CN117786718A - File encryption and decryption method and device, electronic equipment and storage medium - Google Patents
File encryption and decryption method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN117786718A CN117786718A CN202311805127.6A CN202311805127A CN117786718A CN 117786718 A CN117786718 A CN 117786718A CN 202311805127 A CN202311805127 A CN 202311805127A CN 117786718 A CN117786718 A CN 117786718A
- Authority
- CN
- China
- Prior art keywords
- key
- file
- encryption
- target
- storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 230000006870 function Effects 0.000 description 11
- 238000004891 communication Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 4
- 230000006978 adaptation Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000000007 visual effect Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a file encryption and decryption method, a device, electronic equipment and a storage medium, and relates to the technical field of information storage, wherein the method comprises the following steps: acquiring a target file; the target files comprise files in target storage equipment and files in other storage equipment; randomly generating an encryption key for the target file, and encrypting the target file according to the encryption key; storing the encryption key in a target storage device to obtain a storage address; and generating a public key and a private key through an encryption algorithm, encrypting the storage address by using the public key, and decrypting the target file by using the private key. The invention solves the problems of the prior art that the local files or the files in other storage devices cannot be encrypted and decrypted, the mobility and the flexibility are poor, and the safety is low.
Description
Technical Field
The present invention relates to the field of information storage technologies, and in particular, to a method and apparatus for encrypting and decrypting a file, an electronic device, and a storage medium.
Background
With the advent of the information age, mobile storage media have become an indispensable information transmission tool in people's daily work. The USB flash disk adopts a USB interface to support hot plug, has the characteristics of high transmission speed, simple use, small volume, large capacity, portability and the like, and becomes a mobile storage medium with the most wide application.
With the increase of the intelligence degree of the terminal, the storage capacity is increased, and people increasingly like to send important information, such as: since business confidential information, personal privacy information, and the like are stored in a terminal in the form of files, and the accompanying problem of file security is also becoming important, in order to secure files stored in the terminal, it is often necessary to encrypt and decrypt the files.
The encrypted USB flash disk in the prior art can only encrypt the whole USB flash disk, can not encrypt and decrypt local files or files in other storage devices, the local encryption software needs to be operated on a local computer, the mobility and the flexibility are poor, the secret key of the local encryption software is stored in the local computer, and the security is not high.
Therefore, a file encryption and decryption method which can encrypt and decrypt local files or files in other storage devices, has strong security and high flexibility is urgently needed.
Disclosure of Invention
The embodiments of the invention provide a file encryption and decryption method, a device, an electronic device and a storage medium, so as to solve the problems that the related technology cannot encrypt and decrypt local files or files in other storage devices, mobility and flexibility are poor, and security is not high. The technical scheme is as follows:
according to one aspect of the invention, a file encryption and decryption method comprises the following steps: acquiring a target file; the target files comprise files in target storage equipment and files in other storage equipment; randomly generating an encryption key for the target file, and encrypting the target file according to the encryption key; storing the encryption key in a target storage device to obtain a storage address; and generating a public key and a private key through an encryption algorithm, encrypting the storage address by using the public key, and decrypting the target file by using the private key.
In one embodiment, an encryption key is randomly generated for the target file, and the target file is encrypted according to the encryption key by the following steps: randomly generating a 256-bit encryption key for the target file; and encrypting the target file through an AES symmetric encryption algorithm and the encryption key.
In one embodiment, storing the encryption key in the target storage device to obtain the storage address is achieved by: selecting a blank logic data area from the logic data block of the target storage device through a private command and a card reader corresponding to the target storage device; and writing the encryption key into a logic space of the target storage device in a logic writing mode in a length of one sector, and obtaining a corresponding logic address as a storage address.
In one embodiment, the public key and the private key are generated by an encryption algorithm, and the encryption of the storage address by the public key is realized by the following steps: generating a public key and a private key through RSA asymmetric encryption; and encrypting the storage address through the public key, and writing the encrypted storage address into the tail of the target file.
In one embodiment, decrypting the target file with the private key is accomplished by: decrypting the data at the tail of the target file by using the private key to obtain the storage address; reading data from the storage address through a private command and a card reader corresponding to the target storage device to obtain the encryption key; and decrypting the target file according to the encryption key.
According to one aspect of the present invention, a file encrypting and decrypting apparatus includes: the file acquisition module is used for acquiring a target file; the target files comprise files in target storage equipment and files in other storage equipment; the file encryption module is used for randomly generating an encryption key for the target file and encrypting the target file according to the encryption key; the key storage module is used for storing the encryption key in the target storage equipment to obtain a storage address; and the encryption and decryption module is used for generating a public key and a private key through an encryption algorithm, encrypting the storage address by using the public key and decrypting the target file by using the private key.
According to one aspect of the invention, an electronic device comprises at least one processor and at least one memory, wherein the memory has computer readable instructions stored thereon; the computer readable instructions are executed by one or more of the processors to cause an electronic device to implement a file encryption and decryption method as described above.
According to one aspect of the present invention, a storage medium has stored thereon computer readable instructions that are executed by one or more processors to implement the file encryption and decryption method as described above.
The technical scheme provided by the invention has the beneficial effects that:
in the technical scheme, firstly, the target file is obtained, the target file comprises the file in the target storage device and the file in other storage devices, then the encryption key is randomly generated for the target file, the target file is encrypted according to the encryption key, then the encryption key is stored in the target storage device to obtain the storage address, finally the public key and the private key are generated through the encryption algorithm, the storage address is encrypted by the public key, the target file is decrypted by the private key, and the actual encryption key is stored by combining the storage devices, so that the correct private key is needed to be provided when the file is decrypted, the storage device with the encryption key is needed, the confidentiality of the key is improved, the integrity of the key is greatly improved, if the key is stored in any visible file and possibly damaged by artificial modification, the special logic storage space is divided for the storage key, and the logic space can be edited only by using a special private command and a special card reader, the stability and the integrity of the key are greatly improved, and the problem that the encryption and decryption of the local file or the file in other storage devices cannot be effectively solved in the related technology is poor in the mobility and the security is not solved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings that are required to be used in the description of the embodiments of the present invention will be briefly described below. It is evident that the drawings in the following description are only some embodiments of the invention and that other drawings may be obtained from these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart illustrating a method of encrypting and decrypting a file according to an exemplary embodiment;
FIG. 2 is a flowchart of decrypting a target file in step 170 in the corresponding embodiment of FIG. 1;
FIG. 3 is a schematic flow diagram of encrypting a file in accordance with an example embodiment;
FIG. 4 is a schematic flow diagram of decrypting a file in accordance with an example embodiment;
FIG. 5 is a schematic illustration of a user interface according to an application scenario;
FIG. 6 is a flow diagram according to user operation in an application scenario;
FIG. 7 is a block diagram illustrating a file encrypting and decrypting apparatus according to an exemplary embodiment;
FIG. 8 is a hardware block diagram of an electronic device shown in accordance with an exemplary embodiment;
fig. 9 is a block diagram of an electronic device, according to an example embodiment.
Detailed Description
Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative only and are not to be construed as limiting the invention.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless expressly stated otherwise, as understood by those skilled in the art. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification of this disclosure, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. The term "and/or" as used herein includes all or any element and all combination of one or more of the associated listed items.
In order to solve the problems that the encryption and decryption of the local files or files in other storage devices cannot be performed in the prior art, the mobility and flexibility are poor, and the security is not high, the invention provides a file encryption and decryption method, which can encrypt and decrypt the local files or files in other storage devices, has strong security and high flexibility, is suitable for a file encryption and decryption device, and can be a computer device with a von neumann architecture, for example, the computer device comprises a desktop computer, a notebook computer, a server and the like. The file encryption and decryption method in the embodiment of the invention can be applied to various scenes, such as file encryption, file decryption and the like.
Referring to fig. 1, an embodiment of the present invention provides a method for encrypting and decrypting a file, which is applicable to an electronic device, and the electronic device may be a computer device configured with von neumann architecture, for example, the computer device includes a desktop computer, a notebook computer, a server, and the like.
In the following method embodiments, for convenience of description, the execution subject of each step of the method is described as an electronic device, but this configuration is not particularly limited.
As shown in fig. 1, the method may include the steps of:
step 110, obtain the target file.
Wherein the target file includes files in the target storage device and files in other storage devices.
In one possible implementation manner, the local file can be encrypted and decrypted by combining encryption and decryption software with the mobile storage device, the file in the USB device can also be encrypted and decrypted, the encryption and decryption functions can be realized on the local file and the files in other storage devices, and the security is strong and the flexibility is high.
And 130, randomly generating an encryption key for the target file, and encrypting the target file according to the encryption key.
In one possible implementation, a 256-bit encryption key is first randomly generated for the target file, and then the target file is encrypted by the AES symmetric encryption algorithm and the encryption key.
Specifically, to generate a 256-bit random encryption key for a file, a secure random number generator may be used, such a key may be generated using an encryption library or function, e.g., a secrets module in Python, a crypto module in node. Js, etc., by a secure random number generation function provided in a different programming language to generate a 256-bit random byte sequence, which may be used directly as an encrypted key, the encryption library typically accepting the byte sequence as a key parameter.
Further, encrypting a file using an AES symmetric encryption algorithm and a generated encryption key requires first selecting an encryption mode, AES supporting a plurality of encryption modes, for example ECB, CBC, CTR, etc., then reading the file content to be encrypted, if the file size is not an integer multiple of the packet size (typically 128 bits or 16 bytes), then data stuffing is required to adapt the file content to the packet size of the encryption algorithm, then inputting the file content and the key into the AES encryption algorithm, encrypting the file content, and finally saving the encrypted content to a new file or overlaying the original file.
Step 150, storing the encryption key in the target storage device to obtain a storage address.
In one possible implementation manner, a blank logic data area is selected from a logic data block of the target storage device through a private command and a card reader corresponding to the target storage device, then an encryption key is written into a logic space of the target storage device in a logic writing manner in a length of one sector, and a corresponding logic address is obtained as a storage address.
Step 170, generating a public key and a private key through an encryption algorithm, encrypting the storage address by using the public key, and decrypting the target file by using the private key.
In one possible implementation manner, the public key and the private key are generated through an encryption algorithm, the public key is used for encrypting the storage address, the public key and the private key are firstly generated through RSA asymmetric encryption, the public key is used for encrypting the storage address, and the encrypted storage address is written into the tail end of the target file.
In particular, the generation of public and private keys using RSA asymmetric encryption algorithms typically requires first selecting a key length, the security of the RSA key being related to the key length, a common length comprising a key of 2048 bits or more, in general, the longer the key, the higher the security, but the longer the time required for encryption and decryption may be, and then using the encryption library or tool function of the corresponding programming language to generate the RSA key pair.
Further, the public key of the receiver is used in the encryption process to encrypt the data, and only the receiver having the corresponding private key can decrypt the data.
In one possible implementation, as shown in fig. 2, decrypting the target file with the private key includes the steps of:
and 210, decrypting the data at the tail of the target file by using the private key to obtain the storage address.
And 230, reading data of the storage address through the private command and the card reader corresponding to the target storage device to obtain an encryption key.
Step 250, decrypting the target file according to the encryption key.
Specifically, to decrypt the data by combining the private key, firstly, reading the data to be decrypted, decrypting by using an encryption algorithm to obtain an encrypted file decryption key, then reading a file (usually in PEM format) storing the private key, loading the private key, and finally decrypting by using the loaded private key and decryption key to obtain the decrypted file.
Further, the 'encryption method' module in Python can be used for performing RSA decryption, and the self-defined 'paddinghoracle' class is used for performing symmetric encryption and decryption on file data, the 'paddinghoracle' class realizes the function of decrypting encrypted data and storing a decryption key, the process of decrypting the private key needs a password used by the private key, if the password is set during the storage of the private key, the password needs to be specified in the 'load_pemjprivate_key' function, and the encrypted file decryption key is properly stored, so that the security of the data is ensured.
Through the process, the embodiment of the invention firstly obtains the target file, the target file comprises the file in the target storage device and the file in other storage devices, then randomly generates the encryption key for the target file, encrypts the target file according to the encryption key, stores the encryption key in the target storage device to obtain the storage address, finally generates the public key and the private key through the encryption algorithm, encrypts the storage address by the public key, decrypts the target file by the private key, and stores the actual encryption key through combining the storage devices, thus the invention not only needs to provide the correct private key, but also needs to store the storage device storing the encryption key when decrypting the file, not only improves the confidentiality of the key, but also greatly improves the integrity of the key, if the key is stored in any visible file and is possibly modified and damaged by personnel, the special logic storage space is divided for the storage key and only needs to be edited by using a special command and a special card reader, thereby greatly improving the stability and the integrity of the key, and effectively solving the problem that the encryption and decryption of the local file or other storage devices cannot be carried out in the related technology.
In an exemplary embodiment, fig. 3 is a schematic flow chart of encrypting a file, specifically including the following steps:
in step 310, a file requiring encryption is input in software.
At step 320, the software generates a random 256bit encryption key, AES encrypts the file, and stores the encryption key in the storage device.
In step 330, the software stores the generated encryption and decryption key in the mobile storage device and records the current storage address.
In step 340, the software generates a public key and a private key through RSA algorithm, and encrypts the address with the public key.
In step 350, the software writes the encrypted address data to the last of the encrypted file.
In step 360, the software provides the private key to the user, who saves the private key, thus completing the file encryption.
Fig. 4 is a schematic flow chart of decrypting a file, specifically including the following steps:
in step 410, a file that needs to be decrypted is input into the software.
Step 420, the software reads the data at the end of the selected file.
In step 430, the software decrypts the data in combination with the private key entered by the user to obtain the address where the file decryption key is stored.
In step 440, the software reads the file decryption key, which is the data stored at the decrypted address, and decrypts the file according to the decryption key.
Step 450, if the key is correct, the decryption is successful, and if the key is incorrect, the decryption is failed, so as to finish the file decryption.
Through the process, the embodiment of the invention stores the actual encryption key by combining the storage device, so that the correct private key is needed to be provided when the file is decrypted, the storage device storing the encryption key is needed, the confidentiality of the key is improved, the integrity of the key is greatly improved, if the key is stored in any visual file and possibly modified and damaged by people, a special logic storage space is divided for storing the key, and a special private command and a special card reader are needed to edit the logic space, the stability and the integrity of the key are greatly improved, and the problems that the encryption and decryption of the local file or files in other storage devices cannot be carried out, the mobility and the flexibility are poor and the safety are not high in the related art can be effectively solved.
In an application scenario, an operation interface of a user is shown in fig. 5, and a flow chart of the user operation is shown in fig. 6.
As shown in fig. 5 and 6, when a user needs to encrypt a file, the user opens encryption software in a storage device, then selects the file needing to be encrypted, encrypts the file by the software, provides a private key for the user, and records a decryption private key provided by the software; when the user needs to decrypt the file, the user opens the decryption software in the storage device, selects the file needing to be decrypted, inputs a private key, and decrypts the file by the software to finish file decryption.
Through the process, the embodiment of the invention realizes that a user does not need to input an encryption password, the software generates random data with 256bit length to carry out AES symmetric encryption on the file, the key length is long, and the safety is high; storing the actual encryption key in combination with a mobile storage device; the user decrypts the file, so that not only a correct private key is needed to be provided, but also a storage device storing an actual encryption key is needed; the user does not need to provide and recite complex and long encryption passwords, and the software automatically generates highly complex passwords, so that the problems that local files or files in other storage devices cannot be encrypted and decrypted, mobility and flexibility are poor, and safety is low in the related technology can be effectively solved.
The following is an embodiment of the device of the present invention, which can be used to execute the file encryption and decryption method related to the present invention. For details not disclosed in the embodiment of the apparatus of the present invention, please refer to a method embodiment of the file encryption and decryption method related to the present invention.
Referring to fig. 7, in an embodiment of the present invention, a file encrypting and decrypting apparatus 800 is provided.
The apparatus 800 includes, but is not limited to: a file acquisition module 810, a file encryption module 830, a key storage module 850, and an encryption and decryption module 870.
The file obtaining module 810 is configured to obtain a target file; the target files include files within the target storage device and files within other storage devices.
The file encrypting module 830 is configured to randomly generate an encryption key for the target file, and encrypt the target file according to the encryption key.
The key storage module 850 is configured to store the encryption key in the target storage device to obtain a storage address.
The encryption and decryption module 870 is configured to generate a public key and a private key through an encryption algorithm, encrypt the storage address with the public key, and decrypt the target file with the private key.
It should be noted that, when encrypting and decrypting the file provided in the above embodiment, only the division of each functional module is used for illustration, in practical application, the above function allocation may be completed by different functional modules according to the need, that is, the internal structure of the file encrypting and decrypting device will be divided into different functional modules to complete all or part of the functions described above.
In addition, the embodiments of the file encrypting and decrypting apparatus and the file encrypting and decrypting method provided in the foregoing embodiments belong to the same concept, and the specific manner in which each module performs the operation has been described in detail in the method embodiment, which is not described herein again.
Fig. 8 is a schematic diagram of an electronic device according to an exemplary embodiment. It should be noted that the electronic device is only an example adapted to the present invention, and should not be construed as providing any limitation on the scope of use of the present invention. Nor should the electronic device be construed as necessarily relying on or necessarily having one or more of the components of the exemplary electronic device 2000 illustrated in fig. 8.
The hardware structure of the electronic device 2000 may vary widely depending on the configuration or performance, as shown in fig. 8, the electronic device 2000 includes: a power supply 210, an interface 230, at least one memory 250, and at least one central processing unit (CPU, central Processing Units) 270.
Specifically, the power supply 210 is configured to provide an operating voltage for each hardware device on the electronic device 2000.
The interface 230 includes at least one wired or wireless network interface 231 for interacting with external devices. Of course, in other examples of the adaptation of the present invention, the interface 230 may further include at least one serial-parallel conversion interface 233, at least one input-output interface 235, at least one USB interface 237, and the like, as shown in fig. 8, which is not particularly limited herein.
The memory 250 may be a carrier for storing resources, such as a read-only memory, a random access memory, a magnetic disk, or an optical disk, where the resources stored include an operating system 251, application programs 253, and data 255, and the storage mode may be transient storage or permanent storage.
The operating system 251 is used for managing and controlling various hardware devices and applications 253 on the electronic device 2000, so as to implement the operation and processing of the cpu 270 on the mass data 255 in the memory 250, which may be Windows server, mac OS XTM, unixTM, linuxTM, freeBSDTM, etc.
The application 253 is based on computer readable instructions on the operating system 251 to perform at least one specific task, which may include at least one module (not shown in fig. 8), each of which may include computer readable instructions for the electronic device 2000, respectively. For example, the file encrypting and decrypting apparatus can be regarded as the application 253 deployed on the electronic device 2000.
The data 255 may be information stored in a disk, etc., and stored in the memory 250.
The central processor 270 may include one or more of the above processors and is configured to communicate with the memory 250 via at least one communication bus to read computer readable instructions stored in the memory 250, thereby implementing operations and processing of the bulk data 255 in the memory 250. The file encryption and decryption method is accomplished, for example, by the central processor 270 reading a series of computer readable instructions stored in the memory 250.
Furthermore, the present invention can be realized by hardware circuitry or by a combination of hardware circuitry and software, and thus, the implementation of the present invention is not limited to any specific hardware circuitry, software, or combination of the two.
Referring to fig. 9, in an embodiment of the present invention, an electronic device 4000 is provided, and the electronic device 400 may include: desktop computers, notebook computers, servers, etc. with the ability to handle flash read disturbances.
In fig. 9, the electronic device 4000 includes at least one processor 4001 and at least one memory 4003.
Among other things, data interaction between the processor 4001 and the memory 4003 may be achieved by at least one communication bus 4002. The communication bus 4002 may include a path for transferring data between the processor 4001 and the memory 4003. The communication bus 4002 may be a PCI (Peripheral Component Interconnect, peripheral component interconnect standard) bus or an EISA (Extended Industry Standard Architecture ) bus, or the like. The communication bus 4002 can be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in fig. 9, but not only one bus or one type of bus.
Optionally, the electronic device 4000 may further comprise a transceiver 4004, the transceiver 4004 may be used for data interaction between the electronic device and other electronic devices, such as transmission of data and/or reception of data, etc. It should be noted that, in practical applications, the transceiver 4004 is not limited to one, and the structure of the electronic device 4000 is not limited to the embodiment of the present invention.
The processor 4001 may be a CPU (Central Processing Unit ), general purpose processor, DSP (Digital Signal Processor, data signal processor), ASIC (Application Specific Integrated Circuit ), FPGA (Field Programmable Gate Array, field programmable gate array) or other programmable logic device, transistor logic device, hardware components, or any combination thereof. Which may implement or perform the various exemplary logic blocks, modules and circuits described in connection with this disclosure. The processor 4001 may also be a combination that implements computing functionality, e.g., comprising one or more microprocessor combinations, a combination of a DSP and a microprocessor, etc.
Memory 4003 may be, but is not limited to, ROM (Read Only Memory) or other type of static storage device that can store static information and instructions, RAM (Random Access Memory ) or other type of dynamic storage device that can store information and instructions, EEPROM (Electrically Erasable Programmable Read OnlyMemory ), CD-ROM (Compact Disc Read Only Memory, compact disc Read Only Memory) or other optical disk storage, optical disk storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program instructions or code in the form of instructions or data structures and that can be accessed by electronic device 400.
The memory 4003 has computer readable instructions stored thereon, and the processor 4001 can read the computer readable instructions stored in the memory 4003 through the communication bus 4002.
The computer readable instructions are executed by the one or more processors 4001 to implement the file encryption and decryption methods in the embodiments described above.
In addition, in an embodiment of the present invention, a storage medium is provided, where computer readable instructions are stored, where the computer readable instructions are executed by one or more processors to implement a file encrypting and decrypting method as described above.
In an embodiment of the present invention, a computer program product is provided, where the computer program product includes computer readable instructions, where the computer readable instructions are stored in a storage medium, and one or more processors of an electronic device read the computer readable instructions from the storage medium, load and execute the computer readable instructions, so that the electronic device implements a file encrypting and decrypting method as described above.
Compared with the related art, the invention has the beneficial effects that:
1. according to the method, the target file is firstly obtained, the target file comprises the file in the target storage device and the file in other storage devices, then the encryption key is randomly generated for the target file, the target file is encrypted according to the encryption key, the encryption key is stored in the target storage device to obtain the storage address, finally the public key and the private key are generated through the encryption algorithm, the storage address is encrypted by the public key, the target file is decrypted by the private key, and the actual encryption key is stored by combining the storage devices, so that the correct private key is needed to be provided when the file is decrypted, the storage device storing the encryption key is needed, the confidentiality of the key is improved, the integrity of the key is greatly improved, if the key is stored in any visual file and possibly modified and damaged by personnel, the special logic storage space is divided for the storage key, the special private command and the special card reader are needed to be used for editing the logic space, the stability and the integrity of the key are greatly improved, and the problem that the local file or the file in other storage devices cannot be encrypted and decrypted in the related technology can be effectively solved, and the flexibility is poor.
2. The invention can decrypt the file only by the storage device and knowing the encryption password set by the user, and the storage device is small, light and convenient and has high flexibility
3. The key of the invention is stored in the storage device, and if decryption is needed, the storage device and the encryption password set by the user are needed to be owned, so that the security is high.
4. The invention combines the encryption and decryption software and the mobile storage equipment, can form the mobile storage equipment with the function of encrypting and decrypting local files or files in other storage equipment, and has strong safety and high flexibility.
5. The invention provides a file encryption storage device, which has the main functions that: encrypting and decrypting the file by using software in the device, and storing file encryption and decryption key information in a logic data block of the device; the device divides a small amount of physical storage space for running software; the user cannot perform other operations on the device, such as storing files, copying files, etc.; the device divides a space specially used for storing the secret key, and is used for ensuring the integrity of the secret key; the device needs to be used in combination with a special card reader, and encryption and decryption software can write and read key information in a logic area of the device by using a private logic write-read command; in the encryption and decryption process, software does not store encryption and decryption keys of files, the equipment records key information in a logic space of the equipment, is invisible in a physical layer (interface display), does not generate physical information directly related to the keys, and does not record the key information into any document, namely, the equipment cannot see any information or document directly related to the keys on the interface, so that confidentiality and security of the keys are greatly improved.
6. The invention adopts AES symmetric encryption algorithm with short time consumption to encrypt and decrypt the file, and adopts RSA asymmetric encryption to encrypt the key. The asymmetric encryption has high security, the asymmetric encryption uses a pair of keys, one is used for encryption and the other is used for decryption, the public key is public, the keys are stored by themselves, the keys do not need to be synchronized before communication, and the operation is simple; the software adopts two encryption modes to carry out asymmetric encryption on the short data and symmetrically encrypt the file. The combination of symmetric encryption and asymmetric encryption ensures that the encrypted file has higher encryption efficiency while improving the security.
7. According to the invention, a user does not need to input an encryption password, the software generates 256-bit-length random data to carry out AES symmetric encryption on the file, and the key length is long and the safety is high; storing the actual encryption key in combination with a mobile storage device; the user decrypts the file, so that not only a correct private key is needed to be provided, but also a storage device storing an actual encryption key is needed; the user does not need to provide and recite complex and long encryption passwords, and the software automatically generates highly complex passwords; the device does not generate a file storing encryption and decryption key information on the interface; the file encryption and decryption keys are only stored in the logic blocks of the equipment, are invisible on the interface and cannot be obtained through violence; for encryption of the file, the device does not perform any operation on the file outside the file, so that the independence of the file and the encryption confidentiality are improved.
8. The encryption and decryption keys are stored in the logic space of the equipment, so that the confidentiality of the keys is improved, and the integrity of the keys is also greatly improved. Because if the key is stored in any visual file, it is likely to be artificially modified and damaged. The device divides a special logic storage space for storing the secret key, and a special private command and a special card reader are needed to edit the logic space, so that the stability and the integrity of the secret key are greatly improved.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited in order and may be performed in other orders, unless explicitly stated herein. Moreover, at least some of the steps in the flowcharts of the figures may include a plurality of sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, the order of their execution not necessarily being sequential, but may be performed in turn or alternately with other steps or at least a portion of the other steps or stages.
The foregoing is only a partial embodiment of the present invention, and it should be noted that it will be apparent to those skilled in the art that modifications and adaptations can be made without departing from the principles of the present invention, and such modifications and adaptations are intended to be comprehended within the scope of the present invention.
Claims (8)
1. A method for encrypting and decrypting a file, the method comprising:
acquiring a target file; the target files comprise files in target storage equipment and files in other storage equipment;
randomly generating an encryption key for the target file, and encrypting the target file according to the encryption key;
storing the encryption key in a target storage device to obtain a storage address;
and generating a public key and a private key through an encryption algorithm, encrypting the storage address by using the public key, and decrypting the target file by using the private key.
2. The method for encrypting and decrypting a file according to claim 1, wherein said generating an encryption key for said target file at random, encrypting said target file according to said encryption key, comprises:
randomly generating a 256-bit encryption key for the target file;
and encrypting the target file through an AES symmetric encryption algorithm and the encryption key.
3. The method for encrypting and decrypting a file according to claim 1, wherein said storing the encryption key in the target storage device to obtain the storage address comprises:
selecting a blank logic data area from the logic data block of the target storage device through a private command and a card reader corresponding to the target storage device;
and writing the encryption key into a logic space of the target storage device in a logic writing mode in a length of one sector, and obtaining a corresponding logic address as a storage address.
4. The method for encrypting and decrypting a file according to claim 1, wherein said generating a public key and a private key by an encryption algorithm, encrypting said storage address with said public key, comprises:
generating a public key and a private key through RSA asymmetric encryption;
and encrypting the storage address through the public key, and writing the encrypted storage address into the tail of the target file.
5. The method for encrypting and decrypting the target file according to claim 1, wherein decrypting the target file using the private key comprises:
decrypting the data at the tail of the target file by using the private key to obtain the storage address;
reading data from the storage address through a private command and a card reader corresponding to the target storage device to obtain the encryption key;
and decrypting the target file according to the encryption key.
6. A document encrypting and decrypting apparatus, the apparatus comprising:
the file acquisition module is used for acquiring a target file; the target files comprise files in target storage equipment and files in other storage equipment;
the file encryption module is used for randomly generating an encryption key for the target file and encrypting the target file according to the encryption key;
the key storage module is used for storing the encryption key in the target storage equipment to obtain a storage address;
and the encryption and decryption module is used for generating a public key and a private key through an encryption algorithm, encrypting the storage address by using the public key and decrypting the target file by using the private key.
7. An electronic device, comprising: at least one processor, and at least one memory, wherein,
the memory has computer readable instructions stored thereon;
the computer readable instructions are executed by one or more of the processors to cause an electronic device to implement the file encryption and decryption method of any one of claims 1 to 5.
8. A storage medium having stored thereon computer readable instructions, the computer readable instructions being executable by one or more processors to implement the method of encrypting and decrypting a file as claimed in any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311805127.6A CN117786718A (en) | 2023-12-25 | 2023-12-25 | File encryption and decryption method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311805127.6A CN117786718A (en) | 2023-12-25 | 2023-12-25 | File encryption and decryption method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117786718A true CN117786718A (en) | 2024-03-29 |
Family
ID=90386582
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311805127.6A Pending CN117786718A (en) | 2023-12-25 | 2023-12-25 | File encryption and decryption method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117786718A (en) |
-
2023
- 2023-12-25 CN CN202311805127.6A patent/CN117786718A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10348497B2 (en) | System and method for content protection based on a combination of a user pin and a device specific identifier | |
| US8107621B2 (en) | Encrypted file system mechanisms | |
| US9813389B2 (en) | System and method for wireless data protection | |
| TWI570590B (en) | Dynamic encryption keys for use with xts encryption systems employing reduced-round ciphers | |
| US20110219241A1 (en) | Encryption program operation management system and program | |
| JPH10511778A (en) | Method of executing a communication protocol between two processing devices using a secret key | |
| CN111008094B (en) | Data recovery method, device and system | |
| CN110874476B (en) | Data processing system, method, storage medium, and processor | |
| JP2002101087A (en) | Information-preserving system, information moving system and storage medium used for them | |
| US20230259926A1 (en) | Address generation method, blockchain information processing method, and related device | |
| JPH10271104A (en) | Ciphering method and decipherinc method | |
| CN117786718A (en) | File encryption and decryption method and device, electronic equipment and storage medium | |
| CN113839773B (en) | LUKS key offline extraction method, terminal equipment and storage medium | |
| CN103154967A (en) | Modifying a length of an element to form an encryption key | |
| CN106570410B (en) | Data encryption method, data decryption method, device and system | |
| CN113158203A (en) | SOC chip, circuit and external data reading and writing method of SOC chip | |
| CN112632624A (en) | Storage block encryption and decryption method, system, terminal and storage medium | |
| JP5539024B2 (en) | Data encryption apparatus and control method thereof | |
| CN113381854B (en) | Data transmission method, device, equipment and storage medium | |
| CN101763485A (en) | Data protecting method | |
| RU2099779C1 (en) | Device for protecting information stored in personal computers | |
| CN118114318A (en) | Method and device for realizing flash disk bottom encryption, electronic equipment and storage medium | |
| TW202411866A (en) | File encrypting method and device | |
| WO2024094290A1 (en) | Apparatus and method for storage protection | |
| CN116415270A (en) | File application management method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |