _ encrypted _ base64 by taking a Cipher instance and a parameter KEY of an AES mode as the encrypted character string SEKRIT _ KEY to obtain the private KEY.
One or more embodiments of the present specification provide a secure reading apparatus of a ProtonMail encrypted mail, including:
the acquisition module is used for acquiring SEKRIT parameters of the Protonmail encryption mail;
the SEKRIT parameter decryption module is used for decrypting the SEKRIT parameter to obtain a decrypted character string;
the private key module is used for obtaining a private key based on the decrypted character string and the current login user name;
and the reading module is used for decrypting the Protonmail encrypted mail based on the private key to obtain the mail content of the Protonmail encrypted mail.
One or more embodiments of the present specification provide an electronic device, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor executes the program to implement the method of the embodiments of the present specification.
One or more embodiments of the present specification provide a non-transitory computer-readable storage medium, wherein the non-transitory computer-readable storage medium stores computer instructions for causing the computer to execute the method of the embodiments of the present specification.
As can be seen from the foregoing, in the method, the apparatus, the device, and the storage medium for securely reading a ProtonMail encrypted email provided in one or more embodiments of the present specification, after decrypting an SEKRIT parameter in the ProtonMail encrypted email, a private key is obtained in combination with a user name, so that email content is securely obtained based on the private key, thereby protecting personal privacy data of a user, and effectively preventing a lawbreaker from stealing user data.
Drawings
In order to more clearly illustrate one or more embodiments or prior art solutions of the present specification, the drawings that are needed in the description of the embodiments or prior art will be briefly described below, and it is obvious that the drawings in the following description are only one or more embodiments of the present specification, and that other drawings may be obtained by those skilled in the art without inventive effort from these drawings.
Fig. 1 is a schematic flow diagram of a method for secure reading of ProtonMail encrypted mail according to an embodiment of the present disclosure;
FIG. 2 is a schematic flow chart diagram of obtaining SEKRIT parameters according to an embodiment of the present disclosure;
FIG. 3 is a schematic flow chart diagram of decrypting SEKRIT parameters in accordance with an embodiment of the present disclosure;
FIG. 4 is a schematic diagram of SEKRIT parameter transmission according to an embodiment of the present disclosure;
FIG. 5 is a schematic flow chart diagram of generating a private key cryptographic value in accordance with an embodiment of the present disclosure;
FIG. 6 is a schematic flow chart diagram of decrypting a private key according to an embodiment of the present disclosure;
FIG. 7 is a schematic block diagram of a secure reader of ProtonMial encrypted mail according to an embodiment of the present disclosure;
fig. 8 is a more specific hardware structure diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
For the purpose of promoting a better understanding of the objects, aspects and advantages of the present disclosure, reference is made to the following detailed description taken in conjunction with the accompanying drawings.
It is to be noted that unless otherwise defined, technical or scientific terms used in one or more embodiments of the present specification should have the ordinary meaning as understood by those of ordinary skill in the art to which this disclosure belongs. The use of "first," "second," and similar terms in one or more embodiments of the specification is not intended to indicate any order, quantity, or importance, but rather is used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items.
The PGP encryption algorithm is used in the ProtonMail mail content data, and the encrypted mail content needs a private key to be decrypted, although a very important prerequisite is that the handset must root. ProtonMatil uses end-to-end encryption and fully closed encryption techniques to secure mail, which means that the mail content cannot be revealed to third parties. However, the ProtonMail mail data is not absolutely secure, and thus, the ProtonMail mail data can be utilized by some lawless persons, so that the leakage of user information or mail content can cause loss to users more or less.
The PGP technology is an email encryption technology based on an asymmetric encryption algorithm RSA public key system, and is also an encryption mode with simple operation, convenient use and higher popularity. The PGP technology can not only encrypt the E-mail and prevent an unauthorized person from reading the mail; the digital signature can be attached to the e-mail, so that the receiver can clearly know the real identity of the sender; people can also be enabled to communicate securely without the need to pass keys through any secure channel. Generally, PGP technology uses two keys to manage data: one for encryption, called Public Key (Public Key); the other is used for decryption and is called Private Key (Private Key). The public key and the private key are closely related, and the public key can only be used for encrypting data needing safe transmission but cannot decrypt the encrypted data; in contrast, the private key can only be used to decrypt, but not to encrypt data.
Based on the above consideration, the embodiments of the present disclosure provide a method, an apparatus, a device, and a storage medium for securely reading a ProtonMail encrypted mail, which are used to analyze encrypted mail information stored in a file named XXX-messagesdatabase. And a protection strategy aiming at Protonmail content is provided by analyzing App assembly codes, looking up an encryption and decryption algorithm, a zero trust system and related data of a TLS transport layer protocol.
Referring to fig. 1, fig. 1 shows a schematic flow diagram of a method for secure reading of ProtonMail encrypted mail according to an embodiment of the present disclosure. As shown in fig. 1, the method for securely reading proto mail includes:
step S110, an SEKRIT parameter of the Protonmail encryption mail is obtained;
step S120, decrypting the SEKRIT parameter to obtain a decrypted character string;
step S130, obtaining a private key based on the decrypted character string and the current login user name;
and step S140, decrypting the Protonmail encrypted mail based on the private key to obtain the mail content of the Protonmail encrypted mail.
After the SEKRIT parameter in the Protonmail is decrypted, the private key is obtained by combining the user name, and therefore the mail content is safely obtained based on the private key. The method can further strengthen the safety of ProtonMiai data, ensures that lawless persons attempting to illegally obtain user data can apply the method, can protect personal privacy data of users, effectively prevents lawless persons from stealing user data, and provides the safety of ProtonMiai encrypted mails.
Optionally, in step S110, the SEKRIT parameter of the ProtonMail encrypted mail is acquired.
In some embodiments, the obtaining the SEKRIT parameter of the ProtonMail encrypted mail includes:
constructing a simulation application program for simulating ProtonMail;
reading a ProtonMailKey based on the simulation application program;
reading the SEKRIT parameter in the ch.protomail.android _ references.xml file from a directory based on the ProtonMailKey.
Specifically, referring to fig. 2, fig. 2 shows a schematic flow chart for obtaining the SEKRIT parameter according to an embodiment of the present disclosure. As shown in fig. 2, includes:
step S210, a simulation application program is constructed to simulate the ProtonMail to read the KeyStore ProtonMailKey by utilizing an Android KeyStore safety mechanism, and if the KeyStore ProtonMailKey exists, the step S220 is executed; if not, the process ends.
In step S220, the PrivateKey is acquired, and step S230 is executed.
Step S230, reading the ch.protomail.android _ references.xml file, if the read ch.protomail.android _ references.xml file exists, executing step S240; if not, the process ends.
In step S240, the value corresponding to the name "SEKRIT" is read. May be designated as USRPKEY _ ProtonMailKey.
The first-level secret key is decrypted through the Android KeyStore, the SEKRIT parameter is read, and the value of < string name ═ SEKRIT > in the ch.protomail.android _ references.xml is read from the/data/data/ch.protomail.android/shared _ references directory, so that the SEKRIT parameter of the Protonmail encrypted mail can be obtained.
Optionally, in step S120, the SEKRIT parameter is decrypted to obtain a decrypted character string.
In some embodiments, the decrypting the SEKRIT parameter to obtain the decrypted character string includes:
performing Base64 decoding on the attribute VALUE SEKRIT _ VALUE of the SEKRIT parameter to obtain a decoded attribute VALUE SEKRIT _ VALUE _ Base 64;
and decrypting the SEKRIT parameter based on a Cipher instance with an initialization mode of RSA/ECB/PKCS1Padding and a parameter key of ProtonMatilKey to obtain a decrypted character string SEKRIT _ DECRYPTED.
Specifically, referring to fig. 3, fig. 3 shows a schematic flow chart of decrypting the SEKRIT parameter according to an embodiment of the present disclosure. As shown in fig. 3, includes:
in step S310, the ch.protomail.android _ references.xml file is opened, and step S320 is executed.
Step S320, reading the string tag, where the name is the VALUE corresponding to the SEKRIT (attribute VALUE of SEKRIT parameter), and is recorded as SEKRIT _ VALUE; step S330 is performed.
Step S330, the Base64 decodes SEKRIT _ VALUE to obtain SEKRIT _ VALUE _ Base64 (the attribute VALUE of the decoded parameter SEKRIT); step S340 is performed.
Step S340, decrypting SEKRIT _ VALUE _ Base64 by utilizing RSA/ECB/PKCS1Padding, wherein key is ProtonMatIKey, and the obtained decryption VALUE is marked as SEKRIT _ DECRYPT; step S350 is performed.
Step S350, convert SEKRIT _ DECRYPT into a string SEKRIT _ DECRYPTED.
The method comprises the steps of utilizing USRPKEY _ ProtonNAIKey to DECRYPT SEKRIT parameters, initializing a Cipher instance with RSA/ECB/PKCS1Padding as a mode, enabling USRPKEY _ ProtonNAIKey as a parameter, then decoding SEKRIT parameters by base64, decrypting SEKRIT by using a Cipher object of the just-existing instance, and marking the value after decryption as SEKRIT _ DECRYPT.
In some embodiments, after obtaining the SEKRIT parameter of the ProtonMail encrypted mail, the SEKRIT parameter is stored locally, so as to decrypt the SEKRIT parameter locally. Furthermore, after the SEKRIT parameters are acquired, data are transmitted to the local for storage through a TLS1.3 protocol, and data stealing by a man-in-the-middle mode is effectively prevented.
Specifically, referring to fig. 4, a schematic diagram of transmission of the SEKRIT parameter according to an embodiment of the present disclosure is shown in fig. 4. As shown in fig. 4, first, a zero trust device application sandbox mode is introduced, the SEKRIT file is stored in the sandbox, and a user or an application that can access the SEKRIT file in the sandbox is released only after the zero trust system dynamic access control engine and the trust evaluation engine are approved and approved, so that a "policy enforcement point" in the server and the client can ensure the security of the SEKRIT file stored in the server and the security of the client acquisition process.
Secondly, the SEKRIT file introduces the current latest version TLS1.3 (transport layer protocol) protocol in the transmission process, which provides the following guarantee for data transmission:
(1) establishing a secure connection: providing encryption protection for data transmitted therein, preventing the visible plaintext from being sniffed by a man in the middle; integrity checks are provided for the data to prevent transmitted data from being modified by the man-in-the-middle.
(2) Establishing a trusted connection: and providing identity authentication for the entities connecting the two parties.
TLS1.3 discards a block encryption and stream encryption mechanism using MAC, and only uses an AEAD symmetric encryption algorithm as a unique encryption option, and at the same time, introduces the following contents:
a new key agreement mechanism-PSK (pre _ shared _ key, new key exchange and identity authentication mechanism), comprising: 0-RTT: one interaction between the client and the server (the client sends a message and the server responds a message) is called RTT, the TLS 1.2 generally adopts a handshake process of 2-RTT, and the server delay is obvious. TLS1.3 therefore introduces a 0-RTT mechanism, i.e. when TLS key agreement is just started, a portion of encrypted data can be attached for delivery to the other party. To achieve 0-RTT requires both parties to already hold a symmetric key, called PSK (pre _ shared _ key) in TLS1.3, when they start to establish a connection. PSK is an upgrade of the run choice mechanism in TLS 1.2, after TLS handshake is finished, the server may send a NST (new _ session _ ticket) message to the client, where the message records information such as PSK value, name, and validity period, and the PSK value may be used as an initial key material for the next connection establishment between the two parties. PSK is also an identity authentication mechanism because PSK is obtained from a previously established secure channel, and it is verified that both parties have the same PSK, and the identity of both parties can be verified as long as certificate authentication is no longer required.
A new key derivation function, HKDF (HMAC _ based _ key _ derivation _ function), in which the key material obtained through key agreement may not be enough in randomness, and the agreement process can be known to an attacker, a key derivation function is needed to obtain a more secure key from the initial key material (PSK or key calculated through DH key agreement). HKDF is just one of the algorithms used in TLS1.3, and can output a new key with higher security by using the negotiated key material and the hash value of the packet in the handshake phase as inputs. HKDF comprises a two-stage process of extract _ the _ expand. The extract procedure increases the randomness of the keying material, and the key derivation function PRF used in TLS 1.2 actually implements only the extended part of HKDF and does not undergo the extract, but directly assumes that the randomness of the keying material already meets the requirements.
The only reserved encryption mode, AEAD (Authenticated _ Encrypted _ with _ associated _ data), wherein the final purpose of the TLS protocol is to negotiate a symmetric key and an encryption algorithm used in the session process, and both parties finally encrypt the message by using the key and the symmetric encryption algorithm. AEAD integrates the integrity check function and the data encryption function into the same algorithm to complete, and is the only encryption mode supported in TLS 1.3. TLS 1.2 also supports stream cipher and CBC block cipher methods, using MAC to check integrity data, both of which have proven to have certain security flaws. However, there are studies that show that AEAD also has certain limitations: after the plaintext encrypted by using the same key reaches a certain length, the security of the ciphertext can not be ensured. Therefore, TLS1.3 introduces a Key Update mechanism, one party (usually a server) can send a Key Update (KU) message to the other party, and the other party uses HKDF once again for the current session Key after receiving the message, calculates a new session Key, and uses the Key to complete subsequent communication.
When the ProtonMail is opened every time, after strict TLS1.3 handshake, the SEKRIT file is transmitted and reaches the equipment end to decrypt and load the mail content, so that the possibility that lawless persons read the locally stored SEKRIT parameter to decrypt the mail content is eliminated, and the safety of ProtonMail data is more reliable.
Optionally, in step S130, a private key is obtained based on the decrypted character string and the currently logged-in user name.
In some embodiments, the obtaining a private key based on the decrypted character string and the currently logged-in user name includes:
coding the current login user name to obtain a coded user name;
generating the private key encryption value based on the decrypted character string and the encoded user name;
and decrypting the private key encrypted value to obtain the private key.
In some embodiments, encoding the currently logged-in username to obtain an encoded username includes:
and performing base64 encoding on the currently logged user name username, so as to obtain an encoded user name username _ base 64.
Specifically, the decryption private key first needs to read the currently logged-in user name, and the value of < string name ═ username > in the ch.protomail.android _ preferences.xml can be read from the/data/data/ch.protomail.android/shared _ prefs directory, tentatively named username, and subjected to base64 encoding, tentatively named username _ base64, and the composition file name is username _ base64-ssp.
In some embodiments, referring to fig. 5, fig. 5 shows a schematic flow chart of generating a private key cryptographic value according to an embodiment of the present disclosure. As shown in fig. 5, the generating the private key encrypted value based on the decrypted character string and the encoded user name includes:
step S510, SHA-256 encryption is carried out on the decrypted character string to obtain an encrypted character string SEKRIT _ KEY;
step S520, encrypting the character string 'priv _ KEY' by taking the Cipher instance and the parameter KEY of the AES mode as the encrypted character string SEKRIT _ KEY to obtain the encrypted character string priv _ KEY _ encrypted;
step S530, performing base64 encoding on the encrypted character string priv _ key _ encrypted to obtain the private key encryption value priv _ key _ encrypted _ base 64.
Before decrypting the private key, an attribute value corresponding to the xml file needs to be generated, and an encrypted value corresponding to the private key can be read. As shown in fig. 5, SHA-256 is performed once based on the decrypted character string SEKRIT _ DECRYPTED in the previous step, and is temporarily named as SEKRIT _ KEY. Next, the Cipher instance is initialized, in AES mode, the string "priv _ KEY" is encrypted, the decrypted value is named priv _ KEY _ encrypted temporarily, and then priv _ KEY _ encrypted is encoded by using base64, and named priv _ KEY _ encrypted _ base64 temporarily, which illustrates that although the string "priv _ KEY" is a fixed value, the value is different after different devices have encrypted, because each device USRPKEY _ protonmaikey is different, so that the device cannot read the KEY value using the fixed encrypted value.
In some embodiments, the decrypting the attribute value corresponding to the encrypted value of the private key to obtain the private key includes:
reading an attribute value private _ key _ value _ encrypted corresponding to the private key encryption value private _ key _ encrypted _ base 64;
performing base64 decoding on the attribute value private _ key _ value _ encrypted to obtain a decoded attribute value private _ key _ value _ encrypted _ base 64;
and decrypting the decoded attribute value private _ KEY _ value _ encrypted _ base64 by taking a Cipher instance and a parameter KEY of an AES mode as the encrypted character string SEKRIT _ KEY to obtain the private KEY.
Specifically, referring to fig. 6, fig. 6 shows a schematic flow diagram of decrypting a private key according to an embodiment of the present disclosure. As shown in fig. 6, includes:
step S610, reading the username _ base64-SSP. xml file, if the file exists, executing step S620, otherwise ending.
Step S620, reading a value corresponding to the "private _ key _ encrypted _ base64" > and recording the value as private _ key _ value _ encrypted; step S630 is performed.
Step S630, base64 decoding the private _ key _ value _ encrypted, and marking as private _ key _ value _ encrypted _ base 64; step S640 is performed.
Step 640, performing SHA-256 on the parameter SEKRIT _ DECRYPTED once, and recording as SEKRIT _ KEY; step S650 is performed.
Step S650, perform AES-ECB decryption on PRIVATE _ KEY _ value _ encrypted _ base64, where the parameter KEY is SEKRIT _ KEY, and obtain a decryption result PGP _ PRIVATE _ KEY, that is, a PRIVATE KEY.
The value of user name _ base64-ssp under the mobile phone directory, xml file < running name ═ priv _ key _ encrypted _ base64 > is recorded as private _ key _ value _ encrypted, as shown in fig. 6, base64 decoding is first performed on private _ key _ value _ encrypted, and the value is recorded as private _ key _ value _ encrypted _ base 64. Then, SHA-256 is performed once for parameter SEKRIT _ DECRYPTED, and is recorded as SEKRIT _ KEY. Instantiating a Cipher object, using an AES mode, wherein the KEY value is SEKRIT _ KEY, and then decrypting the private _ KEY _ value _ encrypted _ base64 to obtain the private KEY required by the PGP decryption algorithm.
Optionally, in step S140, the ProtonMail encrypted mail is decrypted based on the private key, and the mail content of the ProtonMail encrypted mail is obtained.
Specifically, XXX-messagesdatabase.db is decrypted, where XXX is the value of username _ base64 in the previous step, and the Body value in the table messagev3 in the database file is read, and then decrypted by using a tool pgp4win, so as to obtain the mail content after decryption.
It should be noted that the method of one or more embodiments of the present disclosure may be performed by a single device, such as a computer or server. The method of the embodiment can also be applied to a distributed scene and completed by the mutual cooperation of a plurality of devices. In such a distributed scenario, one of the devices may perform only one or more steps of the method of one or more embodiments of the present disclosure, and the devices may interact with each other to complete the method.
It should be noted that the above description describes certain embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Based on the same inventive concept, corresponding to any of the above-described method embodiments, one or more embodiments of the present specification further provide a secure reading apparatus for ProtonMail encrypted mail.
Referring to fig. 7, the ProtonMail encrypted mail secure reading apparatus includes:
the acquisition module is used for acquiring SEKRIT parameters of the Protonmail encryption mail;
the SEKRIT parameter decryption module is used for decrypting the SEKRIT parameter to obtain a decrypted character string;
the private key module is used for obtaining a private key based on the decrypted character string and the current login user name;
and the reading module is used for decrypting the Protonmail encrypted mail based on the private key to obtain the mail content of the Protonmail encrypted mail.
For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, the functionality of the modules may be implemented in the same one or more software and/or hardware implementations in implementing one or more embodiments of the present description.
The device in the foregoing embodiment is used to implement the secure reading method for the ProtonMail encrypted mail in any one of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Based on the same inventive concept, corresponding to any of the above-mentioned embodiments, one or more embodiments of the present specification further provide an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the program, the method for securely reading the ProtonMail encrypted mail according to any of the above-mentioned embodiments is implemented.
Fig. 8 is a schematic diagram illustrating a more specific hardware structure of an electronic device according to this embodiment, where the electronic device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component within the device (not shown) or may be external to the device to provide corresponding functionality. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present device and other devices. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
The electronic device of the foregoing embodiment is used to implement the secure reading method for the ProtonMail encrypted mail in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Based on the same inventive concept, corresponding to any of the above-described embodiment methods, one or more embodiments of the present specification further provide a non-transitory computer-readable storage medium storing computer instructions for causing the computer to perform the method for secure reading of proto-mail encrypted mail according to any of the above-described embodiments.
Computer-readable media, including both permanent and non-permanent, removable and non-removable media, for storing information may be implemented in any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device.
The storage medium of the above embodiment stores computer instructions for causing the computer to execute the method for securely reading proto mail according to any of the above embodiments, and has the beneficial effects of the corresponding method embodiments, which are not described herein again.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the spirit of the present disclosure, features from the above embodiments or from different embodiments may also be combined, steps may be implemented in any order, and there are many other variations of different aspects of one or more embodiments of the present description as described above, which are not provided in detail for the sake of brevity.
In addition, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures for simplicity of illustration and discussion, and so as not to obscure one or more embodiments of the description. Furthermore, devices may be shown in block diagram form in order to avoid obscuring the understanding of one or more embodiments of the present description, and this also takes into account the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the one or more embodiments of the present description are to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the disclosure, it should be apparent to one skilled in the art that one or more embodiments of the disclosure can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.
While the present disclosure has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations thereof will be apparent to those skilled in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic ram (dram)) may use the discussed embodiments.
It is intended that the one or more embodiments of the present specification embrace all such alternatives, modifications and variations as fall within the broad scope of the appended claims. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of one or more embodiments of the present disclosure are intended to be included within the scope of the present disclosure.
Claims (10)
1. A method for securely reading ProtonMail encrypted mail, comprising:
obtaining SEKRIT parameters of a Protonmail encrypted;
decrypting the SEKRIT parameter to obtain a decrypted character string;
obtaining a private key based on the decrypted character string and the current login user name;
and decrypting the Protonmail based on the private key to obtain the mail content of the Protonmail.
2. The method of claim 1, wherein obtaining the SEKRIT parameter of the ProtonMail encrypted mail comprises:
constructing a simulation application program for simulating ProtonMail;
reading a ProtonAilKey based on the simulation application program;
reading the SEKRIT parameter in the ch.protomail.android _ references.xml file from a directory based on the ProtonMailKey.
3. The method of claim 2, wherein decrypting the SEKRIT parameter to obtain a decrypted string comprises:
performing Base64 decoding on the attribute VALUE SEKRIT _ VALUE of the SEKRIT parameter to obtain a decoded attribute VALUE SEKRIT _ VALUE _ Base 64;
and decrypting the decoded attribute VALUE SEKRIT _ VALUE _ Base64 based on the Cipher instance with the initialization mode of RSA/ECB/PKCS1Padding and the parameter key of ProtonMatilKey to obtain a decrypted character string SEKRIT _ DECRYPTED.
4. The method of claim 1, wherein obtaining a private key based on the decrypted string and a currently logged-in user name comprises:
coding the current login user name to obtain a coded user name;
generating the private key encryption value based on the decrypted character string and the encoded user name;
and decrypting the private key encryption value to obtain the private key.
5. The method of claim 4, wherein encoding the currently logged-in username to obtain an encoded username comprises:
and performing base64 encoding on the currently logged user name username, so as to obtain an encoded user name username _ base 64.
6. The method of claim 5, wherein generating the private key secret based on the decrypted string and the encoded username comprises:
performing SHA-256 encryption on the decrypted character string to obtain an encrypted character string SEKRIT _ KEY;
encrypting the character string 'priv _ KEY' by taking a Cipher instance and a parameter KEY of an AES mode as the encrypted character string SEKRIT _ KEY to obtain an encrypted character string priv _ KEY _ encrypted;
and performing base64 encoding on the encrypted character string priv _ key _ encrypted to obtain the private key encryption value priv _ key _ encrypted _ base 64.
7. The method according to claim 6, wherein the decrypting the attribute value corresponding to the encrypted value of the private key to obtain the private key comprises:
reading an attribute value private _ key _ value _ encrypted corresponding to the private key encryption value private _ key _ encrypted _ base 64;
performing base64 decoding on the attribute value private _ key _ value _ encrypted to obtain a decoded attribute value private _ key _ value _ encrypted _ base 64;
and decrypting the decoded attribute value private _ KEY _ value _ encrypted _ base64 by taking a Cipher instance and a parameter KEY of an AES mode as the encrypted character string SEKRIT _ KEY to obtain the private KEY.
8. A secure reading apparatus for ProtonMail encrypted mail, comprising:
the acquisition module is used for acquiring SEKRIT parameters of the Protonmail encrypted mail;
the SEKRIT parameter decryption module is used for decrypting the SEKRIT parameter to obtain a decrypted character string;
the private key module is used for obtaining a private key based on the decrypted character string and the current login user name;
and the reading module is used for decrypting the Protonmail encrypted mail based on the private key to obtain the mail content of the Protonmail encrypted mail.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1 to 7 when executing the program.
10. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110387604.6A CN112995204B (en) | 2021-04-09 | 2021-04-09 | Method, device, equipment and storage medium for safely reading Protonmail encrypted mail |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110387604.6A CN112995204B (en) | 2021-04-09 | 2021-04-09 | Method, device, equipment and storage medium for safely reading Protonmail encrypted mail |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112995204A CN112995204A (en) | 2021-06-18 |
| CN112995204B true CN112995204B (en) | 2022-07-08 |
Family
ID=76337923
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110387604.6A Active CN112995204B (en) | 2021-04-09 | 2021-04-09 | Method, device, equipment and storage medium for safely reading Protonmail encrypted mail |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112995204B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113992328A (en) * | 2021-10-27 | 2022-01-28 | 北京房江湖科技有限公司 | Zero trust transport layer flow authentication method, device and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1794629A (en) * | 2005-12-26 | 2006-06-28 | 上海洲信信息技术有限公司 | Method of ensuring safety of electronic mail |
| CN102118381A (en) * | 2010-09-20 | 2011-07-06 | 中科方德软件有限公司 | Safe mail system based on USBKEY (Universal Serial Bus Key) and mail encrypting-decrypting method |
| US8954740B1 (en) * | 2010-10-04 | 2015-02-10 | Symantec Corporation | Session key proxy decryption method to secure content in a one-to-many relationship |
| CN108011885A (en) * | 2017-12-07 | 2018-05-08 | 北京科技大学 | A kind of E-mail encryption method and system based on group cipher system |
| CN109583217A (en) * | 2018-11-21 | 2019-04-05 | 深圳市易讯天空网络技术有限公司 | A kind of encryption of internet electric business platform user private data and decryption method |
| CN110177114A (en) * | 2019-06-06 | 2019-08-27 | 腾讯科技(深圳)有限公司 | The recognition methods of network security threats index, unit and computer readable storage medium |
| US10491631B1 (en) * | 2017-01-10 | 2019-11-26 | Anonyome Labs, Inc. | Apparatus and method for augmenting a messaging application with cryptographic functions |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090217027A1 (en) * | 2008-02-21 | 2009-08-27 | Zenlok Corporation | Safe e-mail for everybody |
-
2021
- 2021-04-09 CN CN202110387604.6A patent/CN112995204B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1794629A (en) * | 2005-12-26 | 2006-06-28 | 上海洲信信息技术有限公司 | Method of ensuring safety of electronic mail |
| CN102118381A (en) * | 2010-09-20 | 2011-07-06 | 中科方德软件有限公司 | Safe mail system based on USBKEY (Universal Serial Bus Key) and mail encrypting-decrypting method |
| US8954740B1 (en) * | 2010-10-04 | 2015-02-10 | Symantec Corporation | Session key proxy decryption method to secure content in a one-to-many relationship |
| US10491631B1 (en) * | 2017-01-10 | 2019-11-26 | Anonyome Labs, Inc. | Apparatus and method for augmenting a messaging application with cryptographic functions |
| CN108011885A (en) * | 2017-12-07 | 2018-05-08 | 北京科技大学 | A kind of E-mail encryption method and system based on group cipher system |
| CN109583217A (en) * | 2018-11-21 | 2019-04-05 | 深圳市易讯天空网络技术有限公司 | A kind of encryption of internet electric business platform user private data and decryption method |
| CN110177114A (en) * | 2019-06-06 | 2019-08-27 | 腾讯科技(深圳)有限公司 | The recognition methods of network security threats index, unit and computer readable storage medium |
Non-Patent Citations (4)
| Title |
|---|
| Shared parameters with symmetric key in E-MAIL security;S.Bal等;《2015 International Conference and Workshop on Computing and Communication (IEMCON)》;20151203;第1-4页 * |
| 一种安全Web电子邮件客户端设计;张学旺等;《计算机工程》;20080720;第34卷(第14期);第177-179页 * |
| 基于RLWE的后量子密钥交换协议构造和应用;高昕炜;《中国博士学位论文全文数据库信息科技辑》;20200115(第1期);第A005-17页 * |
| 新型安全电子邮件加密***的设计与实现;李海江;《信息安全与技术》;20120710;第11-13页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112995204A (en) | 2021-06-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10129240B2 (en) | Distributing security codes through a restricted communications channel | |
| US10027631B2 (en) | Securing passwords against dictionary attacks | |
| EP3324572B1 (en) | Information transmission method and mobile device | |
| CN111615105B (en) | Information providing and acquiring method, device and terminal | |
| CN101621794A (en) | Method for realizing safe authentication of wireless application service system | |
| CN103036674B (en) | Computer permission control method based on mobile dynamic password | |
| CN108616352B (en) | Dynamic password generation method and system based on secure element | |
| CN113067823B (en) | Mail user identity authentication and key distribution method, system, device and medium | |
| CN109272314A (en) | A kind of safety communicating method and system cooperateing with signature calculation based on two sides | |
| WO2008053279A1 (en) | Logging on a user device to a server | |
| CN114553590A (en) | Data transmission method and related equipment | |
| CN114567470A (en) | SDK-based key splitting verification system and method under multiple systems | |
| CN116244750A (en) | Secret-related information maintenance method, device, equipment and storage medium | |
| KR101358375B1 (en) | Prevention security system and method for smishing | |
| US20060053288A1 (en) | Interface method and device for the on-line exchange of content data in a secure manner | |
| CN108768655B (en) | Dynamic password generation method and system | |
| CN112995204B (en) | Method, device, equipment and storage medium for safely reading Protonmail encrypted mail | |
| Fahl et al. | Trustsplit: usable confidentiality for social network messaging | |
| CN108737087B (en) | Protection method for mailbox account password and computer readable storage medium | |
| Sinnhofer et al. | Patterns to establish a secure communication channel | |
| US20160057118A1 (en) | Communication security system and method | |
| Jung et al. | Securing RTP Packets Using Per‐Packet Key Exchange for Real‐Time Multimedia | |
| US20240039899A1 (en) | System and method for web-browser based end-to-end encrypted messaging and for securely implementing cryptography using client-side scripting in a web browser | |
| CN115996126B (en) | Information interaction method, application device, auxiliary platform and electronic device | |
| CN111970281B (en) | Routing equipment remote control method and system based on verification server and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |