CN118101320A - Data encryption method, data decryption device, electronic equipment and storage medium - Google Patents

Data encryption method, data decryption device, electronic equipment and storage medium Download PDF

Info

Publication number
CN118101320A
CN118101320A CN202410430970.9A CN202410430970A CN118101320A CN 118101320 A CN118101320 A CN 118101320A CN 202410430970 A CN202410430970 A CN 202410430970A CN 118101320 A CN118101320 A CN 118101320A
Authority
CN
China
Prior art keywords
data
key
ciphertext
encryption
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410430970.9A
Other languages
Chinese (zh)
Inventor
崔兴争
赵路
张希涛
秦世欢
杜薏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qax Technology Group Inc
Original Assignee
Qax Technology Group Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qax Technology Group Inc filed Critical Qax Technology Group Inc
Priority to CN202410430970.9A priority Critical patent/CN118101320A/en
Publication of CN118101320A publication Critical patent/CN118101320A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The application provides a data encryption method, a data decryption device, electronic equipment and a storage medium. The method comprises the following steps: generating a first key of a first encryption and decryption algorithm; encrypting the first key by using a second key of a second encryption and decryption algorithm to obtain a key ciphertext corresponding to the first key; encrypting the data to be encrypted by using the first key to obtain a data ciphertext; the first encryption and decryption algorithm and the second encryption and decryption algorithm are different encryption and decryption algorithms; and generating target encrypted data according to the key ciphertext and the data ciphertext. According to the embodiment of the application, the generated first key is used for encrypting the data to be encrypted, the second encryption algorithm is used for encrypting the generated first key, and the two different encryption algorithms are used for encrypting, so that the safety of the data is improved.

Description

Data encryption method, data decryption device, electronic equipment and storage medium
Technical Field
The present application relates to the field of data security technologies, and in particular, to a data encryption method, a data decryption device, an electronic device, and a storage medium.
Background
Data security has been a concern for the public, and therefore, various data encryption methods have emerged, and currently, data encryption methods include symmetric encryption algorithms and asymmetric encryption algorithms.
In the prior art, data is generally encrypted by adopting a piled encryption algorithm or an asymmetric encryption algorithm so as to improve the security of the data. However, in practical applications, there is still a risk of data leakage, resulting in a problem that data security is still low.
Disclosure of Invention
The embodiment of the application aims to provide a data encryption method, a data decryption device, electronic equipment and a storage medium, which are used for improving the security of data.
In a first aspect, an embodiment of the present application provides a data encryption method, including:
generating a first key of a first encryption and decryption algorithm;
Encrypting the first key by using a second key of a second encryption and decryption algorithm to obtain a key ciphertext corresponding to the first key; encrypting the data to be encrypted by using the first key to obtain a data ciphertext; the first encryption and decryption algorithm and the second encryption and decryption algorithm are different encryption and decryption algorithms;
and generating target encrypted data according to the key ciphertext and the data ciphertext.
According to the embodiment of the application, the generated first key is used for encrypting the data to be encrypted, the second encryption algorithm is used for encrypting the generated first key, and the two different encryption algorithms are used for encrypting, so that the safety of the data is improved.
In any embodiment, encrypting data to be encrypted with a first key to obtain a data ciphertext includes:
reading the data to be encrypted according to a first preset byte number in sequence from the data to be encrypted to obtain a read data block;
Encrypting data of a second preset byte number from a preset position in the data block by using a first key based on the read data block to obtain encrypted data; wherein the second preset number of bytes is less than the first preset number of bytes;
Generating an encrypted data block based on the encrypted data and the unencrypted data in the data block until the data to be encrypted is read and encrypted;
And generating a data ciphertext based on each encrypted data block corresponding to the data to be encrypted.
The embodiment of the application improves the efficiency of data encryption by carrying out segmented encryption on the data to be encrypted.
In any embodiment, encrypting data to be encrypted with a first key to obtain a data ciphertext includes:
circularly executing the steps of a preset encryption method until the reading of the data to be encrypted is completed, and obtaining the data ciphertext;
The preset encryption method comprises the following steps:
reading first target data with a third preset byte number from unread data of the data to be encrypted, encrypting the first target data by using the first key to obtain a sub-data ciphertext, and writing the sub-data ciphertext into a first folder established in advance;
And reading second target data with a fourth preset byte number from the unread data of the data to be encrypted, and writing the second target data into the first folder.
The embodiment of the application improves the efficiency of data encryption by carrying out segmented encryption on the data to be encrypted.
In any embodiment, generating the target encrypted data according to the key ciphertext and the data ciphertext includes:
And writing the key ciphertext and the data ciphertext into a preset position of the newly-built compression packet to obtain the target encrypted data.
According to the embodiment of the application, the key ciphertext is written into the preset position of the compression packet, and then the data block ciphertext is sequentially written, so that the key ciphertext can be quickly found from the target data ciphertext and decrypted when the data is decrypted.
In any embodiment, before encrypting the data to be encrypted using the first key, the method further comprises:
And compressing the original data according to a preset compression format to obtain the data to be encrypted.
According to the embodiment of the application, the original data is compressed, so that the original data comprising a plurality of files can be encrypted together, and the encryption efficiency is improved.
In any embodiment, the raw data comprises base-related asset data comprising at least one of a metadata file, a data file, and an attachment file.
According to the embodiment of the application, the related base asset data is encrypted in a mode of combining two encryption and decryption algorithms, so that the security of the related base asset data is improved.
In any embodiment, the first encryption and decryption algorithm is a symmetric encryption and decryption algorithm, and the second encryption and decryption algorithm is an asymmetric encryption and decryption algorithm.
According to the embodiment of the application, the data to be encrypted is encrypted by utilizing the symmetric encryption and decryption algorithm, and the first secret key generated by the asymmetric encryption and decryption algorithm is used for encrypting the data to be encrypted, so that the data to be encrypted is encrypted by utilizing the multiple encryption algorithms, and the safety of the data is improved.
In a second aspect, an embodiment of the present application provides a data decryption method, including:
Acquiring target encrypted data, wherein the target encrypted data comprises a key ciphertext and a data ciphertext; the key ciphertext is obtained by encrypting the first key by using a second key of the first encryption and decryption algorithm;
Decrypting the key ciphertext by using a third key corresponding to the second encryption and decryption algorithm to obtain a first key; the first encryption and decryption algorithm and the second encryption and decryption algorithm are different encryption and decryption algorithms;
And decrypting the data ciphertext by using the first key to obtain decrypted data.
According to the embodiment of the application, the data to be encrypted is encrypted by utilizing the generated first key, the generated first key is encrypted by utilizing the second encryption and decryption algorithm, the target data ciphertext is decrypted by utilizing the corresponding decryption method, and the data security is improved.
In any embodiment, decrypting the key ciphertext using a third key corresponding to the second encryption and decryption algorithm includes:
Reading the key ciphertext from the target encrypted data based on the length of the key ciphertext and the location information in the target encrypted data;
And decrypting the key ciphertext by using the third key.
According to the embodiment of the application, the first key is obtained by decrypting the key ciphertext by using the third key, so that the data to be encrypted can be decrypted by using the first key, and the data security is improved by adopting a double encryption and decryption mode.
In any embodiment, decrypting the data ciphertext using the first key to obtain decrypted data includes:
Reading the data blocks to be decrypted from the data ciphertext according to the fifth preset byte number in sequence;
Decrypting the data of a sixth preset byte number from a preset position in the data block to be decrypted by using the first key to obtain decrypted data; wherein the sixth preset number of bytes is less than the fifth preset number of bytes;
Generating a decrypted data block based on the decrypted data and the undeveloped data in the data block to be decrypted until the data ciphertext is read and decrypted;
And generating decrypted data based on each decrypted data block corresponding to the data ciphertext.
The embodiment of the application carries out block decryption on the data ciphertext, thereby improving the decryption efficiency.
In any embodiment, decrypting the data ciphertext using the first key to obtain decrypted data includes:
circularly executing the steps of a preset decryption method until the reading of the data ciphertext is completed, and obtaining decrypted data;
the preset decryption method comprises the following steps:
Reading third target data with a seventh preset byte number from unread data of the data ciphertext, decrypting the third target data by using a first key to obtain sub-decrypted data, and writing the sub-decrypted data into a pre-established second folder;
and reading fourth target data with an eighth preset byte number from the unread data of the data ciphertext, and writing the fourth target data into a pre-established second folder.
According to the embodiment of the application, the first key is obtained by decrypting the key ciphertext by using the third key, so that the data to be encrypted can be decrypted by using the first key, and the data security is improved by adopting a double encryption and decryption mode.
In any embodiment, the decrypted data comprises base-related asset data comprising at least one of a metadata file, a data file, and an attachment file.
According to the embodiment of the application, the related base asset data is encrypted and decrypted in a mode of combining two encryption and decryption algorithms, so that the security of the related base asset data is improved.
In any embodiment, the first encryption and decryption algorithm is a symmetric encryption and decryption algorithm, and the second encryption and decryption algorithm is an asymmetric encryption and decryption algorithm.
The embodiment of the application encrypts the data to be encrypted by utilizing the symmetric encryption and decryption algorithm, encrypts the first key generated by utilizing the asymmetric encryption and decryption algorithm, decrypts the key ciphertext firstly during decryption, and decrypts the data ciphertext by utilizing the decrypted first key, so that the data to be encrypted is encrypted and decrypted by utilizing the multiple encryption algorithm, and the safety of the data is improved.
In a third aspect, an embodiment of the present application provides a data encryption apparatus, including:
The key generation module is used for generating a first key of a first encryption and decryption algorithm;
the encryption module is used for encrypting the first key by using a second key of a second encryption and decryption algorithm to obtain a key ciphertext corresponding to the first key; encrypting the data to be encrypted by using the first key to obtain a data ciphertext; wherein the first encryption and decryption algorithm and the second encryption and decryption algorithm are different encryption and decryption algorithms;
and the ciphertext generating module is used for generating target encrypted data according to the key ciphertext and the data ciphertext.
In a fourth aspect, an embodiment of the present application provides a data decryption apparatus, including:
The data acquisition module is used for acquiring target encrypted data, wherein the target encrypted data comprises a key ciphertext and a data ciphertext; the key ciphertext is obtained by encrypting a first key by using a first encryption and decryption algorithm;
The first decryption module is used for decrypting the key ciphertext by using a third key corresponding to the second encryption and decryption algorithm to obtain a first key; the first encryption and decryption algorithm and the second encryption and decryption algorithm are different encryption and decryption algorithms;
and the second decryption module is used for decrypting the data ciphertext by using the first key to obtain decrypted data.
In a fifth aspect, an embodiment of the present application provides an electronic device, including: a processor, a memory, and a bus, wherein,
The processor and the memory complete communication with each other through the bus;
the memory stores program instructions executable by the processor, the processor invoking the program instructions to enable the method of the first or second aspect to be performed.
In a sixth aspect, embodiments of the present application provide a non-transitory computer readable storage medium comprising:
the non-transitory computer readable storage medium stores computer instructions that cause the computer to perform the method of the first or second aspect.
In a seventh aspect, embodiments of the present application provide a computer program product comprising computer program instructions which, when read and executed by a processor, perform the method of the first or second aspect.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the embodiments of the application. The objectives and other advantages of the application will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and should not be considered as limiting the scope, and other related drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a data encryption method according to an embodiment of the present application;
Fig. 2 is a schematic flow chart of a method for encrypting data to be encrypted according to an embodiment of the present application;
FIG. 3 is a schematic flow chart of another data encryption method according to an embodiment of the present application;
FIG. 4 is a schematic flow chart of a data encryption method according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a comparison of a segment encryption before and after the segment encryption according to an embodiment of the present application;
fig. 6 is a schematic flow chart of a data decryption method according to an embodiment of the present application;
FIG. 7 is a flowchart of another data decryption method according to an embodiment of the present application;
FIG. 8 is a flowchart of a reporting and sorting process for a related-art asset according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a data encryption device according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of a data decryption device according to an embodiment of the present application;
Fig. 11 is a schematic diagram of an entity structure of an electronic device according to an embodiment of the present application.
Detailed Description
Embodiments of the technical scheme of the present application will be described in detail below with reference to the accompanying drawings. The following examples are only for more clearly illustrating the technical aspects of the present application, and thus are merely examples, and are not intended to limit the scope of the present application.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "comprising" and "having" and any variations thereof in the description of the application and the claims and the description of the drawings above are intended to cover a non-exclusive inclusion.
In the description of embodiments of the present application, the technical terms "first," "second," and the like are used merely to distinguish between different objects and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated, a particular order or a primary or secondary relationship. In the description of the embodiments of the present application, the meaning of "plurality" is two or more unless explicitly defined otherwise.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.
In the description of the embodiments of the present application, the term "and/or" is merely an association relationship describing an association object, and indicates that three relationships may exist, for example, a and/or B may indicate: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
In the description of the embodiments of the present application, the term "plurality" means two or more (including two), and similarly, "plural sets" means two or more (including two), and "plural sheets" means two or more (including two).
In the description of the embodiments of the present application, unless explicitly specified and limited otherwise, the terms "mounted," "connected," "secured" and the like should be construed broadly and may be, for example, fixedly connected, detachably connected, or integrally formed; or may be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communicated with the inside of two elements or the interaction relationship of the two elements. The specific meaning of the above terms in the embodiments of the present application will be understood by those of ordinary skill in the art according to specific circumstances.
For ease of understanding, the description is given with respect to the relevant terms involved in the embodiments of the present application:
closing the base asset: is short for key information infrastructure security detection and assessment of assets, and the assets comprise related data such as systems, networks, devices, services, websites, networks, databases and the like.
Closing base unit: units to which the Guanyu asset belongs.
The gateway management module is a system platform for uniformly managing the gateway asset data and comprises functions of adding, deleting, modifying and checking the data and data statistics.
Reporting the widget: the off-line desktop application program can carry out filling reporting on related base asset data and export the filled data into an encrypted compressed package.
Form data: the user inputs text data or numerical values and the like in the report widget page form.
Attachment file: the user reports attachments uploaded by the widget page, such as word, pdf, pictures, compressed packages, etc.
RSA: is an asymmetric encryption algorithm that uses a pair of keys (public key and private key) for encryption and decryption, with the public key being used for encryption and the private key being used for decryption.
SM4: the symmetric encryption algorithm is a commercial encryption algorithm, SM4 belongs to a block cipher, and supports 128-bit keys and 128-bit packet lengths.
File stream: the method is a concept in computer programming and is used for performing read-write operation on the file in a streaming mode, and the file is divided into an input stream and an output stream, so that sequential access and processing of file data are realized.
Bytes: is a unit of computer storage, typically represented as 8-bit binary data, is the basic unit of information, representing a unit of one character or binary data.
In the application project, the gateway base unit needs to use an offline small tool to carry out data filling, the filled data is exported to be an encrypted compressed packet, then the encrypted compressed packet is manually copied, the data is imported into the gateway base management system for unified management and analysis, and the asset data is required to be encrypted in the reporting process, so that the safety of data transmission is ensured. The current method for encrypting the asset data is to select an encryption algorithm and then encrypt the asset data by using the encryption algorithm. This encryption method makes the security of the data not high.
The reporting of the gateway asset data mainly comprises two stages, wherein the first stage is to use a reporting widget to carry out data reporting and package the data to generate an encryption ZIP package process, the encrypted content comprises form data and an accessory file, and the encryption ZIP package is manually copied to an environment of a gateway system management platform capable of being uploaded after being exported. The second stage is to import the encrypted compressed package into the base closing system management platform, and the second stage is to complete the decryption processing and the analysis and warehousing work of the encrypted compressed package, and finally complete the base closing asset reporting process.
Therefore, the embodiment of the application provides a data encryption method, a data decryption method, a device, electronic equipment and a storage medium. The encryption mode is more complex and the data is safer by the double dynamic encryption and decryption method.
Fig. 1 is a schematic flow chart of a data encryption method according to an embodiment of the present application, as shown in fig. 1. It can be understood that the data encryption method and the data decryption method provided by the embodiment of the application can be applied to electronic equipment, and the electronic equipment comprises a terminal and a server; the terminal can be a smart phone, a tablet computer, a Personal digital assistant (Personal DIGITAL ASSITANT, PDA) and the like; the server may be an application server or a Web server. The method comprises the following steps:
step 101: generating a first key of a first encryption and decryption algorithm;
Step 102: encrypting the first key by using a second key of a second encryption and decryption algorithm to obtain a key ciphertext corresponding to the first key; encrypting the data to be encrypted by using the first key to obtain a data ciphertext; the first encryption and decryption algorithm and the second encryption and decryption algorithm are different encryption and decryption algorithms;
step 103: and generating target encrypted data according to the key ciphertext and the data ciphertext.
In step 101, the first key may be dynamically generated by the terminal device according to a key format of the first encryption and decryption algorithm. I.e. the corresponding first keys are different for different data to be encrypted, which has the advantage that the risk that all encrypted data can be decrypted after the first key is revealed is reduced. The first key may also be fixed, i.e. the terminal device generates once in the initial stage, and the first key is used in the subsequent encryption of different data to be encrypted, which has the advantage that the resource consumption of the terminal device can be reduced.
Taking the first encryption and decryption algorithm as an SM4 algorithm as an example, the byte length of the generated first key is 128 bits. Different encryption and decryption algorithms have different requirements on the format of the key, so that in practical application, the corresponding first key can be generated according to a specific first encryption and decryption algorithm.
In step 102, a second key is also generated in advance based on a second encryption and decryption algorithm. After the second key is obtained, the first key is encrypted by the second key, and a key ciphertext corresponding to the first key is obtained. And after the second key is obtained, the data to be encrypted can be encrypted by using the second key, so as to obtain the data ciphertext after the data to be encrypted is encrypted. It should be noted that the first key and the data to be encrypted may be encrypted by using the second key at the same time, or the first key may be encrypted first, and after the first key is encrypted, the data to be encrypted is encrypted; the data to be encrypted may be encrypted first, and the first key may be encrypted after the data to be encrypted is encrypted or after the encryption is completed.
Taking the scenario of encrypting the related base asset data as an example, the data to be encrypted may include at least one of a metadata file, a data file, and an attachment file. The metadata file describes information such as a version of the reporting widget, a data file and the like, the data file is form data filled by the reporting widget, the data file can be a text file in a json array form, and the attachment file is an attachment uploaded by the reporting widget. To facilitate encryption of metadata files, data files, and attachment files, these three types of files may be placed in the same folder and compressed into a compression package of a preset format, such as ZIP format or RAR format.
In step 103, the key ciphertext and the data ciphertext may be concatenated, and the concatenated data written into a pre-established compressed packet. In addition, the key ciphertext and the data ciphertext may be written in a predetermined position of the pre-established compressed packet, for example: writing the key ciphertext into the head of the compression packet, and writing the data ciphertext into the rear of the key ciphertext; or writing the data ciphertext into the head of the compression packet, and writing the key ciphertext into the back of the data ciphertext; or inserting the key ciphertext at a specific location in the middle of the data ciphertext, etc.
It is understood that the first encryption and decryption algorithm may be a symmetric encryption and decryption algorithm, such as SM4, DSA, etc. The second encryption and decryption algorithm is an asymmetric encryption and decryption algorithm, for example: RAS, AES, etc. The public key and the private key of the second encryption and decryption algorithm may be agreed in advance.
According to the embodiment of the application, the generated first key is used for encrypting the data to be encrypted, the second encryption algorithm is used for encrypting the generated first key, and two different encryption and decryption algorithms are used for encrypting, so that the difficulty of decoding is higher, and the safety of the data is improved.
On the basis of the above embodiment, encrypting the data to be encrypted by using the first key to obtain the data ciphertext includes:
reading the data to be encrypted according to a first preset byte number in sequence from the data to be encrypted to obtain a read data block;
Encrypting data of a second preset byte number from a preset position in the data block by using a first key based on the read data block to obtain encrypted data; wherein the second preset number of bytes is less than the first preset number of bytes;
Generating an encrypted data block based on the encrypted data and the unencrypted data in the data block until the data to be encrypted is read and encrypted;
And generating a data ciphertext based on each encrypted data block corresponding to the data to be encrypted.
In a specific implementation process, when encrypting the data to be encrypted, a segmented encryption mode may be adopted, that is, the data to be encrypted is sequentially read according to the first preset byte number, so that the data of the first preset byte number can be read each time, and the read data is called a data block. It will be appreciated that the size of the last read data block may be smaller than the first predetermined number of bytes.
For each read data block, selecting a part of data in the data block for encryption, wherein the part of data can be obtained by reading from a preset position of the data block, and reading data with a second preset byte number as the data to be encrypted. For example: the data of the second preset byte number can be read from the head of the data block, and the first key is used for encrypting the data to obtain encrypted data. The encrypted data is then combined with the unencrypted data in the data block to form an encrypted data block.
Wherein the first preset number of bytes and the second preset number of bytes are preset, for example: the first preset byte number can be 100M, the second preset byte number can be 10M, when encryption is performed, 100M data are read from data to be encrypted each time, then the first 10M data in the read 100M data are encrypted, and the encrypted data obtained by encrypting the first 10M data are spliced with the last 90M data to obtain an encrypted data block.
It should be noted that, by encrypting the data block read each time by using the encryption method described above, a plurality of encrypted data blocks can be obtained. And splicing the plurality of encrypted data blocks to obtain the data ciphertext. In addition, for the last read data block, the size may be smaller than the first preset number of bytes, and for the last data block, the size is smaller than the first preset number of bytes but larger than the second preset number of bytes, encryption may be performed according to the encryption manner described above; for the case that the size of the last data block is smaller than the second preset byte number, encryption processing may be performed on all data in the data block, or encryption may not be performed on the data block, and may be specifically set according to practical situations.
The embodiment of the application improves the efficiency of data encryption by carrying out segmented encryption on the data to be encrypted.
On the basis of the above embodiment, encrypting the data to be encrypted by using the first key to obtain the data ciphertext includes:
circularly executing the steps of a preset encryption method until the reading of the data to be encrypted is completed, and obtaining a plurality of data block ciphertexts;
Generating a data ciphertext based on the plurality of data block ciphertexts;
The preset encryption method comprises the following steps:
Reading first target data with a third preset byte number from unread data of the data to be encrypted, and encrypting the target data by using a first key to obtain a sub-data ciphertext;
and reading second target data with a fourth preset byte number from unread data of the data to be encrypted, and splicing the second target data with the sub-data ciphertext to obtain the data block ciphertext.
Fig. 2 is a flow chart of a method for encrypting data to be encrypted according to an embodiment of the present application, where, as shown in fig. 2, the method includes:
Step 201: and sequentially reading first target data with a third preset byte number from unread data of the data to be encrypted, and encrypting the target data by using a first key to obtain a sub-data ciphertext. It can be understood that, in the first reading, the data of the third element and the byte number read is taken as the first target data, and the first reading starts from the head of the data to be encrypted. The third preset number of bytes is preset.
Step 202: sequentially reading second target data with a fourth preset byte number from unread data of the data to be encrypted, and splicing the second target data with the sub-data ciphertext obtained in the previous step to obtain a data block ciphertext; it will be appreciated that the fourth predetermined number of bytes is predetermined.
Step 203: judging whether the reading is finished or not; if the reading is completed, step 204 is executed, otherwise step 201 is executed.
Step 204: and splicing all the data block ciphertexts to obtain the data block ciphertexts.
The embodiment of the application improves the efficiency of data encryption by carrying out segmented encryption on the data to be encrypted.
On the basis of the above embodiment, generating the target encrypted data from the key ciphertext and the data ciphertext includes:
after obtaining a key ciphertext corresponding to the first key, writing the key ciphertext into a preset position of the newly-built compression packet;
And after the data block ciphertext is obtained, the data block ciphertext is sequentially written into the compression packet to obtain the target encrypted data.
Fig. 3 is a schematic flow chart of another data encryption method according to an embodiment of the present application, as shown in fig. 3, including:
step 301: generating a first key; it can be appreciated that the manner of generating the first key can be referred to the above embodiments, and will not be described herein.
Step 302: encrypting the first key by using a second key corresponding to the second encryption and decryption algorithm to obtain a key ciphertext;
Step 303: writing the key ciphertext into the newly-built compressed packet;
Step 304: reading first target data with a third preset byte number from data to be encrypted, and encrypting the target data by using a first key to obtain a sub-data ciphertext;
step 305: reading second target data of a fourth preset byte number from unread data of the data to be encrypted;
Step 306: splicing the sub-data ciphertext with the second target data to obtain a data block ciphertext;
step 307: writing the data block ciphertext into a compression packet containing the key ciphertext;
step 308: judging whether reading of the data to be encrypted is completed or not; if so, the process ends, otherwise, step 304 is performed.
Fig. 4 is a schematic flow chart of a data encryption method according to an embodiment of the present application, as shown in fig. 4, where the method includes:
Step 401: generating a first key; it can be appreciated that the manner of generating the first key can be referred to the above embodiments, and will not be described herein.
Step 402: encrypting the first key by using a second key corresponding to the second encryption and decryption algorithm to obtain a key ciphertext;
Step 403: writing the key ciphertext into the newly-built compressed packet;
step 404: reading first target data with a third preset byte number from data to be encrypted, and encrypting the target data by using a first key to obtain a sub-data ciphertext;
Step 405: writing the sub-data ciphertext into a first folder which is created in advance;
Step 406: judging whether reading of the data to be encrypted is completed or not; if so, ending, otherwise, executing step 407;
Step 407: reading second target data of a fourth preset byte number from unread data of the data to be encrypted;
step 408: writing the second target data into a first folder containing the key ciphertext;
Step 409: judging whether reading of the data to be encrypted is completed or not; if so, then the process ends, otherwise, step 404 is performed.
Fig. 5 is a schematic diagram of comparison before and after segment encryption, which is shown in fig. 5.
It is understood that the format of the first folder may be a compressed package format.
According to the embodiment of the application, the key ciphertext is written into the preset position of the compression packet, and then the data block ciphertext is sequentially written, so that the key ciphertext can be quickly found from the target data ciphertext and decrypted when the data is decrypted.
Fig. 6 is a schematic flow chart of a data decryption method according to an embodiment of the present application, as shown in fig. 6, the method includes:
Step 601: acquiring target encrypted data, wherein the target encrypted data comprises a key ciphertext and a data ciphertext; the key ciphertext is obtained by encrypting the first key by using a second key of a second encryption and decryption algorithm;
Step 602: decrypting the key ciphertext by using a third key corresponding to the second encryption and decryption algorithm to obtain a first key; the first encryption and decryption algorithm and the second encryption and decryption algorithm are different encryption and decryption algorithms;
step 603: and decrypting the data ciphertext by using the first key to obtain decrypted data.
In step 601, the target encrypted data may be generated by encrypting the target encrypted data by using the data encryption method described in the above embodiments, so that the first key ciphertext in the target encrypted data is obtained by encrypting the first key by using the second key in the second encryption/decryption algorithm. The first key is generated according to the key format requirement of the first encryption and decryption algorithm. The description of the first key in the above embodiment may be referred to specifically, and will not be repeated here.
In step 602, the terminal device may obtain a key ciphertext from the target encrypted data according to a predetermined encryption method. For example: generating a 128-bit first key during encryption, and encrypting the first key by using a public key (namely a second key) of an RSA algorithm to obtain a key ciphertext; writing the encrypted key ciphertext into the head of the compressed packet; then, every 100M data in the data to be encrypted is used as a data block, the first 10M data in the 100M data is encrypted by using an SM4 algorithm, and the encrypted data is also written into the compressed packet. After the first key is encrypted by using the public key of the RSA algorithm, the obtained key ciphertext is 256 bytes, so that the terminal equipment can read 256 bytes from the head part as the key ciphertext from the target encrypted data when decrypting the target encrypted data, and the first key is obtained by decrypting the key ciphertext by using the private key (namely the third key) of the RSA algorithm.
In step 603, after the first key is obtained, the data ciphertext may be decrypted using the first key to obtain decrypted data.
It should be noted that the format of the target encrypted data may be a byte stream, which is obtained by converting the encrypted compressed packet. When the target encrypted data is read, a byte stream is read. The encrypted compressed packet is an encrypted compressed packet generated after the key ciphertext and the data ciphertext are written into the compressed packet.
According to the embodiment of the application, the data to be encrypted is encrypted by utilizing the generated first key, the generated first key is encrypted by utilizing the second encryption and decryption algorithm, the target data ciphertext is decrypted by utilizing the corresponding decryption method, and the data security is improved.
On the basis of the above embodiment, decrypting the key ciphertext using a third key corresponding to the second encryption and decryption algorithm includes:
Reading the key ciphertext from the target encrypted data based on the length of the key ciphertext and the location information in the target encrypted data;
And decrypting the key ciphertext by using the third key.
In a specific implementation, since the key ciphertext may be disposed at the head of the compressed packet, at the tail of the compressed packet, or at a specific location, for example, between the first encrypted data block and the second encrypted data block during encryption. Thus, it may be pre-agreed where to specifically place the key ciphertext. When decryption is performed, the key ciphertext can be read from the target encrypted data based on the length of the key ciphertext and the position information of the key ciphertext according to a preset agreement. It should be noted that, after writing both the key ciphertext and the data ciphertext into the compressed packet, the compressed packet is the target encrypted data.
For example: if the key ciphertext is arranged at the head of the compressed packet, 256 bytes can be read from the head of the target encrypted data, and the key ciphertext can be obtained; if the key ciphertext is arranged at the tail part of the compression packet, 256 bytes can be read from the tail part of the target encrypted data, so that the key ciphertext can be obtained, or the length of the data ciphertext can be read from the target encrypted data firstly based on the length of the data ciphertext obtained by encrypting the data to be encrypted in advance, and the rest is the key ciphertext. If the key ciphertext is provided between the first encrypted data block and the second encrypted data block, then 256 bytes may be read as the key ciphertext, starting from byte 10485777, based on a pre-calculated size of one encrypted data block, for example 10485776 bytes.
According to the embodiment of the application, the first key is obtained by decrypting the key ciphertext by using the third key, so that the data to be encrypted can be decrypted by using the first key, and the data security is improved by adopting a double encryption and decryption mode.
On the basis of the above embodiment, decrypting the data ciphertext using the first key to obtain decrypted data includes:
Reading the data blocks to be decrypted from the data ciphertext according to the fifth preset byte number in sequence;
Decrypting the data of a sixth preset byte number from a preset position in the data block to be decrypted by using the first key to obtain decrypted data; wherein the sixth preset number of bytes is less than the fifth preset number of bytes;
Generating a decrypted data block based on the decrypted data and the undeveloped data in the data block to be decrypted until the data ciphertext is read and decrypted;
And generating decrypted data based on each decrypted data block corresponding to the data ciphertext.
In a specific implementation process, when the first key is used for decrypting the data ciphertext, the size corresponding to one encrypted data block can be used as the fifth preset byte number according to the encryption of the data. And reading the data blocks to be decrypted from the data ciphertext in sequence based on the fifth preset byte number. Wherein the encrypted data block is obtained by the following method steps: reading the data to be encrypted according to a first preset byte number in sequence from the data to be encrypted to obtain a read data block; encrypting data of a second preset byte number from a preset position in the data block by using a first key based on the read data block to obtain encrypted data; an encrypted data block is generated based on the encrypted data and the unencrypted data in the data block.
And after each reading of one data block to be decrypted, reading the data with the sixth preset byte number from the preset position in the data block to be decrypted, and decrypting the data. And in the decryption process, the first key is adopted for decryption. It will be appreciated that the preset location corresponds to the location of the data in the encrypted data block that needs to be encrypted at the time of encryption. For example: the preset position is the head of the data block during encryption, and then the data of the sixth preset byte number is read from the head of the data block to be decrypted during decryption.
After the data are decrypted, the decrypted data are spliced with the undeveloped data in the data block to be decrypted, and a decrypted data block is obtained.
Therefore, a plurality of data blocks to be decrypted can be obtained, and the data blocks to be decrypted are spliced to generate decrypted data.
The embodiment of the application carries out block decryption on the data ciphertext, thereby improving the decryption efficiency.
On the basis of the above embodiment, fig. 7 is a schematic flow chart of another data decryption method according to the embodiment of the present application, as shown in fig. 7, where the method includes:
step 701: converting the encrypted compressed packet into a byte stream; it will be appreciated that the encrypted compressed packets contain key ciphertext and data ciphertext.
Step 702: reading a key ciphertext; the key ciphertext is read from the converted byte stream, and it should be noted that, the manner of reading the key ciphertext is referred to the above embodiment, and will not be described herein.
Step 703: decrypting the key ciphertext to obtain a first key; and decrypting the key ciphertext by using a third key in the second encryption and decryption algorithm. Assuming that the second encryption and decryption algorithm is an RSA algorithm, the third key is a private key corresponding to the RSA algorithm. The key ciphertext is obtained by encrypting the first key by the public key corresponding to the private key. The private key and the public key are agreed in advance.
Step 704: reading a byte stream of byte number (seventh preset byte number, for example: 10485776 bytes) of a sub-data ciphertext size as third target data to be decrypted; it should be noted that, in encryption, after 10M data is encrypted using a 128-bit SM4 key, a sub data ciphertext having a size of 10485776 bytes is generated.
Step 705: decrypting the read data block to be decrypted by using the first key;
Step 706: writing the decrypted data into a second folder;
Step 707: judging whether the reading is finished, and if the reading is finished, ending; otherwise, go to step 708;
Step 708: and reading fourth target data of an eighth preset byte number, and writing the fourth target data into a second preset folder.
Step 709: judging whether the reading is finished, and if the reading is finished, ending; otherwise, step 704 is performed.
It will be appreciated that some of the above steps may be processed in parallel, such as step 705 and step 707; the steps can also be reasonably adjusted, the embodiment is only an example, and the specific sequence of the steps can be adjusted according to actual needs.
In addition, the second folder may be a compressed package, after step 709, the compressed package is decompressed and parsed, and the parsed data is stored in the database.
According to the embodiment of the application, the first key is obtained by decrypting the key ciphertext by using the third key, so that the data to be encrypted can be decrypted by using the first key, and the data security is improved by adopting a double encryption and decryption mode.
Taking the scenario of encrypting the base asset data as an example, after decrypting the target encrypted data, decrypted data may be obtained, which may include at least one of a metadata file, a data file, and an attachment file. The first encryption and decryption algorithm may be a symmetric encryption and decryption algorithm, for example, SM4, DSA, etc. The second encryption and decryption algorithm is an asymmetric encryption and decryption algorithm, for example: RAS, AES, etc. The public key and the private key of the second encryption and decryption algorithm may be agreed in advance. Encryption is carried out based on two algorithms, namely RSA and SM4, the RSA encrypts a key, the SM4 encrypts data, and the encryption key is ciphertext, so that the encrypted data is safer to transmit and the data security is improved by combining asymmetric encryption with a symmetric encryption algorithm. In addition, the first key can be dynamically generated, the same key can not multiplex and decrypt a plurality of encrypted and compressed packets, and the data security can be improved.
Fig. 8 is a flowchart of a reporting and sorting process for a related art asset according to an embodiment of the present application, as shown in fig. 8,
Step 801: filling the data of the Guangji asset; the user fills out the base asset data through the base gadget to generate a data file, a metadata file and an attachment file.
Step 802: filling data encryption; the filled gateway asset data is encrypted, and the encryption method can be referred to the above embodiments of the encryption methods, which are not described herein.
Step 803: encrypting the compressed packet for export; the encrypted data is copied from Guan Jixiao tools.
Step 804: encrypting and compressing the packet to be imported; the encrypted input is copied to the gateway system.
Step 805: decrypting the encrypted compressed packet; the encrypted data is decrypted, wherein the decryption method can be referred to the above embodiments of the decryption method, and will not be described herein.
Step 806: and analyzing and warehousing the data of the Guanyu asset. And analyzing the decrypted data and storing the decrypted data into a database.
Fig. 9 is a schematic structural diagram of a data encryption device according to an embodiment of the present application, where the device may be a module, a program segment, or a code on an electronic device. It should be understood that the apparatus corresponds to the embodiment of the method of fig. 1 described above, and is capable of performing the steps involved in the embodiment of the method of fig. 1, and specific functions of the apparatus may be referred to in the foregoing description, and detailed descriptions thereof are omitted herein as appropriate to avoid redundancy. The device comprises: a key generation module 901, an encryption module 902, and a ciphertext generation module 903, wherein:
The key generation module 901 is configured to generate a first key of a first encryption and decryption algorithm;
The encryption module 902 is configured to encrypt the first key with a second key of a second encryption/decryption algorithm, so as to obtain a key ciphertext corresponding to the first key; encrypting the data to be encrypted by using the first key to obtain a data ciphertext; wherein the first encryption and decryption algorithm and the second encryption and decryption algorithm are different encryption and decryption algorithms;
The ciphertext generating module 903 is configured to generate the target encrypted data according to the key ciphertext and the data ciphertext.
Based on the above embodiment, the encryption module 902 is specifically configured to:
sequentially reading the data to be encrypted according to a first preset byte number from the data to be encrypted to obtain a read data block;
encrypting data of a second preset byte number from a preset position in the data block by using the first key based on the read data block to obtain encrypted data; wherein the second preset number of bytes is less than the first preset number of bytes;
generating an encrypted data block based on the encrypted data and the unencrypted data in the data block until the data to be encrypted is read and encrypted;
and generating the data ciphertext based on each encrypted data block corresponding to the data to be encrypted.
Based on the above embodiment, the encryption module 902 is specifically configured to:
Circularly executing the steps of a preset encryption method until the data to be encrypted are read, and obtaining the data ciphertext;
The preset encryption method comprises the following steps:
Reading first target data with a third preset byte number from unread data of the data to be encrypted, encrypting the first target data by using the first key to obtain a sub-data ciphertext, and writing the sub-data ciphertext into a first folder established in advance;
And reading second target data with a fourth preset byte number from the unread data of the data to be encrypted, and writing the second target data into the first folder.
Based on the above embodiment, the ciphertext generating module 903 is configured to specifically:
And writing the key ciphertext and the data ciphertext into a preset position of the newly-built compression packet to obtain the target encrypted data.
On the basis of the above embodiment, the apparatus further includes a compression module for:
And compressing the original data according to a preset compression format to obtain the data to be encrypted.
On the basis of the above embodiment, the raw data includes the off-base asset data including at least one of a metadata file, a data file, and an attachment file.
On the basis of the above embodiment, the first encryption and decryption algorithm is a symmetric encryption and decryption algorithm, and the second encryption and decryption algorithm is an asymmetric encryption and decryption algorithm.
Fig. 10 is a schematic structural diagram of a data decryption apparatus according to an embodiment of the present application, where the apparatus may be a module, a program segment, or a code on an electronic device. It should be understood that the apparatus corresponds to the above embodiment of the method of fig. 6, and is capable of performing the steps involved in the embodiment of the method of fig. 6, and specific functions of the apparatus may be referred to in the above description, and detailed descriptions thereof are omitted herein as appropriate to avoid redundancy. The device comprises: a data acquisition module 1001, a first decryption module 1002, and a second decryption module 1003, wherein:
The data acquisition module 1001 is configured to acquire target encrypted data, where the target encrypted data includes a key ciphertext and a data ciphertext; the key ciphertext is obtained by encrypting the first key by using a second key of a second encryption and decryption algorithm;
the first decryption module 1002 is configured to decrypt the key ciphertext by using a third key corresponding to the second encryption and decryption algorithm, to obtain a first key; the first encryption and decryption algorithm and the second encryption and decryption algorithm are different encryption and decryption algorithms;
The second decryption module 1003 is configured to decrypt the data ciphertext using the first key, and obtain decrypted data.
On the basis of the above embodiment, the first decryption module 1002 is specifically configured to:
Reading a key ciphertext from the target encrypted data based on a length of the key ciphertext and location information in the target encrypted data;
And decrypting the key ciphertext by using the third key.
On the basis of the above embodiment, the second decryption module 1003 is specifically configured to:
Reading the data blocks to be decrypted from the data secret according to the fifth preset byte number in sequence;
decrypting the data of a sixth preset byte number from a preset position in the data block to be decrypted by using the first key to obtain decrypted data; wherein the sixth preset number of bytes is less than the fifth preset number of bytes;
Generating a decrypted data block based on the decrypted data and the undeveloped data in the data block to be decrypted until the data ciphertext is read and decrypted;
And generating the decrypted data based on each decrypted data block corresponding to the data ciphertext.
On the basis of the above embodiment, the second decryption module 1003 is specifically configured to:
Circularly executing the steps of a preset decryption method until the data ciphertext is read, and obtaining decrypted data;
The preset decryption method comprises the following steps:
Reading third target data with a seventh preset byte number from the unread data of the data ciphertext, decrypting the third target data by using the first key to obtain sub-decrypted data, and writing the sub-decrypted data into a second folder established in advance;
and reading fourth target data with an eighth preset byte number from the unread data of the data ciphertext, and writing the fourth target data into a second file which is established in advance.
On the basis of the above embodiment, the decrypted data includes the base-related asset data including at least one of a metadata file, a data file, and an attachment file.
On the basis of the above embodiment, the first encryption and decryption algorithm is a symmetric encryption and decryption algorithm, and the second encryption and decryption algorithm is an asymmetric encryption and decryption algorithm.
Fig. 11 is a schematic diagram of an entity structure of an electronic device according to an embodiment of the present application, as shown in fig. 11, where the electronic device includes: a processor 1101, a memory 1102, and a bus 1103; wherein,
The processor 1101 and memory 1102 communicate with each other via the bus 1103;
The processor 1101 is configured to invoke program instructions in the memory 1102 to perform the methods provided in the above method embodiments, for example, including: generating a first key of a first encryption and decryption algorithm; encrypting the first key by using a second key of a second encryption and decryption algorithm to obtain a key ciphertext corresponding to the first key; encrypting the data to be encrypted by using the first key to obtain a data ciphertext; wherein the first encryption and decryption algorithm and the second encryption and decryption algorithm are different encryption and decryption algorithms; and generating target encrypted data according to the key ciphertext and the data ciphertext. Or alternatively, the first and second heat exchangers may be,
Acquiring target encrypted data, wherein the target encrypted data comprises a key ciphertext and a data ciphertext; the key ciphertext is obtained by encrypting the first key by using a second key of a second encryption and decryption algorithm; decrypting the key ciphertext by using a third key corresponding to the second encryption and decryption algorithm to obtain a first key; the first encryption and decryption algorithm and the second encryption and decryption algorithm are different encryption and decryption algorithms; and decrypting the data ciphertext by using the first key to obtain decrypted data.
The processor 1101 may be an integrated circuit chip having signal processing capabilities. The processor 1101 may be a general-purpose processor including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), and the like; but also Digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components. Which may implement or perform the various methods, steps, and logical blocks disclosed in embodiments of the application. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Memory 1102 may include, but is not limited to, random access Memory (Random Access Memory, RAM), read Only Memory (ROM), programmable Read Only Memory (Programmable Read-Only Memory, PROM), erasable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), electrically erasable Read Only Memory (ELECTRICALLY ERASABLE PROGRAMMABLE READ-Only Memory, EEPROM), and the like.
The present embodiment discloses a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, are capable of performing the methods provided by the above-described method embodiments, for example comprising: generating a first key of a first encryption and decryption algorithm; encrypting the first key by using a second key of a second encryption and decryption algorithm to obtain a key ciphertext corresponding to the first key; encrypting the data to be encrypted by using the first key to obtain a data ciphertext; wherein the first encryption and decryption algorithm and the second encryption and decryption algorithm are different encryption and decryption algorithms; and generating target encrypted data according to the key ciphertext and the data ciphertext. Or alternatively, the first and second heat exchangers may be,
Acquiring target encrypted data, wherein the target encrypted data comprises a key ciphertext and a data ciphertext; the key ciphertext is obtained by encrypting the first key by using a second key of a second encryption and decryption algorithm; decrypting the key ciphertext by using a third key corresponding to the second encryption and decryption algorithm to obtain a first key; the first encryption and decryption algorithm and the second encryption and decryption algorithm are different encryption and decryption algorithms; and decrypting the data ciphertext by using the first key to obtain decrypted data.
The present embodiment provides a non-transitory computer-readable storage medium storing computer instructions that cause a computer to perform the methods provided by the above-described method embodiments, for example, including: generating a first key of a first encryption and decryption algorithm; encrypting the first key by using a second key of a second encryption and decryption algorithm to obtain a key ciphertext corresponding to the first key; encrypting the data to be encrypted by using the first key to obtain a data ciphertext; wherein the first encryption and decryption algorithm and the second encryption and decryption algorithm are different encryption and decryption algorithms; and generating target encrypted data according to the key ciphertext and the data ciphertext. Or alternatively, the first and second heat exchangers may be,
Acquiring target encrypted data, wherein the target encrypted data comprises a key ciphertext and a data ciphertext; the key ciphertext is obtained by encrypting the first key by using a second key of a second encryption and decryption algorithm; decrypting the key ciphertext by using a third key corresponding to the second encryption and decryption algorithm to obtain a first key; the first encryption and decryption algorithm and the second encryption and decryption algorithm are different encryption and decryption algorithms; and decrypting the data ciphertext by using the first key to obtain decrypted data.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, for example, the division of the units is merely a logical function division, and there may be other manners of division in actual implementation, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.
Further, the units described as separate units may or may not be physically separate, and units displayed as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
Furthermore, functional modules in various embodiments of the present application may be integrated together to form a single portion, or each module may exist alone, or two or more modules may be integrated to form a single portion.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and variations will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims (18)

1. A data encryption method, comprising:
generating a first key of a first encryption and decryption algorithm;
Encrypting the first key by using a second key of a second encryption and decryption algorithm to obtain a key ciphertext corresponding to the first key; and
Encrypting the data to be encrypted by using the first key to obtain a data ciphertext; wherein the first encryption and decryption algorithm and the second encryption and decryption algorithm are different encryption and decryption algorithms;
and generating target encrypted data according to the key ciphertext and the data ciphertext.
2. The method according to claim 1, wherein encrypting the data to be encrypted using the first key to obtain a data ciphertext comprises:
sequentially reading the data to be encrypted according to a first preset byte number from the data to be encrypted to obtain a read data block;
encrypting data of a second preset byte number from a preset position in the data block by using the first key based on the read data block to obtain encrypted data; wherein the second preset number of bytes is less than the first preset number of bytes;
generating an encrypted data block based on the encrypted data and the unencrypted data in the data block until the data to be encrypted is read and encrypted;
and generating the data ciphertext based on each encrypted data block corresponding to the data to be encrypted.
3. The method according to claim 1, wherein encrypting the data to be encrypted using the first key to obtain a data ciphertext comprises:
Circularly executing the steps of a preset encryption method until the data to be encrypted are read, and obtaining the data ciphertext;
The preset encryption method comprises the following steps:
Reading first target data with a third preset byte number from unread data of the data to be encrypted, encrypting the first target data by using the first key to obtain a sub-data ciphertext, and writing the sub-data ciphertext into a first folder established in advance;
And reading second target data with a fourth preset byte number from the unread data of the data to be encrypted, and writing the second target data into the first folder.
4. The method of claim 1, wherein the generating the target encrypted data from the key ciphertext and the data ciphertext comprises:
And writing the key ciphertext and the data ciphertext into a preset position of the newly-built compression packet to obtain the target encrypted data.
5. The method of claim 1, wherein prior to encrypting the data to be encrypted using the first key, the method further comprises:
And compressing the original data according to a preset compression format to obtain the data to be encrypted.
6. The method of claim 5, wherein the raw data comprises base-related asset data comprising at least one of a metadata file, a data file, and an attachment file.
7. The method of any of claims 1-6, wherein the first encryption and decryption algorithm is a symmetric encryption and decryption algorithm and the second encryption and decryption algorithm is an asymmetric encryption and decryption algorithm.
8. A data decryption method, comprising:
acquiring target encrypted data, wherein the target encrypted data comprises a key ciphertext and a data ciphertext; the key ciphertext is obtained by encrypting the first key by using a second key of a second encryption and decryption algorithm;
Decrypting the key ciphertext by using a third key corresponding to the second encryption and decryption algorithm to obtain a first key; the first encryption and decryption algorithm and the second encryption and decryption algorithm are different encryption and decryption algorithms;
And decrypting the data ciphertext by using the first key to obtain decrypted data.
9. The method of claim 8, wherein decrypting the key ciphertext using a third key corresponding to a second encryption and decryption algorithm comprises:
Reading a key ciphertext from the target encrypted data based on a length of the key ciphertext and location information in the target encrypted data;
And decrypting the key ciphertext by using the third key.
10. The method of claim 8, wherein decrypting the data ciphertext using the first key to obtain decrypted data comprises:
Reading the data blocks to be decrypted from the data secret according to the fifth preset byte number in sequence;
decrypting the data of a sixth preset byte number from a preset position in the data block to be decrypted by using the first key to obtain decrypted data; wherein the sixth preset number of bytes is less than the fifth preset number of bytes;
Generating a decrypted data block based on the decrypted data and the undeveloped data in the data block to be decrypted until the data ciphertext is read and decrypted;
And generating the decrypted data based on each decrypted data block corresponding to the data ciphertext.
11. The method of claim 8, wherein decrypting the data ciphertext using the first key to obtain decrypted data comprises:
Circularly executing the steps of a preset decryption method until the data ciphertext is read, and obtaining decrypted data;
The preset decryption method comprises the following steps:
Reading third target data with a seventh preset byte number from the unread data of the data ciphertext, decrypting the third target data by using the first key to obtain sub-decrypted data, and writing the sub-decrypted data into a second folder established in advance;
and reading fourth target data with an eighth preset byte number from the unread data of the data ciphertext, and writing the fourth target data into a second file which is established in advance.
12. The method of claim 8, wherein the decrypted data comprises base-related asset data comprising at least one of a metadata file, a data file, and an attachment file.
13. The method according to any one of claims 8-12, wherein the first encryption and decryption algorithm is a symmetric encryption and decryption algorithm and the second encryption and decryption algorithm is an asymmetric encryption and decryption algorithm.
14. A data encryption apparatus, comprising:
The key generation module is used for generating a first key of a first encryption and decryption algorithm;
the encryption module is used for encrypting the first key by using a second key of a second encryption and decryption algorithm to obtain a key ciphertext corresponding to the first key; encrypting the data to be encrypted by using the first key to obtain a data ciphertext; wherein the first encryption and decryption algorithm and the second encryption and decryption algorithm are different encryption and decryption algorithms;
and the ciphertext generating module is used for generating target encrypted data according to the key ciphertext and the data ciphertext.
15. A data decryption apparatus, comprising:
The data acquisition module is used for acquiring target encrypted data, wherein the target encrypted data comprises a key ciphertext and a data ciphertext; the key ciphertext is obtained by encrypting a first key by using a first encryption and decryption algorithm;
The first decryption module is used for decrypting the key ciphertext by using a third key corresponding to the second encryption and decryption algorithm to obtain a first key; the first encryption and decryption algorithm and the second encryption and decryption algorithm are different encryption and decryption algorithms;
and the second decryption module is used for decrypting the data ciphertext by using the first key to obtain decrypted data.
16. An electronic device, comprising: a processor, a memory, and a bus, wherein,
The processor and the memory complete communication with each other through the bus;
The memory stores program instructions executable by the processor, the processor invoking the program instructions to perform the method of any of claims 1-13.
17. A non-transitory computer readable storage medium storing computer instructions which, when executed by a computer, cause the computer to perform the method of any of claims 1-13.
18. A computer program product comprising computer program instructions which, when read and executed by a processor, perform the method of any of claims 1-13.
CN202410430970.9A 2024-04-10 2024-04-10 Data encryption method, data decryption device, electronic equipment and storage medium Pending CN118101320A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410430970.9A CN118101320A (en) 2024-04-10 2024-04-10 Data encryption method, data decryption device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410430970.9A CN118101320A (en) 2024-04-10 2024-04-10 Data encryption method, data decryption device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN118101320A true CN118101320A (en) 2024-05-28

Family

ID=91156371

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410430970.9A Pending CN118101320A (en) 2024-04-10 2024-04-10 Data encryption method, data decryption device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN118101320A (en)

Similar Documents

Publication Publication Date Title
CN111131278B (en) Data processing method and device, computer storage medium and electronic equipment
CN113364760A (en) Data encryption processing method and device, computer equipment and storage medium
US5673318A (en) Method and apparatus for data authentication in a data communication environment
CN110543510B (en) Bill data processing method, device, storage medium and computer equipment
CN114329599B (en) Data query method and device and storage medium
CN113343305A (en) Intersection calculation method, device and equipment of private data and storage medium
CN112511514A (en) HTTP encrypted transmission method and device, computer equipment and storage medium
CN110768784B (en) Password transmission method, device, computer equipment and storage medium
CN111294203B (en) Information transmission method
CN111934873A (en) Bidding file encryption and decryption method and device
CN111404892B (en) Data supervision method and device and server
CN112100144A (en) Block chain file sharing method and device, storage medium and electronic equipment
CN115603907A (en) Method, device, equipment and storage medium for encrypting storage data
CN114329605A (en) Cipher card key management method and device
CN102231181A (en) Computer system used for file encryption and file encryption method
CN110351289B (en) Data encryption method and device
CN111931204A (en) Encryption and de-duplication storage method and terminal equipment for distributed system
CN116488919A (en) Data processing method, communication node and storage medium
CN113746642B (en) Method and system for communication between computers
CN118101320A (en) Data encryption method, data decryption device, electronic equipment and storage medium
CN111414341B (en) Data normalization description method in Internet of things environment
CN117439744A (en) Service data transmission method and device based on service security level
CN115022000A (en) Communication method and device of railway signal system and electronic equipment
CN108390887A (en) A kind of cinematic data transmission method and device
CN113158218A (en) Data encryption method and device and data decryption method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination