CN114866229A - Data encryption and decryption method and device based on Kubernetes - Google Patents

Data encryption and decryption method and device based on Kubernetes Download PDF

Info

Publication number
CN114866229A
CN114866229A CN202210331216.0A CN202210331216A CN114866229A CN 114866229 A CN114866229 A CN 114866229A CN 202210331216 A CN202210331216 A CN 202210331216A CN 114866229 A CN114866229 A CN 114866229A
Authority
CN
China
Prior art keywords
data
encrypted
encryption
pod
sub
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210331216.0A
Other languages
Chinese (zh)
Inventor
王晓亮
张大勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Rivtower Technology Co Ltd
Original Assignee
Hangzhou Rivtower Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Rivtower Technology Co Ltd filed Critical Hangzhou Rivtower Technology Co Ltd
Priority to CN202210331216.0A priority Critical patent/CN114866229A/en
Publication of CN114866229A publication Critical patent/CN114866229A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the specification discloses a data encryption and decryption method and device based on Kubernetes, wherein the method expands a plurality of Pod in the Kubernetes; presetting a data segmentation threshold; if the length of the data to be encrypted is larger than the threshold value, the method comprises the following steps: dividing the data to be encrypted into a plurality of sub-data corresponding to the expansion number of the Pod, and starting a single multithread to call the corresponding Pod to sequentially execute the same encryption algorithm and the same encoding rule corresponding to each sub-data; splicing a plurality of sub data which are subjected to encryption coding by adopting specific characters to obtain encrypted data; splitting the encrypted data into a plurality of sub-data, starting a single multithread to call corresponding Pod to execute a decoding rule and a decryption algorithm in sequence corresponding to each split sub-data; and splicing the plurality of copies of the sub data which are decoded and decrypted to obtain decrypted data. According to the invention, through expanding the Pod to Kubernets, presetting threshold segmentation data, adopting a mode that the Pod corresponds to a start thread, and combining with equal-length data coding and decoding, the encryption and decryption performance is improved, and various types of data such as texts can be processed.

Description

Data encryption and decryption method and device based on Kubernetes
Technical Field
The present disclosure relates to the field of computer software technologies, and in particular, to a Kubernetes-based data encryption and decryption method and apparatus, an electronic device, and a storage medium.
Background
For a symmetric or asymmetric data encryption and decryption algorithm, the computing power of a computing unit of a CPU is mainly used, and the requirement on the computing power is high. Under the condition of a widely adopted cloud computing platform, how to improve the computing performance of data encryption and decryption is one of the concerns. At present, a cloud computing platform deploys services in a kubernets Pod form, and computing resources are usually limited within a 1-core CPU and a 2G memory. Under the condition of single Pod, for the encryption and decryption process of large files and large texts, the required encryption and decryption time is increased along with the increase of the length of plaintext data. Although a program running in the POD can use the multithreading technology, the single POD has limited allocated CPU resources and cannot achieve the capability of multithreading concurrent computation. Therefore, how to improve the computing performance by extending Pod and introducing multithreading in the case of multiple Pod is a technical problem to be solved.
Disclosure of Invention
An object of the embodiments of the present specification is to provide a method, an apparatus, an electronic device, and a storage medium for deploying cloud native blockchain software in kubernets, which address the above problems.
In order to solve the above technical problem, the embodiments of the present specification are implemented as follows:
in the Kubernetes, a plurality of Pod used for executing data encryption and decryption are expanded; presetting a threshold value for dividing data to be encrypted; if the length of the data to be encrypted is larger than the threshold value, the method comprises the following steps:
dividing the data to be encrypted into a plurality of sub-data corresponding to the expansion number of the Pod, and starting a single multithreading to call the corresponding Pod to sequentially execute the same encryption algorithm and the same encoding rule corresponding to each sub-data;
splicing a plurality of sub data which are subjected to encryption coding by adopting specific characters to obtain encrypted data, wherein the specific characters do not comprise the characters used by the coding rule;
splitting the encrypted data into a plurality of sub-data according to the specific character, starting a single multithread call corresponding Pod to sequentially execute a decoding rule corresponding to the code and a decryption algorithm corresponding to the encryption;
and splicing the plurality of sub-data which are decoded and decrypted to obtain decrypted data.
In a second aspect, a kubernets-based data encryption and decryption apparatus is provided, including:
a Pod extension module for extending a plurality of pods for performing data encryption and decryption in kubernets;
the threshold management module is used for managing the threshold for dividing the data to be encrypted;
the encryption coding module is used for dividing the data to be encrypted into a plurality of sub-data corresponding to the expansion number of the Pod when the length of the data to be encrypted is larger than the threshold value a, and starting a single multithread to call the corresponding Pod to sequentially execute the same encryption algorithm and the same coding rule corresponding to each sub-data;
the encrypted data generation module is used for splicing a plurality of sub data which are encrypted and encoded by adopting specific characters to obtain encrypted data, wherein the specific characters do not comprise the characters used by the encoding rule;
the decoding and decrypting module is used for splitting the encrypted data into a plurality of sub-data according to the specific character, starting a single multithreading call corresponding Pod to sequentially execute a decoding rule corresponding to the code and a decryption algorithm corresponding to the encryption corresponding to each sub-data after splitting;
and the decrypted data output module is used for splicing the plurality of sub-data which are decoded and decrypted to obtain decrypted data.
In a third aspect, an electronic device is provided, including: a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to perform the method of the first aspect.
In a fourth aspect, a computer-readable storage medium is presented, storing one or more programs which, when executed by an electronic device comprising a plurality of application programs, cause the electronic device to perform the method of the first aspect.
The specification can achieve at least the following technical effects:
according to the invention, through expanding the Kubernets, segmenting data according to the encrypted data length threshold, adopting a mode of correspondingly starting threads by the Pod, combining with the equal-length data encoding and decoding rules and an optimized character string splicing mode, the problem of inconsistent ciphertext lengths caused by different encryption algorithms or after plaintext encryption is solved, the encryption and decryption performance is effectively improved, and various types of data such as texts, documents and the like can be processed.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present specification, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.
Fig. 1 is a schematic diagram of a data encryption and decryption method based on Kubernetes according to an embodiment of the present disclosure.
Fig. 2 is a second schematic diagram of a data encryption and decryption method based on Kubernetes according to an embodiment of the present disclosure.
Fig. 3 is a schematic diagram of a Kubernetes-based data encryption and decryption apparatus according to an embodiment of the present disclosure.
Fig. 4 is a second schematic diagram of a data encryption and decryption apparatus based on Kubernetes according to an embodiment of the present disclosure.
Fig. 5 is a schematic structural diagram of an electronic device provided in an embodiment of the present specification.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.
A Kubernetes-based data encryption and decryption scheme referred to in the present specification is described in detail below by way of specific examples.
Key terms
Kubernetes: abbreviation K8s is an abbreviation resulting from 8 replacing the 8 characters "ubernet" in the middle of the name. The Kubernetes is an open source and used for managing containerized applications on a plurality of hosts in a cloud platform, aims to make the application of the containerization simple and efficient to deploy (powerfull), and provides a mechanism for deploying, planning, updating and maintaining the applications. A traditional deployment of applications is to install the applications through plug-ins or scripts. The disadvantage of this is that the running, configuration, management, and all life cycles of the application will be bound to the current operating system, which is not beneficial to the upgrade update/rollback and other operations of the application, and certainly, some functions can be implemented by creating a virtual machine, but the virtual machine is very heavy and not beneficial to portability. The new mode is realized by deploying containers, each container is isolated from each other, each container has a file system, processes among the containers cannot influence each other, and computing resources can be distinguished. Compared with a virtual machine, the container can be deployed rapidly, and the container can be migrated among different clouds and different versions of operating systems because the container is decoupled from underlying facilities and a machine file system. The container occupies less resources and is fast to deploy, each application can be packaged into a container mirror image, the container has greater advantages due to the one-to-one relationship between each application and the container, and the container mirror image can be created for the application at the stage of build or release by using the container, because each application does not need to be combined with the rest of application stacks and does not depend on the production environment infrastructure, and a consistent environment can be provided from research and development to test and production. Similarly, containers are lighter weight, more "transparent" than virtual machines, which is more convenient to monitor and manage.
Kubernetes Pod: the Pod is the smallest unit that can be created and deployed in Kubernetes, is an application instance in a Kubernetes cluster, and is always deployed on the same Node. The Pod includes one or more containers and also includes resources shared by the containers such as storage and network. Divided into single container Pod and multi-container Pod. The most common application of single container Pod; while multi-container Pod, kubernets, will guarantee that all containers run in the same physical or virtual host. Multi-container Pod is a relatively high-order mode of use that is generally not recommended unless the application coupling is particularly severe. Containers within a Pod share IP addresses and port ranges, and the containers can access each other through localhost. The use of Pod has many benefits: (1) the Pod is used as a service unit which can run independently, so that the difficulty of application deployment is simplified, and great convenience is provided for application deployment management by a higher abstraction level; (2) the Pod as the minimum application instance can run independently, and can be deployed, expanded and contracted horizontally and conveniently perform scheduling management and resource allocation; (3) containers in the Pod share the same data and network address space, and unified resource management and allocation are also performed among the pods.
Example one
Referring to fig. 1, a Kubernetes-based data encryption and decryption method in an embodiment of the present invention is shown. It should be noted here that since kubernets is an open source and is used for managing containerization applications on multiple hosts in a cloud platform, the embodiment of the present invention is implemented on a cloud platform built using kubernets. However, this does not mean that it can only be used in kubernets, and all schemes that can implement data encryption and decryption by extending containers and supporting multi-thread work are within the scope of the present invention. The method of the embodiment of the invention comprises the following steps:
step 101: a plurality of Pod for performing data encryption and decryption is extended in kubernets. It should be noted that, in the cloud platform environment using kubernets, the Pod introduced above is used as the minimum application instance, which can operate independently, and can be deployed, horizontally expanded and contracted conveniently, and schedule management and resource allocation conveniently, assuming that the kubernets extend N pods, which is equivalent to kubernets scheduling to N hosts, that is, N independent CPUs can be used to deploy encryption and decryption programs, which is substantially equivalent to deploying an encryption and decryption service cluster.
Step 102: a threshold for segmenting data to be encrypted is preset.
Specifically, the threshold value is used for judging whether the length of the data needing to be encrypted is suitable for directly encrypting and decrypting. Because different types of data have different requirements on the performance of a CPU in the encryption and decryption processes, the reasonable introduction of the segmentation threshold can effectively segment the data to be encrypted into a plurality of parts which are delivered to N expanded Pods for processing, so that the effect of multi-host cooperative parallel processing can be realized. While the selection of the threshold is a key factor, optionally, the optimal value is selected to be determined according to the processing capacity of the single Pod and the specific encryption algorithm. The processing capacity of a single Pod mainly refers to the computing capacity of a single CPU of a host called by the Pod; however, the influence of a specific encryption algorithm is mainly considered, and the calculation complexity of the encryption algorithm and the calculation resources required by the encryption calculation process are mainly considered. For example, 1MB may be selected as the threshold, and data exceeding 1MB may be divided into N portions for subsequent processing.
Step 103: and when the length of the data to be encrypted is larger than the threshold value, dividing the data to be encrypted into a plurality of sub-data corresponding to the expansion number of the Pod, and starting a single multithreading to call the corresponding Pod to sequentially execute the same encryption algorithm and the same encoding rule corresponding to each sub-data.
Specifically, assuming that the length of Data to be encrypted is greater than the previously set threshold, then if kubernets has extended N Pod, Data will be divided into N parts, i.e., { Data _1, Data _2, …, Data _ N }, where it is not required that N parts of Data are divided into equal size, i.e., equal size or unequal size. For each sub-Data, a multithreading is started by the main program, namely Data _1 corresponds to Thread _1_ e, and Data _ N corresponds to Thread _ N _ e. Each multithreading corresponds to one Pod, and the Pod executes a corresponding encryption algorithm to encrypt the Data, namely Data _1 corresponds to Thread _1_ e, and Thread _1_ e calls Pod _1 to encrypt Data _ 1. Similarly, Data _2, …, and Data _ N also complete the corresponding encryption calculation, and the encryption method used by { Data _1, Data _2, …, Data _ N } is exactly the same, which is obvious. After the encryption calculation, { Data _1_ e, Data _2_ e, …, Data _ N _ e } is obtained. As mentioned above, since N pieces of data are not necessarily divided into equal lengths, the lengths of encrypted ciphertexts may be different, and since the ciphertexts need to be combined to form the final encrypted data, if the ciphertexts are decrypted according to the length rule, the complexity of the subsequent ciphertext decryption process is increased. Next, it is necessary to encode { Data _1_ e, Data _2_ e, …, Data _ N _ e } using the same encoding rule, so that the encoded { Data _1_ e, Data _2_ e, …, Data _ N _ e } has the same ciphertext length.
Alternatively, any encoding rule that can make the encoded ciphertext have the same length is within the protection scope of the present invention, for example, the Base64 encoding rule or the Base58 encoding rule may be used. In this embodiment, Base64 is selected as the encoding rule. Base64 encoding requires that 3 8-bit bytes (3 × 8 ═ 24) be converted into 4 6-bit bytes (4 × 6 ═ 24), followed by two 0 s preceding the 6 bits, resulting in an 8-bit one-byte format. If the remaining characters are less than 3 bytes, the characters are filled with 0, and the output characters are used, ', so that 1 or 2,' may appear at the end of the text output after encoding; to ensure that the output encoded bits are readable, Base64 has formulated an encoding table for uniform conversion. The size of the coding table is 2 6 This is also the origin of the Base64 name 64. The operation principle of Base64 is not described again, but after the encoding is finished, the N pieces of Data { Data _1_ e64, Data _2_ e64, … and Data _ N _ e64} should have the same length.
Step 104: and splicing a plurality of sub data which are subjected to encryption coding by adopting specific characters to obtain encrypted data, wherein the specific characters do not comprise the characters used by the coding rule. For the identifiability of the subsequent decryption process, the specific characters selected here must be unused characters in the above-mentioned encoding rule, for example, 64 characters used by Base64 encoding cannot be included and ═ c. Assume that @ is used as a specific character for splicing in this embodiment, that is, the obtained encrypted data is: data _ e64 ═ Data _1_ e64@ Data _2_ e64@ … @ Data _ N _ e 64.
Step 105: and splitting the encrypted data into a plurality of sub-data according to the specific character, and starting a single multithread call corresponding Pod to sequentially execute a decoding rule corresponding to the code and a decryption algorithm corresponding to the encryption.
Specifically, the data decryption process and the encryption process are the corresponding opposite processes. In this embodiment, since @ is used as the specific character for the concatenation to obtain the encrypted Data _ e64 ═ Data _1_ e64@ Data _2_ e64@ … @ Data _ N _ e64, in the decryption process, @ is first identified and Data _ e64 ═ Data _1_ e64@ Data _2_ e64@ … @ Data _ N _ e6 is split into independent sub-Data { Data _1_ e64, Data _2_ e64, …, Data _ N _ e64 }. For each sub-Data, a multithreading is started by the main program, namely Data _1_ e64 corresponds to Thread _1_ d, and Data _ N _ e64 corresponds to Thread _ N _ d. Each multithreading corresponds to a Pod, the Pod executes a corresponding Base64 decoding rule, the subdata is decoded into { Data _1_ e, Data _2_ e, … and Data _ N _ e }, the Data is decrypted into { Data _1, Data _2, … and Data _ N } by using a corresponding decryption algorithm, and the specific decryption process is not repeated.
Step 106: and splicing the plurality of sub-data which are decoded and decrypted to obtain decrypted data. That is, the byte stream splicing is performed for each decoded and decrypted Data byte stream, and the spliced complete byte stream Data — Data _1Data _2 … Data _ N is returned as the encryption result.
Another implementation scheme of the data encryption and decryption method based on Kubernetes is provided in this embodiment as shown in fig. 2, and further includes:
step 107: and when the length of the data to be encrypted is not greater than the threshold value, the data to be encrypted executes a corresponding encryption algorithm to obtain encrypted data, and the encrypted data executes a corresponding decryption algorithm and outputs decrypted data. It should be noted that, if the length of the data to be encrypted does not exceed the threshold, the data is divided and then the Pod start thread is called to encrypt and decrypt, which may not achieve the effect of improving the computing performance of encryption and decryption, because for a multi-cluster, the processes of calling resources, starting threads, and the like also need to call computing resources. Therefore, it also demonstrates how to select the optimal threshold value that balances the individual Pod processing power and the computational complexity of a particular encryption algorithm is one of the keys of the inventive solution.
Example two
Fig. 3 is a schematic structural diagram of a Kubernetes-based data encryption and decryption apparatus 300 according to an embodiment of the present disclosure. Referring to fig. 3, in an embodiment, a kubernets-based data encryption and decryption apparatus includes:
a Pod extension module 301 for extending a plurality of pods for performing data encryption and decryption in kubernets.
A threshold management module 302, configured to manage a threshold for dividing data to be encrypted.
And the encryption coding module 303 is configured to, when the length of the to-be-encrypted data is greater than the threshold a, divide the to-be-encrypted data into multiple pieces of subdata corresponding to the expansion number of the Pod, and start a single multithreading to call the corresponding Pod to sequentially execute the same encryption algorithm and the same coding rule corresponding to each piece of the subdata.
An encrypted data generating module 304, configured to splice multiple copies of the subdata that have been encrypted and encoded with a specific character to obtain encrypted data, where the specific character does not include a character used by the encoding rule.
The decoding and decrypting module 305 is configured to split the encrypted data into multiple sub-data according to the specific character, and to start a single multithread to call a corresponding Pod to sequentially execute a decoding rule corresponding to the encoding and a decryption algorithm corresponding to the encryption, corresponding to each split sub-data.
And a decrypted data output module 306, configured to splice the multiple sub-data that have been decoded and decrypted to obtain decrypted data.
This embodiment proposes another implementation of a data encryption and decryption apparatus based on kubernets, as shown in fig. 4, further including:
and the short data encryption and decryption module 307 is configured to, when the length of the to-be-encrypted data is not greater than the threshold, perform a corresponding encryption algorithm on the to-be-encrypted data to obtain encrypted data, perform a corresponding decryption algorithm on the encrypted data, and output decrypted data.
It should be understood that, in the embodiment of the present specification, the data encryption and decryption apparatus based on kubernets may also perform the method performed by the data encryption and decryption apparatus (or device) based on kubernets in fig. 1 to 2, and implement the functions of the data encryption and decryption apparatus (or device) based on kubernets in the example shown in fig. 1 to 2, which are not described herein again.
Example four
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present specification. Referring to fig. 5, at a hardware level, the electronic device includes a processor, and optionally further includes an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory, such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.
The processor, the network interface, and the memory may be connected to each other via an internal bus, which may be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 5, but this does not indicate only one bus or one type of bus.
And the memory is used for storing programs. In particular, the program may include program code comprising computer operating instructions. The memory may include both memory and non-volatile storage and provides instructions and data to the processor.
The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs the computer program to form the shared resource access control device on the logic level. The processor is used for executing the program stored in the memory and is specifically used for executing the following operations:
extending a plurality of Pod for performing data encryption and decryption in kubernets; presetting a threshold value for dividing data to be encrypted; when the length of the data to be encrypted is larger than the threshold value, the method comprises the following steps:
dividing the data to be encrypted into a plurality of sub-data corresponding to the expansion number of the Pod, and starting a single multithreading to call the corresponding Pod to sequentially execute the same encryption algorithm and the same encoding rule corresponding to each sub-data;
splicing a plurality of sub data which are subjected to encryption coding by adopting specific characters to obtain encrypted data, wherein the specific characters do not comprise the characters used by the coding rule;
splitting the encrypted data into a plurality of sub-data according to the specific character, starting a single multithread call corresponding Pod to sequentially execute a decoding rule corresponding to the code and a decryption algorithm corresponding to the encryption;
and splicing the plurality of sub-data which are decoded and decrypted to obtain decrypted data.
The Kubernetes-based data encryption and decryption method disclosed in the embodiments shown in fig. 1 to fig. 2 in this specification can be applied to a processor, or can be implemented by the processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present specification may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present specification may be embodied directly in a hardware decoding processor, or in a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.
Of course, besides the software implementation, the electronic device of the embodiment of the present disclosure does not exclude other implementations, such as a logic device or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or a logic device.
EXAMPLE five
Embodiments of the present specification also propose a computer-readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a portable electronic device comprising a plurality of application programs, are capable of causing the portable electronic device to perform the method of the embodiments shown in fig. 1-2, and in particular to perform the method of:
extending a plurality of Pod for performing data encryption and decryption in kubernets; presetting a threshold value for dividing data to be encrypted; when the length of the data to be encrypted is larger than the threshold value, the method comprises the following steps:
dividing the data to be encrypted into a plurality of sub-data corresponding to the expansion number of the Pod, and starting a single multithreading to call the corresponding Pod to sequentially execute the same encryption algorithm and the same encoding rule corresponding to each sub-data;
splicing a plurality of sub data which are subjected to encryption coding by adopting specific characters to obtain encrypted data, wherein the specific characters do not comprise the characters used by the coding rule;
splitting the encrypted data into a plurality of sub-data according to the specific character, starting a single multithread call corresponding Pod to sequentially execute a decoding rule corresponding to the code and a decryption algorithm corresponding to the encryption;
and splicing the plurality of sub-data which are decoded and decrypted to obtain decrypted data.
In short, the above description is only a preferred embodiment of the present disclosure, and is not intended to limit the scope of the present disclosure. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present specification shall be included in the protection scope of the present specification.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.

Claims (11)

1. A data encryption and decryption method based on Kubernetes is characterized in that a plurality of Pods used for executing data encryption and decryption are expanded in the Kubernetes; presetting a threshold value for dividing data to be encrypted; when the length of the data to be encrypted is larger than the threshold value, the method comprises the following steps:
dividing the data to be encrypted into a plurality of sub-data corresponding to the expansion number of the Pod, and starting a single multithreading to call the corresponding Pod to sequentially execute the same encryption algorithm and the same encoding rule corresponding to each sub-data;
splicing a plurality of sub data which are subjected to encryption coding by adopting specific characters to obtain encrypted data, wherein the specific characters do not comprise the characters used by the coding rule;
splitting the encrypted data into a plurality of sub-data according to the specific character, starting a single multithread call corresponding Pod to sequentially execute a decoding rule corresponding to the code and a decryption algorithm corresponding to the encryption;
and splicing the plurality of sub-data which are decoded and decrypted to obtain decrypted data.
2. The method of claim 1, wherein the threshold is determined according to a processing capability of a single Pod and a specific encryption algorithm selection optimization.
3. The method of claim 1, wherein the encoding rules cause the encoded data to have the same length, including Base64 or Base58 encoding rules.
4. The method of claim 1, further comprising: and when the length of the data to be encrypted is not greater than the threshold value, the data to be encrypted executes a corresponding encryption algorithm to obtain encrypted data, and the encrypted data executes a corresponding decryption algorithm and outputs decrypted data.
5. The method according to any one of claims 1 to 4, wherein the data to be encrypted comprises files and/or text.
6. A data encryption and decryption device based on Kubernetes is characterized by comprising:
a Pod extension module for extending a plurality of pods for performing data encryption and decryption in kubernets;
the threshold management module is used for managing the threshold for dividing the data to be encrypted;
the encryption coding module is used for dividing the data to be encrypted into a plurality of sub-data corresponding to the expansion number of the Pod when the length of the data to be encrypted is larger than the threshold value a, and starting a single multithread to call the corresponding Pod to sequentially execute the same encryption algorithm and the same coding rule corresponding to each sub-data;
the encrypted data generation module is used for splicing a plurality of sub data which are encrypted and encoded by adopting specific characters to obtain encrypted data, wherein the specific characters do not comprise the characters used by the encoding rule;
the decoding and decrypting module is used for splitting the encrypted data into a plurality of sub-data according to the specific character, starting a single multithreading call corresponding Pod to sequentially execute a decoding rule corresponding to the code and a decryption algorithm corresponding to the encryption corresponding to each sub-data after splitting;
and the decrypted data output module is used for splicing the plurality of sub-data which are decoded and decrypted to obtain decrypted data.
7. The method of claim 6, wherein the threshold management module selects an optimal value for determining according to the processing power of the individual Pod and a specific encryption algorithm.
8. The method of claim 6, wherein the encoding rules cause the encoded data to have the same length, including Base64 or Base58 encoding rules.
9. The apparatus according to claim 6, further comprising a short data encryption/decryption module, configured to, when the length of the data to be encrypted is not greater than the threshold, perform a corresponding encryption algorithm on the data to be encrypted to obtain encrypted data, perform a corresponding decryption algorithm on the encrypted data, and output decrypted data.
10. An electronic device, comprising:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to perform the method of any of claims 1 to 5.
11. A computer readable storage medium, characterized in that the computer readable storage medium stores one or more programs that, when executed by an electronic device comprising a plurality of application programs, cause the electronic device to perform the method of any of claims 1 to 5.
CN202210331216.0A 2022-03-30 2022-03-30 Data encryption and decryption method and device based on Kubernetes Pending CN114866229A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210331216.0A CN114866229A (en) 2022-03-30 2022-03-30 Data encryption and decryption method and device based on Kubernetes

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210331216.0A CN114866229A (en) 2022-03-30 2022-03-30 Data encryption and decryption method and device based on Kubernetes

Publications (1)

Publication Number Publication Date
CN114866229A true CN114866229A (en) 2022-08-05

Family

ID=82630380

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210331216.0A Pending CN114866229A (en) 2022-03-30 2022-03-30 Data encryption and decryption method and device based on Kubernetes

Country Status (1)

Country Link
CN (1) CN114866229A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116542787A (en) * 2023-07-05 2023-08-04 北京码动摩登科技有限公司 Insurance business information query method, system, equipment and storage medium
CN117336100A (en) * 2023-11-27 2024-01-02 湖南湘科智慧科技有限公司 Data processing method and device based on escort service multiparty flattened communication

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116542787A (en) * 2023-07-05 2023-08-04 北京码动摩登科技有限公司 Insurance business information query method, system, equipment and storage medium
CN117336100A (en) * 2023-11-27 2024-01-02 湖南湘科智慧科技有限公司 Data processing method and device based on escort service multiparty flattened communication
CN117336100B (en) * 2023-11-27 2024-02-23 湖南湘科智慧科技有限公司 Data processing method and device based on escort service multiparty flattened communication

Similar Documents

Publication Publication Date Title
AU2019101567A4 (en) Method and apparatus for consensus verification
JP6804668B2 (en) Block data validation method and equipment
US9778926B2 (en) Minimizing image copying during partition updates
CN114866229A (en) Data encryption and decryption method and device based on Kubernetes
CN105531713A (en) Generating multiple secure hashes from a single data buffer
CN113079200A (en) Data processing method, device and system
US10169348B2 (en) Using a file path to determine file locality for applications
CN111008840A (en) Service processing system, service processing method, device and equipment
KR102111871B1 (en) Method and apparatus for generating random string
CN111930530A (en) Equipment message processing method, device and medium based on Internet of things
CN110716813A (en) Data stream processing method and device, readable storage medium and processor
US20220353550A1 (en) Semi-decoupled partitioning for video coding
CN107276998B (en) OpenSSL-based performance optimization method and device
CN117786726A (en) Source code file processing method and device, electronic equipment and storage medium
US11755297B2 (en) Compiling monoglot function compositions into a single entity
US11171881B2 (en) Multiplexed resource allocation architecture
CN111464312B (en) Method and device for processing account addresses in blockchain and electronic equipment
CN114462101A (en) Processing system, method and device for application apk packet
CN108319872B (en) Method, device and equipment for generating closed container
Adetomi et al. Towards an efficient intellectual property protection in dynamically reconfigurable FPGAs
CN110995447A (en) Data storage method, device, equipment and medium
CN110659105A (en) Virtualized resource processing method, device, equipment and storage medium
US11537310B2 (en) Threading of replication based on data type
US11442943B1 (en) Error-causing record isolation for data stream processing
CN113296879B (en) Container creation method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination