CN115442046A - Signature method, signature device, electronic equipment and storage medium - Google Patents
Signature method, signature device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115442046A CN115442046A CN202210802116.1A CN202210802116A CN115442046A CN 115442046 A CN115442046 A CN 115442046A CN 202210802116 A CN202210802116 A CN 202210802116A CN 115442046 A CN115442046 A CN 115442046A
- Authority
- CN
- China
- Prior art keywords
- service
- key
- target data
- signature
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 80
- 238000012795 verification Methods 0.000 claims abstract description 40
- 238000004590 computer program Methods 0.000 claims description 15
- 238000013524 data verification Methods 0.000 claims description 2
- 230000008569 process Effects 0.000 description 10
- 238000010586 diagram Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000013500 data storage Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a signature method, a signature device, an electronic device and a storage medium, wherein the method comprises the following steps: the method comprises the steps of obtaining service data to be signed and an encrypted service key, obtaining target data obtained by performing security operation on a service password from a server, wherein the security operation comprises at least one of signature and encryption, performing at least one of signature verification and decryption corresponding to the security operation on the target data to obtain the service password, decrypting the encrypted service key by using the service password to obtain a decrypted service key, and signing the service data by using the decrypted service key to ensure the security of the service key.
Description
Technical Field
The present application relates to the field of data security technologies, and in particular, to a signature method and apparatus, an electronic device, and a storage medium.
Background
As Technology advances, the functions of products are continuously optimized, application software or system upgrades are performed through Over-the-Air Technology (OTA), and in an OTA scenario, service data needs to be digitally signed, for example, a software version to be released is digitally signed, to ensure the reliability and integrity of a data source.
In the related art, the security of the service key for digital signature cannot be guaranteed.
Disclosure of Invention
The application provides a signature method, a signature device, an electronic device and a storage medium, which improve the security of a service key and solve the technical problem of poor security of the service key in the related technology.
An embodiment of an aspect of the present application provides a signature method, including:
acquiring service data to be signed and an encrypted service key;
acquiring target data obtained by performing security operation on the service password from a server; wherein the security operation includes at least one of a signature and encryption;
executing at least one operation of signature verification and decryption corresponding to the security operation on the target data to obtain a service password;
decrypting the encrypted service key by adopting the service password to obtain a decrypted service key;
and signing the service data by adopting the decrypted service key.
Another embodiment of the present application provides another signature method, including:
acquiring a service password;
performing security operation on the service password to obtain target data; wherein the security operation includes at least one of a signature and encryption;
and sending the target data to a terminal device so that the terminal device executes at least one of signature verification and decryption corresponding to the security operation on the target data to obtain a service password, decrypting the encrypted service key by using the service password to obtain a decrypted service key, and signing the service data by using the decrypted service key.
In another aspect, an embodiment of the present application provides a signature apparatus, including:
the first acquisition module is used for acquiring the service data to be signed and the encrypted service key;
the second acquisition module is used for acquiring target data obtained by performing security operation on the service password from the server; wherein the security operation includes at least one of a signature and encryption;
the processing module is used for executing at least one operation of signature verification and decryption corresponding to the security operation on the target data to obtain a service password;
the decryption module is used for decrypting the encrypted service key by adopting the service password to obtain a decrypted service key;
and the signature module is used for signing the service data by adopting the decrypted service key.
In another aspect, an embodiment of the present application provides another signature apparatus, including:
the acquisition module is used for acquiring the service password;
the processing module is used for executing security operation on the service password to obtain target data; wherein the security operation includes at least one of a signature and encryption;
and the sending module is used for sending the target data to a terminal device so that the terminal device executes at least one of signature verification and decryption corresponding to the security operation on the target data to obtain a service password, the encrypted service key is decrypted by adopting the service password to obtain a decrypted service key, and the service data is signed by adopting the decrypted service key.
An embodiment of another aspect of the present application provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor executes the program to implement the method according to the foregoing one aspect or the method according to the foregoing another aspect.
Another embodiment of the present application proposes a non-transitory computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the method according to the aforementioned one aspect or the aforementioned another aspect.
An embodiment of another aspect of the present application proposes a computer program product having a computer program stored thereon, which when executed by a processor implements the method according to the one aspect or the method according to the other aspect.
The signing method, the signing device, the electronic equipment and the storage medium obtain service data to be signed and an encrypted service key, obtain target data obtained by performing security operation on a service password from a server, wherein the security operation comprises at least one of signature and encryption, perform at least one of signature verification and decryption corresponding to the security operation on the target data to obtain the service password, decrypt the encrypted service key by using the service password to obtain a decrypted service key, and sign the service data by using the decrypted service key, so that the security of the service key is guaranteed.
Drawings
The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is a schematic flowchart of a signature method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of another signature method provided in an embodiment of the present application;
fig. 3 is a schematic flowchart of another signature method provided in an embodiment of the present application;
fig. 4 is a schematic flowchart of another signature method provided in an embodiment of the present application;
fig. 5 is a schematic flowchart of another signature method provided in the embodiment of the present application;
fig. 6 is a schematic structural diagram of a signature apparatus according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of another signature apparatus provided in an embodiment of the present application;
fig. 8 is a block diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative and intended to explain the present application and should not be construed as limiting the present application.
The signature method, apparatus, electronic device, and storage medium of the embodiments of the present application are described below with reference to the accompanying drawings.
Fig. 1 is a schematic flowchart of a signature method according to an embodiment of the present disclosure.
The execution main body of the signature method in the embodiment of the application is the signature device, the device can be arranged in terminal equipment, the terminal equipment can be electronic equipment, and the electronic equipment comprises a smart phone, a palm computer, intelligent wearable equipment and the like, and the embodiment of the application is not limited.
As shown in fig. 1, the method may include the steps of:
The service data is data related to a service scene, for example, in a code service scene, the service data is a code to be issued; in an online system upgrade (OTA) scenario, the service data is data corresponding to The system upgrade.
In the embodiment of the application, the decryption password of the encrypted service key, namely the service password, is stored in the server, and the security of the service key stored in the terminal equipment is improved by respectively storing the encrypted service key and the service password for decryption. And after the encrypted service key is decrypted, the encrypted service key is used for signing the acquired service data to be digitally signed.
In an implementation manner of the embodiment of the application, the service data to be signed and the encrypted service key are stored in the same storage unit, so that after the encrypted service key is decrypted by the obtained service password, the service data can be signed by using the decrypted service key, the integrated processing of the project is facilitated, and the efficiency is improved.
And 102, acquiring target data obtained by performing security operation on the service password from the server.
Wherein the security operation comprises at least one of a signature and an encryption. In cryptography, encryption (english: encryption) is a process of changing plaintext information into ciphertext content that is difficult to read, making it unreadable. Only by decrypting through the password, the ciphertext can be restored to the normally readable content. Signatures, using techniques in the field of public key cryptography, are used to authenticate digital information.
In the embodiment of the application, the target data comprises the service password for decrypting the encrypted service key, the service password is stored in the server, and the target data obtained by adopting the security operation is transmitted to the terminal equipment, so that the service password is prevented from being leaked and tampered, and the security is improved.
And 103, executing at least one operation of signature verification and decryption corresponding to the security operation on the target data to obtain a service password.
In one scenario of the embodiment of the present application, the security operation includes a signature operation. And acquiring target data obtained by signature operation from the server, namely signature data, wherein the signature data comprises a digital signature and a service password. And further, performing corresponding signature verification on the target data, and obtaining the service password under the condition that the signature verification is passed, namely determining the service password to be a valid service password. The signature verification method is used as an implementation method, and comprises the steps of carrying out hash processing on a service password in obtained signature data to obtain hash data, carrying out signature on the hash data to obtain a digital signature to be verified, matching the digital signature to be verified with the digital signature obtained from a server, and determining that the service password obtained according to target data is a valid password under the condition that the digital signature to be verified and the digital signature obtained from the server are verified.
In another scenario of the embodiment of the present application, the security operation includes an encryption operation. And then, the target data obtained by adopting the encryption operation is acquired from the server and is the password data, and further, the corresponding decryption operation is executed on the target data to obtain a service password, and the service password is used for decrypting the encrypted service key.
And 104, decrypting the encrypted service key by using the service password to obtain the decrypted service key.
In the embodiment of the application, the service cipher is adopted to decrypt the encrypted service key to obtain the decrypted service key, so that the service key and the service data to be signed are stored in the same position in a data encryption mode, the service data is convenient to process on the premise of ensuring the safety of the service key, and the efficiency is improved.
And step 105, signing the service data by using the decrypted service key.
And signing the service data by adopting the decrypted service key to obtain the signed service data, thereby ensuring the reliability of the service data.
In the signing method of the embodiment of the application, the service data to be signed and the encrypted service key are acquired, the target data obtained by performing security operation on the service password is acquired from the server, wherein the security operation comprises at least one of signature and encryption, at least one of signature verification and decryption corresponding to the security operation is performed on the target data to obtain the service password, the encrypted service key is decrypted by using the service password to obtain the decrypted service key, and the service data is signed by using the decrypted service key, so that the security of the service key is guaranteed.
Based on the foregoing embodiment, fig. 2 is a schematic flowchart of another signature method provided in the embodiment of the present application, and illustrates a process of how to determine a service password in a scenario where security operation is encryption and target data is obtained by a server encrypting the service password according to a random public key in a random key pair, as shown in fig. 2, the method includes the following steps:
In step 201, the explanation in the foregoing embodiment can be referred to, and the principle is the same, which is not described again in this embodiment.
The security operation is encryption, and the target data is obtained by encrypting the service cipher by the server according to the random public key in the random key pair.
In an implementation manner of the embodiment of the present application, the random key pair may be generated randomly by the server, and the random key pair includes a random public key and a random private key, for example, the random key pair generated by using an asymmetric encryption algorithm is temporarily generated to encrypt the service password by using the random public key to obtain the target data, so that the reliability of the target data is improved.
In another implementation manner of the embodiment of the application, the random key pair is generated randomly by the terminal device, and the random key pair includes a random public key and a random private key, for example, the random key pair generated by using an asymmetric encryption algorithm is temporarily generated to encrypt the service password by using the random public key to obtain the target data, so that the reliability of the target data is improved.
And step 203, decrypting the target data by adopting a random private key in the random key pair to obtain a service password.
In the embodiment of the application, the terminal device obtains the random private key in the random private key pair, and decrypts the target data obtained from the server by using the random private key to obtain the decrypted service password.
The random private key may be generated by the terminal device itself or obtained from a server.
And step 204, decrypting the encrypted service key by using the service password to obtain a decrypted service key.
And step 205, signing the service data by using the decrypted service key.
Step 204 and step 205 may refer to the explanations in the foregoing embodiments, and the principle is the same, which is not described herein again.
In the signing method of the embodiment of the application, the decryption password of the service key is placed in the server, when the service key needs to be decrypted, the target data obtained by adopting security operation is obtained from the server, the target data is encrypted data obtained by encrypting the service password, the service password is obtained by decryption, the security of service password transmission is ensured, the encrypted service key is decrypted according to the service password to obtain the decrypted service key, namely the plaintext of the service key, and the service data is signed by adopting the decrypted service key, so that the service data and the encrypted service key are placed at one position on the premise of ensuring the security of the service key, and the integration and the processing efficiency of the service data are improved.
Based on the foregoing embodiment, fig. 3 is a schematic flowchart of another signing method provided in the embodiment of the present application, where security operation is signing, and target data is a process how to determine a service password in a scenario where a server signs a service password according to a set private key in a set key pair, as shown in fig. 3, the method includes the following steps:
Wherein the security operation is a signature. The target data is signature data obtained by the server according to the set private key in the set key pair to sign the service password.
And 303, performing signature verification on the signature data in the target data by using the set public key in the set key pair.
The set key pair is determined by negotiation between the server and the terminal device, and as an implementation manner, the set key pair is generated by the server, wherein the set key pair comprises a set public key and a set private key, the set private key is stored in the server, and the set public key is sent to the terminal device by the server.
In the embodiment of the application, the target data is signature data, the signature data comprises a service password and a digital signature, after the terminal device obtains the target data, the terminal device decrypts the digital signature by using a set public key to obtain summary data to be verified corresponding to the signature data sent by the server, meanwhile, the terminal device performs hash processing on the service password by using the same hash function to obtain the summary data for comparison, the summary data for comparison and the summary data to be verified are compared, if the similarity is greater than a set threshold value, it is determined that the signature data passes verification, and otherwise, it is determined that the signature data does not pass verification.
And 304, responding to the signature data, and obtaining the service password after the signature verification is passed.
In the embodiment of the application, when the digital signature to be verified and the digital signature in the signature data acquired from the server pass verification, the digital signature is determined to pass verification, so that the service password acquired according to the target data is determined to be a valid password.
And 305, decrypting the encrypted service key by using the service password to obtain a decrypted service key.
And step 306, signing the service data by using the decrypted service key.
The step 305 and the step 306 can refer to the explanations in the foregoing embodiments, and the principle is the same, which is not described herein again.
In the signing method of the embodiment of the application, the decryption password of the service key is placed in the server, when the service key needs to be decrypted, the target data obtained by adopting security operation is obtained from the server, the target data is the signature data obtained by signing the service password, the service password is obtained after signature verification, the integrity of the service password in the transmission process is ensured, the encrypted service key is decrypted according to the service password to obtain the decrypted service key, namely the plaintext of the service key, and the service data is signed by adopting the decrypted service key.
Based on the foregoing embodiment, fig. 4 is a schematic flow chart of another signature method provided in the embodiment of the present application, and illustrates a process of how to determine a service password in a scenario where target data is obtained by a server signing a service password first and then encrypting the signature data, as shown in fig. 4, the method includes the following steps:
In step 401, reference may be made to the explanations in the foregoing embodiments, and the principle is the same, which is not described again in this embodiment.
At step 402, a random key pair is generated.
Wherein, the random key pair comprises a random public key and a random private key.
In the embodiment of the present application, when the terminal device has a requirement for signing service data to be signed, that is, the terminal device needs to obtain a service password for decrypting an encrypted service key from the server, the terminal device is required to generate a temporary random key pair, where the random key pair may be obtained based on an asymmetric encryption algorithm, for example, an RSA encryption algorithm. The random private key is stored in the terminal device and used for decrypting the target data subsequently so as to improve the accuracy of encryption.
The random public key is used for encrypting the service password or the signature data by the server.
In the embodiment of the application, the random public key is sent to the server, so that the server encrypts the signature data according to the random public key after signing the service password by using the set private key to obtain the signature data, and the transmission safety of the target data to the terminal equipment is ensured.
Step 404 may refer to the explanations in the foregoing embodiments, and the principle is the same, which is not described again in this embodiment.
In the embodiment of the application, the target data is obtained by performing signature operation on the service password and then performing encryption operation.
And 405, decrypting the target data by using a random private key to obtain signature data.
And step 406, performing signature verification on the signature data by using the set public key in the set key pair.
The set key pair is determined by negotiation between the server and the terminal device, and as an implementation manner, the set key pair is generated by the server side, wherein the set key pair comprises a set public key and a set private key, the set private key is stored in the server, and the set public key is sent to the terminal device by the server.
And step 407, responding to the signature verification, and obtaining a service password.
In the embodiment of the application, the terminal device decrypts the target data according to the random private key in the temporarily generated random key pair to obtain the decrypted target data, and then performs signature verification on the decrypted target data by using the set public key in the set key pair stored in the terminal device, and obtains the service password in response to the passing of the signature verification, that is, the service password is an accurate and complete service password. The method for signature verification may refer to the explanations in the foregoing embodiments, and the principles are the same, which are not described in detail in this embodiment.
And step 408, decrypting the encrypted service key by using the service password to obtain a decrypted service key.
And step 409, signing the service data by using the decrypted service key.
Step 408 and step 409 may refer to the explanations in the foregoing embodiments, and the principle is the same, which is not described again in this embodiment.
In the signing method of the embodiment of the application, the decryption password of the service key is placed in the server, when the service key needs to be decrypted, the target data obtained by adopting security operation is obtained from the server, the target data comprises the signature data obtained by signing the service password and the encrypted data obtained by encrypting the service password, after the signature data is verified, the availability of the service password obtained by decryption is determined, the accuracy and the integrity of the service password are ensured through decryption and signature verification, the encrypted service key is decrypted according to the service password to obtain the decrypted service key, namely the plaintext of the service key, and the service data is signed by adopting the decrypted service key.
Based on the foregoing embodiments, an embodiment of the present application provides another signing method, where an execution subject is a server, and fig. 5 is a schematic flow chart of the another signing method provided in the embodiment of the present application, as shown in fig. 5, the method includes the following steps:
And 502, performing security operation on the service password to obtain target data.
Wherein the security operation includes at least one of a signature and encryption.
As a first implementation manner, the security operation is an encryption operation, a random public key in a random key pair sent by the terminal device is obtained, and the service password is encrypted by using the random public key to obtain the target data. The target data is encrypted data and is not signed.
As a second implementation manner, the security operation is a signature operation, and the service password is signed by using a set private key in a stored set key pair to obtain target data. The target data is signature data and is not encrypted.
As a third implementation manner, the security operation includes a signature operation and an encryption operation, and the set private key in the stored set key pair is used to sign the service password to obtain signature data, and then a random public key in a random key pair sent by the terminal device is obtained, and the random public key is used to encrypt the signature data to obtain target data.
The target data is used for the terminal equipment to execute at least one operation of signature verification and decryption corresponding to the security operation on the target data to obtain a service password, the encrypted service key is decrypted by the service password to obtain a decrypted service key, and the service data is signed by the decrypted service key.
It should be noted that the explanations and effects in the foregoing embodiments are also applicable to the method of the present embodiment, and the principle is the same, and are not described again in the present embodiment.
In order to implement the foregoing embodiment, an embodiment of the present application further provides a signature apparatus, where the signature apparatus is disposed in a terminal device.
Fig. 6 is a schematic structural diagram of a signature apparatus according to an embodiment of the present application.
As shown in fig. 6, the apparatus may include:
the first obtaining module 61 is configured to obtain service data to be signed and an encrypted service key.
A second obtaining module 62, configured to obtain, from the server, target data obtained by performing security operation on the service password; wherein the security operation includes at least one of a signature and encryption.
And the processing module 63 is configured to perform at least one of signature verification and decryption corresponding to the security operation on the target data to obtain a service password.
And a decryption module 64, configured to decrypt the encrypted service key with the service password to obtain a decrypted service key.
And the signature module 65 is configured to sign the service data with the decrypted service key.
Further, in an implementation manner of the embodiment of the present application, the security operation is encryption, and the target data is obtained by encrypting the service password by the server according to a random public key in a random key pair; the processing module 63 is specifically configured to:
and decrypting the target data by adopting a random private key in the random key pair to obtain the service password.
In an implementation manner of the embodiment of the present application, the security operation is a signature, and the target data is obtained by the server signing the service password according to a set private key in a set key pair; the processing module 63 is specifically configured to:
adopting a set public key in the set key pair to carry out signature verification on the target data;
and responding to the passing of the target data verification to obtain the service password.
In one implementation of the embodiment of the present application, the security operation includes signing and encryption; the target data is obtained after the server signs and encrypts the service password respectively according to a set private key in a set key pair and a random convention in a random key pair; the processing module 63 is specifically configured to:
decrypting the target data by adopting a random private key in a random private key pair to obtain signature data;
adopting a set public key in a set key pair to carry out signature verification on the signature data;
and responding to the signature verification passing, and obtaining the service password.
In an implementation manner of the embodiment of the present application, the apparatus further includes:
a generation module for generating a random key pair; wherein, the random key pair comprises a random public key and a random private key;
a sending module, configured to send the random public key to the server; the random public key is used for encrypting the service password stored by the server to obtain the password data.
It should be noted that the foregoing explanation of the method embodiment is also applicable to the apparatus of the embodiment, and is not repeated herein.
In the signing device in the embodiment of the application, the service data to be signed and the encrypted service key are acquired, the target data obtained by adopting the security operation is acquired from the server, wherein the security operation comprises at least one of signature and encryption, at least one of signature verification and decryption corresponding to the security operation is performed on the target data to obtain the service password, the encrypted service key is decrypted by adopting the service password to obtain the decrypted service key, and the service data is signed by adopting the decrypted service key, so that the security of the service key is ensured.
In order to implement the foregoing embodiment, an embodiment of the present application further provides a signature apparatus, where the signature apparatus is disposed in a server.
Fig. 7 is a schematic structural diagram of a signature apparatus according to an embodiment of the present application.
As shown in fig. 7, the apparatus may include:
and an obtaining module 71, configured to obtain the service password.
A processing module 72, configured to perform a security operation on the service password to obtain target data; wherein the security operation includes at least one of a signature and encryption.
The sending module 73 is configured to send the target data to a terminal device, so that the terminal device performs at least one of signature verification and decryption corresponding to the security operation on the target data to obtain a service password, decrypts the encrypted service key with the service password to obtain a decrypted service key, and signs the service data with the decrypted service key.
In an implementation manner of the embodiment of the present application, the processing module 72 is specifically configured to:
acquiring a random public key in a random key pair sent by the terminal equipment;
and encrypting the service password by adopting the random public key to obtain target data.
In an implementation manner of the embodiment of the present application, the processing module 72 is further specifically configured to:
and signing the service password by adopting a set private key in a set key pair to obtain target data.
In an implementation manner of the embodiment of the present application, the processing module 72 is further specifically configured to:
signing the service password by using a set private key in a stored set key pair to obtain signature data;
acquiring a random public key in a random key pair sent by a terminal device;
and encrypting the signature data by adopting the random public key to obtain the target data.
It should be noted that the foregoing explanation of the method embodiment is also applicable to the apparatus of the embodiment, and is not repeated herein.
In the signing device of the embodiment of the application, the service data to be signed and the encrypted service key are obtained, the target data obtained by adopting the security operation is obtained from the server, wherein the security operation comprises at least one of signature and encryption, at least one of signature verification and decryption corresponding to the security operation is executed on the target data to obtain the service password, the encrypted service key is decrypted by adopting the service password to obtain the decrypted service key, and the service data is signed by adopting the decrypted service key, so that the security of the service key is ensured.
In order to implement the foregoing embodiments, the present application further proposes an electronic device, which includes a memory, a processor and a computer program stored on the memory and executable on the processor, and when the processor executes the program, the electronic device implements the method according to the foregoing method embodiments.
In order to implement the above-mentioned embodiments, the present application also proposes a non-transitory computer-readable storage medium on which a computer program is stored, which, when executed by a processor, implements the method as described in the foregoing method embodiments.
In order to implement the above-mentioned embodiments, the present application further proposes a computer program product having a computer program stored thereon, which, when executed by a processor, implements the method as described in the foregoing method embodiments.
Fig. 8 is a block diagram of an electronic device according to an embodiment of the present disclosure. The electronic device shown in fig. 8 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure. The electronic device may be a terminal device or a server.
As shown in fig. 8, the electronic device 10 includes a processor 11, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 12 or a program loaded from a Memory 16 into a Random Access Memory (RAM) 13. In the RAM 13, various programs and data necessary for the operation of the electronic apparatus 10 are also stored. The processor 11, the ROM 12, and the RAM 13 are connected to each other via a bus 14. An Input/Output (I/O) interface 15 is also connected to the bus 14.
The following components are connected to the I/O interface 15: a memory 16 including a hard disk and the like; and a communication section 17 including a Network interface card such as a LAN (Local Area Network) card, a modem, or the like, the communication section 17 performing communication processing via a Network such as the internet; a drive 18 is also connected to the I/O interface 15 as necessary.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program embodied on a computer readable medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 17. The computer program, when executed by the processor 11, performs the above-described functions defined in the method of the present disclosure.
In an exemplary embodiment, there is also provided a storage medium comprising instructions, such as the memory 16 comprising instructions, executable by the processor 11 of the electronic device 10 to perform the above-described method. Alternatively, the storage medium may be a non-transitory computer readable storage medium, which may be, for example, a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
It is noted that, in this document, relational terms such as "first" and "second," and the like, are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
Claims (13)
1. A signature method, comprising:
acquiring service data to be signed and an encrypted service key;
acquiring target data obtained by performing security operation on the service password from a server; wherein the security operation includes at least one of a signature and encryption;
executing at least one operation of signature verification and decryption corresponding to the security operation on the target data to obtain the service password;
decrypting the encrypted service key by adopting the service password to obtain a decrypted service key;
and signing the service data by adopting the decrypted service key.
2. The method of claim 1, wherein the security operation is encryption, and the target data is obtained by the server encrypting the service password according to a random public key in a random key pair; executing a decryption operation corresponding to the security operation on the target data to obtain the service password, including:
and decrypting the target data by adopting a random private key in the random key pair to obtain the service password.
3. The method of claim 1, wherein the security operation is signing, and the target data is obtained by the server signing the service password according to a set private key in a set key pair; the executing a decryption operation corresponding to the security operation on the target data to obtain the service password includes:
adopting a set public key in the set key pair to carry out signature verification on the target data;
and responding to the passing of the target data verification to obtain the service password.
4. The method of claim 1, wherein the security operations include signing and encryption; the performing at least one of signature verification and decryption corresponding to the security operation on the target data to obtain the service password includes:
decrypting the target data by adopting a random private key in a random private key pair to obtain signature data;
adopting a set public key in a set key pair to carry out signature verification on the signature data;
and responding to the signature verification passing, and obtaining the service password.
5. The method of claim 2 or 4, wherein before obtaining the target data obtained by adopting the security operation on the service password from the server, the method comprises:
generating a random key pair; wherein, the random key pair comprises a random public key and a random private key;
and sending the random public key to the server.
6. A signature method, comprising:
acquiring a service password;
performing security operation on the service password to obtain target data; wherein the security operation includes at least one of a signature and encryption;
and sending the target data to a terminal device so that the terminal device executes at least one of signature verification and decryption corresponding to the security operation on the target data to obtain a service password, decrypting the encrypted service key by using the service password to obtain a decrypted service key, and signing the service data by using the decrypted service key.
7. The method of claim 6, wherein performing the security operation on the service password results in target data comprising:
acquiring a random public key in a random key pair sent by the terminal equipment;
and encrypting the service password by adopting the random public key to obtain target data.
8. The method of claim 6, wherein performing the security operation on the service password results in target data comprising:
and signing the service password by adopting a set private key in a set key pair to obtain target data.
9. The method of claim 6, wherein performing the security operation on the service password results in target data comprising:
signing the service password by using a set private key in a set key pair to obtain signature data;
acquiring a random public key in a random key pair sent by a terminal device;
and encrypting the signature data by adopting the random public key to obtain the target data.
10. A signature apparatus, comprising:
the first acquisition module is used for acquiring the service data to be signed and the encrypted service key;
the second acquisition module is used for acquiring target data obtained by performing security operation on the service password from the server; wherein the security operation includes at least one of a signature and encryption;
the processing module is used for executing at least one operation of signature verification and decryption corresponding to the security operation on the target data to obtain the service password;
the decryption module is used for decrypting the encrypted service key by adopting the service password to obtain a decrypted service key;
and the signature module is used for signing the service data by adopting the decrypted service key.
11. A signature apparatus, comprising:
the acquisition module is used for acquiring the service password;
the processing module is used for executing security operation on the service password to obtain target data; wherein the security operation includes at least one of a signature and encryption;
and the sending module is used for sending the target data to a terminal device so that the terminal device executes at least one of signature verification and decryption corresponding to the security operation on the target data to obtain a service password, the encrypted service key is decrypted by adopting the service password to obtain a decrypted service key, and the service data is signed by adopting the decrypted service key.
12. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method according to any of claims 1-5 or implementing the method according to any of claims 6-9 when executing the program.
13. A non-transitory computer readable storage medium having stored thereon a computer program, wherein the computer program, when executed by a processor, implements the method of any one of claims 1-5 or implements the method of any one of claims 6-9.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210802116.1A CN115442046A (en) | 2022-07-08 | 2022-07-08 | Signature method, signature device, electronic equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210802116.1A CN115442046A (en) | 2022-07-08 | 2022-07-08 | Signature method, signature device, electronic equipment and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115442046A true CN115442046A (en) | 2022-12-06 |
Family
ID=84241170
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210802116.1A Pending CN115442046A (en) | 2022-07-08 | 2022-07-08 | Signature method, signature device, electronic equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115442046A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116506120A (en) * | 2023-06-25 | 2023-07-28 | 鼎铉商用密码测评技术(深圳)有限公司 | Key loading method, key system and readable storage medium |
-
2022
- 2022-07-08 CN CN202210802116.1A patent/CN115442046A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116506120A (en) * | 2023-06-25 | 2023-07-28 | 鼎铉商用密码测评技术(深圳)有限公司 | Key loading method, key system and readable storage medium |
CN116506120B (en) * | 2023-06-25 | 2023-09-29 | 鼎铉商用密码测评技术(深圳)有限公司 | Key loading method, key system and readable storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8495383B2 (en) | Method for the secure storing of program state data in an electronic device | |
US20180219688A1 (en) | Information Transmission Method and Mobile Device | |
CN107005577B (en) | Fingerprint data processing method and processing device | |
CN110868291B (en) | Data encryption transmission method, device, system and storage medium | |
CN109145628B (en) | Data acquisition method and system based on trusted execution environment | |
US20230325516A1 (en) | Method for file encryption, terminal, electronic device and computer-readable storage medium | |
US20200089867A1 (en) | System and method for authentication | |
CN112232814A (en) | Encryption and decryption method of payment key, payment authentication method and terminal equipment | |
CN113114668A (en) | Information transmission method, mobile terminal, storage medium and electronic equipment | |
US11288381B2 (en) | Calculation device, calculation method, calculation program and calculation system | |
CN114915504B (en) | Security chip initial authentication method and system | |
CN114780923A (en) | Electronic seal management and control method and system | |
CN106411520B (en) | Method, device and system for processing virtual resource data | |
CN112685786A (en) | Financial data encryption and decryption method, system, equipment and storage medium | |
CN114124364A (en) | Key security processing method, device, equipment and computer readable storage medium | |
CN111177748A (en) | Fingerprint storage encryption method, device and system | |
CN115442046A (en) | Signature method, signature device, electronic equipment and storage medium | |
WO2018033017A1 (en) | Terminal state conversion method and system for credit granting | |
CN113592484B (en) | Account opening method, system and device | |
CN113810779B (en) | Code stream signature verification method, device, electronic equipment and computer readable medium | |
CN110968878A (en) | Information transmission method, system, electronic device and readable medium | |
CN113111360A (en) | File processing method | |
CN114091088B (en) | Method and apparatus for improving communication security | |
CN114125830B (en) | APP data encryption transmission method, device and medium | |
CN112422293B (en) | Key generation method, device and information processing method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |