CN117499031A - Private key processing method, electronic device and computer readable storage medium - Google Patents
Private key processing method, electronic device and computer readable storage medium Download PDFInfo
- Publication number
- CN117499031A CN117499031A CN202311438464.6A CN202311438464A CN117499031A CN 117499031 A CN117499031 A CN 117499031A CN 202311438464 A CN202311438464 A CN 202311438464A CN 117499031 A CN117499031 A CN 117499031A
- Authority
- CN
- China
- Prior art keywords
- private key
- fragments
- target
- key fragments
- user equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 18
- 239000012634 fragment Substances 0.000 claims abstract description 113
- 238000011084 recovery Methods 0.000 claims abstract description 21
- 238000000034 method Methods 0.000 claims description 9
- 150000003839 salts Chemical class 0.000 claims description 6
- 230000002194 synthesizing effect Effects 0.000 claims description 5
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 101100384355 Mus musculus Ctnnbip1 gene Proteins 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a private key processing method, electronic equipment and a computer readable storage medium, which divide a target private key into a plurality of private key fragments by a private key distribution end for storage by corresponding fragment holders, collect the plurality of private key fragments from user equipment of the corresponding plurality of fragment holders by a private key recovery end when a target application program is started, and recover the plurality of private key fragments into the target private key, thereby solving the problem of single-point failure in the prior art.
Description
Technical Field
The present invention relates to the field of security technologies, and in particular, to a private key processing method, an electronic device, and a computer readable storage medium.
Background
In a blockchain application scenario, an application (service) often requires a private key to sign or a private key to generate specific information.
The existing mainstream private key safety scheme does not solve the problem of single-point faults, namely whether the private key is subjected to multiple encryption or signing, the private key is rooted or stored on a piece of equipment (such as a server), the single-point security risk is high in such a mode, the safety requirement on the server is high, once the server is invaded, the stored private key is easily stolen by a hacker, and meanwhile, as server operation staff can always contact the private key, the occupational moral requirement on the operation staff is also high.
Disclosure of Invention
In view of the foregoing, the present invention provides a private key processing method, an electronic device, and a computer-readable storage medium.
The technical scheme adopted by the invention is as follows:
as a first aspect of the present invention, there is provided a private key processing method applied to a private key distribution terminal, including:
generating the target private key through a random seed;
dividing a target private key into a plurality of private key fragments by a shamir algorithm;
providing the plurality of private key fragments to fragment holders in one-to-one correspondence with the plurality of private key fragments, respectively, for: when the private key recovery end starts a target application program, a plurality of private key fragments are collected from user equipment of a plurality of corresponding fragment holders, and when the number of the collected private key fragments reaches a preset private key recovery threshold value, the obtained private key fragments are synthesized into a target private key through a shamir algorithm so as to be imported into the target private key by the target application program.
As a second aspect of the present invention, there is provided a private key processing method applied to a private key recovery terminal, including:
when a target application program is started, collecting a plurality of private key fragments from user equipment of a plurality of corresponding fragment holders, wherein the plurality of private key fragments are formed by dividing a target private key through a shamir algorithm by a private key distribution terminal, and the private key fragments are provided for the fragment holders corresponding to the plurality of private key fragments one by the private key distribution terminal;
and when the number of the collected private key fragments reaches a preset private key recovery threshold, synthesizing the acquired private key fragments into a target private key through a shamir algorithm, and importing the target private key into the target application program.
As a third aspect of the present invention, there is provided an electronic device comprising a storage module comprising instructions loaded and executed by a processor, which instructions, when executed, cause the processor to perform any of the private key processing methods described above.
As a fourth aspect of the present invention, there is provided a computer-readable storage medium storing one or more programs which, when executed by a processor, implement any of the private key processing methods described above.
The invention cuts the target private key into a plurality of private key fragments by the private key distributing end for the corresponding fragment holders to store, and when the target application program is started, the private key recovering end collects the plurality of private key fragments from the user equipment of the corresponding plurality of fragment holders, and recovers the plurality of private key fragments into the target private key, thereby solving the problem of single-point fault in the prior art.
Drawings
The invention is described in detail below with reference to the attached drawings and detailed description:
FIG. 1 is a flow chart of a private key processing method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
Embodiments of the present invention will be described below with reference to the drawings. The embodiments described in the present specification are not intended to be exhaustive or to represent the only embodiments of the present invention. The following examples are presented for clarity of illustration of the invention of the present patent and are not intended to limit the embodiments thereof. It will be apparent to those skilled in the art that various changes and modifications can be made in the embodiment described, and that all the obvious changes or modifications which come within the spirit and scope of the invention are deemed to be within the scope of the invention.
As shown in fig. 1, an embodiment of the present invention provides a private key processing method, which specifically includes the following steps:
s101, the private key distribution terminal generates a target private key through a random seed.
S102, the private key distributing end cuts the target private key into a plurality of private key fragments through a shamir algorithm.
In this embodiment, in order to improve security, after the private key distribution end completes distribution, the target private key and the plurality of private key fragments are deleted, in practical application, the target private key and the plurality of private key fragments only exist in the memory, and when the private key distribution end completes distribution, the memory is released, so that the target private key and the plurality of private key fragments can be deleted.
And S103, the private key distributing end respectively provides the plurality of private key fragments to fragment holders corresponding to the plurality of private key fragments one by one.
Illustratively, the shareholders may be large V, investors, managers, core users, and so on.
In one embodiment, the private key distribution terminal may display a plurality of private key fragments in turn through a display device of the private key distribution terminal in a network-disconnected environment, and each fragment holder may record the private key fragments seen by the fragment holder on paper.
In another embodiment, the private key distribution end may encrypt the private key segment and the salt corresponding to the segment holder by using the *** verifier dynamic code corresponding to the segment holder as the salt, and send the encrypted ciphertext to the user equipment of the segment holder.
The user equipment decrypts the obtained private key fragments through the same symmetric encryption algorithm and the salt value, and displays the private key fragments, the corresponding fragment holder can record the private key fragments seen by the user equipment on paper, and after the record of the fragment holder is completed, the private key fragments are deleted on the user equipment.
In this embodiment, the shareholder needs to establish an account at the private key issuer and bind the relationship between the account and the user device through the *** verifier:
the shareholder logs in the private key distribution end login interface, a user name and a password are input, then the private key distribution end can require the shareholder to scan the two-dimensional code displayed on the login interface, and the shareholder uses a two-dimensional code scanning application on a mobile phone or other equipment to scan the two-dimensional code so as to confirm the identity of the shareholder and establish a binding relationship.
After successful binding, the private key distribution terminal and the user equipment are provided with synchronous dynamic codes, and the dynamic codes are disposable and expire after use.
It should be noted that, the private key fragments are recorded on paper and stored in a safe place, such as a safe box, so that the security is high, and the private key fragments are not easy to lose, and of course, the private key fragments can also be stored on the original user equipment, however, the private key fragments are easy to leak in this way, and the private key is lost due to the damage of a device disk, the failure of the device, and the like.
S104, when the target application program is started, the private key recovery end collects a plurality of private key fragments from the user equipment of a plurality of corresponding fragment holders:
a) And sending a collection notice to the user equipment of the corresponding plurality of shareholders, wherein the collection notice comprises collection port information.
And the user equipment collects and reminds the shareholder according to the collection notice, and the shareholder receives the reminding and then inputs the recorded private key into the equipment for transmission.
b) Data, including private key fragments and dynamic codes, is received from a shareholder via a user device to a collection port.
The private key recovery end strictly controls the opening of the security group, and only exposes the collection port to the user equipment of the private key holder.
S105, when the number of the collected private key fragments reaches a preset private key recovery threshold, the private key recovery end synthesizes the acquired private key fragments into a target private key through a shamir algorithm, so that a target application program can import the target private key:
a) If the private key fragment in the received data is matched with the dynamic code and the dynamic code is correct, the private key fragment is an effective fragment.
b) And when the number of the effective fragments reaches a preset private key recovery threshold, synthesizing the effective fragments into a target private key through a shamir algorithm.
Here, the shareholder needs to establish an account at the private key recovery end, and the relationship between the account and the user equipment is bound by the *** verifier, and the specific process is not repeated, so that the private key recovery end can judge whether the private key shares in the received data are matched with the dynamic codes or not and whether the dynamic codes are correct or not.
It should be noted that the private key distribution end and the private key recovery end may be disposed on one server, or may be disposed on different servers.
In order to improve the security, after the target private key is recovered, the private key recovery end stops collecting the private key fragments from the user equipment and deletes the collected private key fragments; for the target private key, the target private key needs to be deleted directly after the target application program is used up if the target private key only needs to be used 1 time according to the service requirement, and the target private key needs to be reserved all the time if the target private key needs to be used all the time. In practical applications, the target private key and the plurality of private key fragments exist only in the memory, and the target private key and the plurality of private key fragments can be deleted by releasing the memory.
As can be seen from the above, in the method of this embodiment, the private key distributing end segments the target private key into a plurality of private key fragments for the corresponding fragment holders to store, and when the target application program is started, the private key recovering end collects the plurality of private key fragments from the user devices of the corresponding plurality of fragment holders, and recovers the plurality of private key fragments into the target private key, thereby safely starting the target application program and solving the problem of single point failure in the prior art.
As with the above concepts, fig. 2 is a schematic block diagram illustrating a structure of an electronic device according to an embodiment of the present invention.
Illustratively, the electronic device includes a memory module 21 and a processor 22, the memory module 21 including instructions loaded and executed by the processor 22, which when executed, cause the processor 22 to perform the steps according to various exemplary embodiments of the invention described in the above-described one of the private key processing methods section of this specification.
It should be appreciated that the processor 22 may be a central processing unit (Centra lProcess ingUni t, CPU), and that the processor 22 may also be other general purpose processors, digital signal processors
(Digi talSignalProcessor, DSP), application specific integrated circuit
(Appl icat ionSpecificIntegratedCircui t, ASIC), field programmable gate array (Field-ProgrammableGateArray, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. Wherein the general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Embodiments of the present invention also provide a computer-readable storage medium storing one or more programs that, when executed by a processor, implement the steps described in the foregoing description of one private key processing method section according to various exemplary embodiments of the present invention.
Those of ordinary skill in the art will appreciate that all or some of the steps, systems, functional modules/units in the apparatus, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between the functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed cooperatively by several physical components. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer-readable storage media, which may include computer-readable storage media (or non-transitory media) and communication media (or transitory media).
The term computer-readable storage medium includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information, such as computer-readable instructions, data structures, program modules or other data, as known to those skilled in the art. Computer-readable storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. Furthermore, as is well known to those of ordinary skill in the art, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media.
By way of example, the computer readable storage medium may be an internal storage unit of the electronic device of the foregoing embodiments, such as a hard disk or a memory of the electronic device. The computer readable storage medium may also be an external storage device of the electronic device, such as a plug-in hard disk, a smart memory card (SmartMediaCard, SMC), a Secure Digital (SD) card, a flash card (FlashCard), etc. provided on the electronic device.
The electronic device and the computer readable storage medium provided in the foregoing embodiments divide the target private key into a plurality of private key fragments by the private key distribution terminal for the corresponding fragment holders to store, and when the target application is started, the private key recovery terminal collects the plurality of private key fragments from the user devices of the corresponding plurality of fragment holders, and recovers the plurality of private key fragments into the target private key, thereby safely starting the target application and solving the problem of single point failure in the prior art.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present application without departing from the scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims and the equivalents thereof, the present application is intended to cover such modifications and variations.
Claims (10)
1. The private key processing method is characterized by being applied to a private key distribution terminal and comprising the following steps:
generating the target private key through a random seed;
dividing a target private key into a plurality of private key fragments by a shamir algorithm;
providing the plurality of private key fragments to fragment holders in one-to-one correspondence with the plurality of private key fragments, respectively, for: when the private key recovery end starts a target application program, a plurality of private key fragments are collected from user equipment of a plurality of corresponding fragment holders, and when the number of the collected private key fragments reaches a preset private key recovery threshold value, the obtained private key fragments are synthesized into a target private key through a shamir algorithm so as to be imported into the target private key by the target application program.
2. The private key processing method according to claim 1, further comprising:
and deleting the target private key and the plurality of private key fragments after distribution is completed.
3. The method according to claim 1, wherein the providing the plurality of private key fragments to fragment holders in one-to-one correspondence with the plurality of private key fragments, respectively, further comprises:
and in the network breaking environment, the plurality of private key fragments are sequentially displayed through the display equipment of the private key distribution terminal, so that the fragment holder can record the corresponding private key fragments.
4. The method according to claim 1, wherein the providing the plurality of private key fragments to fragment holders in one-to-one correspondence with the plurality of private key fragments, respectively, further comprises:
taking dynamic codes of *** validators corresponding to shareholders as salt values;
and encrypting the private key fragments and the salt values corresponding to the fragment holder through a symmetric encryption algorithm, transmitting the encrypted ciphertext to user equipment of the fragment holder, recording the private key fragments obtained by the user equipment through the same symmetric encryption algorithm and the same salt value decryption by the fragment holder, and deleting the private key fragments on the user equipment after the recording is completed.
5. The private key processing method is characterized by being applied to a private key recovery end and comprising the following steps:
when a target application program is started, collecting a plurality of private key fragments from user equipment of a plurality of corresponding fragment holders, wherein the plurality of private key fragments are formed by dividing a target private key through a shamir algorithm by a private key distribution terminal, and the private key fragments are provided for the fragment holders corresponding to the plurality of private key fragments one by the private key distribution terminal;
and when the number of the collected private key fragments reaches a preset private key recovery threshold, synthesizing the acquired private key fragments into a target private key through a shamir algorithm, and importing the target private key into the target application program.
6. The method of private key processing according to claim 5, further comprising:
and after the target private key is recovered, stopping collecting the private key fragments from the user equipment, and deleting the collected private key fragments.
7. The method of claim 5, wherein the collecting the plurality of private key fragments from the user devices of the respective plurality of shareholders at the start of the target application further comprises:
sending a collection notice to user equipment of a plurality of corresponding shareholders, wherein the user equipment is used for carrying out collection reminding on the shareholders according to the collection notice, and the collection notice comprises collection port information;
data transmitted by a shareholder to a collection port through a user device is received, the data including a private key shard and a dynamic code.
8. The method for processing a private key according to claim 7, wherein when the number of collected private key fragments reaches a preset private key recovery threshold, synthesizing the obtained private key fragments into a target private key through a shamir algorithm, further comprising:
if the private key fragments in the received data are matched with the dynamic codes and the dynamic codes are correct, the private key fragments are effective fragments;
and when the number of the effective fragments reaches a preset private key recovery threshold, synthesizing the effective fragments into a target private key through a shamir algorithm.
9. An electronic device comprising a memory module including instructions loaded and executed by a processor, which when executed, cause the processor to perform a private key processing method according to any one of claims 1-8.
10. A computer readable storage medium storing one or more programs, which when executed by a processor, implement a private key processing method of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311438464.6A CN117499031A (en) | 2023-11-01 | 2023-11-01 | Private key processing method, electronic device and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311438464.6A CN117499031A (en) | 2023-11-01 | 2023-11-01 | Private key processing method, electronic device and computer readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117499031A true CN117499031A (en) | 2024-02-02 |
Family
ID=89670116
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311438464.6A Pending CN117499031A (en) | 2023-11-01 | 2023-11-01 | Private key processing method, electronic device and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117499031A (en) |
-
2023
- 2023-11-01 CN CN202311438464.6A patent/CN117499031A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110324143B (en) | Data transmission method, electronic device and storage medium | |
| CN110798315B (en) | Data processing method and device based on block chain and terminal | |
| CN1818920B (en) | Systems and methods for managing multiple keys for file encryption and decryption | |
| US20160337124A1 (en) | Secure backup and recovery system for private sensitive data | |
| CN109766979B (en) | Two-dimensional code generation method, verification method and device | |
| EP1783614A1 (en) | Management service device, backup service device, communication terminal device, and storage medium | |
| US20090063861A1 (en) | Information security transmission system | |
| Wang et al. | Data integrity checking with reliable data transfer for secure cloud storage | |
| FR2937484A1 (en) | DIGITAL SIGNATURE METHOD IN TWO STEPS | |
| CN111971929B (en) | Secure distributed key management system | |
| CN102484638A (en) | Layered protection and validation of identity data delivered online via multiple intermediate clients | |
| US9244864B2 (en) | Information providing system, information processing apparatus, computer readable medium, and information providing method for providing encrypted information | |
| US8327150B2 (en) | System, method and program for managing information | |
| CN105553654A (en) | Key information query processing method and device and key information management system | |
| CN108599928B (en) | Key management method and device | |
| CN109302425B (en) | Identity authentication method and terminal equipment | |
| CN113472722A (en) | Data transmission method, storage medium, electronic device and automatic ticket selling and checking system | |
| CN105471657B (en) | inter-domain communication log management method, device and system for virtual machine | |
| CN113901520A (en) | Data processing method, device, equipment and medium based on block chain | |
| CN113886793A (en) | Device login method, device, electronic device, system and storage medium | |
| CN110474766B (en) | Random password generation method and device and identity authentication method | |
| CN105409159A (en) | Key storage device, key storage method, and program therefor | |
| CN117499031A (en) | Private key processing method, electronic device and computer readable storage medium | |
| CN102255726A (en) | Device and method for implementing symmetric key digital signature | |
| CN111490880B (en) | File receiving method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |