CN114036541A - Application method for compositely encrypting and storing user private content - Google Patents

Abstract

The invention discloses an application method for compositely encrypting and storing private contents of a user. The method comprises the following steps: 1. the client generates an asymmetric encrypted public and private key, encrypts the content by using a public key to form a ciphertext, retains the private key, and generates a message digest I of the ciphertext by using a Hash function algorithm, wherein the message digest is backed up at the client; sending the message digest I and the ciphertext to a third party; 2. the third party uses the key stream generator to generate another pair of keys for the received ciphertext, encrypts the ciphertext and the message digest I and sends the encrypted ciphertext and the message digest I to the server, and simultaneously returns a decryption key to the client; 3. the server decrypts the encrypted message by using the decryption key sent by the client and sends the decrypted message to the client, and the client decrypts the encrypted message by using a local private key; and simultaneously, carrying out the same Hash processing on the message digest I, and comparing the decrypted message digest with the message digest of the local backup. The invention greatly improves the safety of the content.

Description

Application method for compositely encrypting and storing user private content

Technical Field

The invention mainly relates to the field of information security, in particular to an application method for compositely encrypting and storing private contents of a user.

Background

With the development of information technology, people can use electronic equipment to store some contents with important information, but the direct storage of personal electronic equipment may have a situation of limited storage space or theft, which brings property loss to a party providing the contents, and at this time, a third party platform is often used for storage, but the possibility of theft is also provided.

The above concerns the problem of cryptographic security, where conventional cryptography is based on the black-box model, i.e. assuming that the operating environment is absolutely secure. For white-box attacks, the attackers see the execution of the entire application, and therefore white-box encryption is used on the application. .

Disclosure of Invention

The invention aims to protect private files uploaded by a user and improve use experience, and designs an application method for compositely encrypting and storing private contents of the user. The invention not only can store the content, but also can protect the security of the content uploaded by the user from being stolen through secondary encryption.

The implementation framework of the invention comprises a client, a third party and a server, and mainly carries out encryption operation between the client and the third party and between the third party and the server.

Aiming at the process of uploading and finally retrieving contents by a user, the design method mainly comprises the following steps:

step 1, a client encrypts content to be uploaded by a public key to form a ciphertext through generating an asymmetric encrypted public and private key, the private key is reserved by the client, meanwhile, a Hash function algorithm is used for generating a message digest I of the ciphertext, the message digest can be backed up at the client, and then the message digest I of the ciphertext and the asymmetrically encrypted ciphertext I are sent to a third party.

And 2, the third party uses the key stream generator to generate another pair of keys for the received encrypted ciphertext, encrypts the ciphertext and the message digest by using the symmetric encryption key again and sends the encrypted ciphertext and the message digest to the server, and simultaneously returns a decryption key of the symmetric key to the client.

And 3, when the client needs to retrieve the stored content, sending a decryption key returned by the third party to the server, after the server decrypts the content by using the decryption key, sending a ciphertext encrypted by the user private key and the message digest I back to the client, and decrypting the ciphertext by using the asymmetric encryption private key stored by the client. And while obtaining the content, the client performs the same Hash function operation processing (such as MD5 and SHA algorithm) on the message digest I, compares the decrypted message digest with the message digest of the local backup, if the decrypted message digest is consistent with the message digest of the local backup, the content stored in the server is complete, and if the decrypted message digest is different from the local backup, the content is replaced or modified.

Further, the client uses an algorithm of asymmetric encryption of a public key and a private key, which includes one of RSA, Elgamal, knapsack algorithm, Rabin, and the like.

Further, step 2, when the third party sends the information to the server, symmetric encryption is performed in a form of a key stream generator, a linear feedback shift register is used as a core, and a symmetric key with a corresponding bit number is generated by setting the number of registers. And each time the third party sends the encrypted ciphertext and the message digest I to the server, a new key is generated from the key stream generator to symmetrically encrypt the ciphertext and the message digest I. The encryption method used includes one of the main white-box encryption algorithms such as DES, AES, SM4, etc.

It should be understood that the principles of the present invention relating to white-box cryptography and asymmetric encryption will be understood by those skilled in the relevant arts that only the implementation of storing user private content applications based on composite encryption will be described in detail.

The invention has the following beneficial effects:

different from the traditional cryptographic algorithm, the invention can resist the attack under the white-box attack environment, and is a new algorithm, not the design for realizing the white-box security on the existing algorithm. The method and the device can ensure that even if the private content uploaded by the user is successfully acquired, the content can be successfully acquired only by decrypting through the private key stored by the user. Any algorithm of white-box ciphers AES, DES and SM4 can be used in symmetric encryption

The invention designs an application with symmetric encryption and asymmetric encryption for storing private contents of a user, the stored contents of the existing storage server are generally operated only by using a decryption key through a client and verifying and retrieving the decryption key on a platform, and once the decryption key of the user is leaked in the process, the content of the user can possibly cause the leakage influence. The invention can store the user content, and the transmission process between the third party and the server adopts symmetric encryption, thereby playing the advantages of high encryption/decryption speed and simple key management. And the client side adopts the asymmetric key to encrypt and decrypt the content, so that the content cannot be generated in a third party and a server, and the security of the content is greatly improved. Even if an attacker obtains the decryption key symmetrically encrypted in the process, the attacker cannot unlock the private content without the private key of the user. Another advantage of the present invention is: encryption/decryption keys used for uploading different contents can be different, and the security is further improved.

Drawings

FIG. 1 is a flow chart of an implementation of the present invention for storing user private content.

Fig. 2 is a block diagram of a framework for implementing the present invention.

Detailed Description

In order to make the principle, functional purpose and technical solution of the present invention more apparent, the following detailed description is given in conjunction with specific embodiments. It should be understood that this embodiment is used for illustration and does not limit the scope of the invention.

Fig. 1 is a schematic flow chart of the implementation of storing the private content of the user according to the present invention, and a specific flow chart is described below with reference to fig. 1.

Step 110: the client side generates an asymmetric encrypted public and private key, encrypts the content to be uploaded by using the public key to form a ciphertext, the private key is reserved by the client side, meanwhile, a Hash function algorithm is used for generating a message digest I of the ciphertext, the message digest can be backed up at the client side, and then the message digest I of the ciphertext and the ciphertext after asymmetric encryption are sent to a third party.

Step 120: and the third party generates another pair of keys for the received encrypted ciphertext by using the key stream generator, encrypts the ciphertext and the message digest by using the symmetric encryption key again and sends the encrypted ciphertext and the message digest to the server. The server is used for storing the encrypted content and sending the encrypted content and the decryption key of the symmetric key back to the client.

Step 130: when the user needs to retrieve the stored content, the decryption key returned by the third party is sent to the server through the client, and the server uses the decryption key for decryption.

Step 140: and if the server is successfully decrypted, the content encrypted by the private key of the user is sent back to the client, and the user decrypts the content by using the stored asymmetric encryption private key to obtain the previously stored content.

Step 150: the client carries out the same Hash function operation processing on the message digest I, compares the decrypted message digest with the message digest of the local backup, if the decrypted message digest is consistent with the message digest of the local backup, the content stored in the server is complete, and if the decrypted message digest is different from the local backup, the content is replaced or modified.

The above-mentioned Hash function operation processing procedure for the data cipher text can adopt one of MD5 and SHA algorithm.

The invention adopts specific embodiments to clearly explain the design principle and the application method of the invention in detail. It should be understood, however, that the form of the server according to the present invention is not limited to a specific form, and the above-described embodiments are intended to help understand the implementation process of the present invention, and do not limit the application scope of the present invention to the embodiments described in the specification. Modifications, improvements and the like of the present invention with respect to the relevant researchers are also intended to be included within the scope of the present invention.

Claims (4)

Translated fromChinese

1.一种复合加密存储用户私密内容的应用方法，其特征在于包括如下步骤：1. an application method of compound encryption storage user private content is characterized in that comprising the steps:步骤1、客户端通过生成非对称加密的公私密钥，用公钥对需要上传的内容进行加密形成密文，私钥由客户端保留，同时利用Hash函数算法生成密文的消息摘要Ⅰ，消息摘要在客户端会有备份，然后将密文的消息摘要Ⅰ连同非对称加密后的密文一并发送到第三方；Step 1. The client encrypts the content to be uploaded with the public key by generating an asymmetrically encrypted public and private key to form a ciphertext. The private key is retained by the client. At the same time, the Hash function algorithm is used to generate the message digest I of the ciphertext. The digest will be backed up on the client side, and then the message digest I of the ciphertext together with the ciphertext after asymmetric encryption will be sent to the third party;步骤2、第三方对收到的加密密文使用密钥流生成器生成另一对密钥，再次用对称加密密钥将密文与消息摘要采Ⅰ进行加密后发往服务器，发往的同时将对称密钥的解密密钥返回客户端；Step 2. The third party uses the key stream generator to generate another pair of keys for the received encrypted ciphertext, and uses the symmetric encryption key again to encrypt the ciphertext and the message digest with I and send it to the server. Return the decryption key of the symmetric key to the client;步骤3、当客户端需要取回存储的内容时，需将第三方返回的解密密钥发往服务器，服务器使用解密密钥进行解密后，将经过用户私钥加密的密文与消息摘要Ⅰ要发回客户端，客户端利用自己保存的非对称加密私钥对密文解密；在得到内容的同时，客户端对消息摘要Ⅰ进行同样的Hash函数运算处理，将解密出的消息摘要与本地备份的消息摘要进行对比，若一致说明保存在服务器的内容完整，若不同，说明内容被替换或修改。Step 3. When the client needs to retrieve the stored content, it needs to send the decryption key returned by the third party to the server. After the server uses the decryption key for decryption, the ciphertext encrypted by the user's private key and the message digest I need to be decrypted. Send it back to the client, and the client decrypts the ciphertext by using its own asymmetric encryption private key; while obtaining the content, the client performs the same Hash function operation on the message digest I, and compares the decrypted message digest with the local backup The message digests are compared. If they are consistent, the content stored on the server is complete. If they are different, the content has been replaced or modified.2.根据权利要求1所述的一种复合加密存储用户私密内容的应用方法，其特征在于客户端采用公钥和私钥的非对称加密的算法，包括RSA、Elgamal、背包算法、Rabin。2. the application method of a kind of compound encryption storage user private content according to claim 1 is characterized in that the client adopts the algorithm of asymmetric encryption of public key and private key, including RSA, Elgamal, knapsack algorithm, Rabin.3.根据权利要求1所述的一种复合加密存储用户私密内容的应用方法，其特征在于步骤2中第三方发送给服务器时进行对称加密采用密钥流生成器的形式，以线性反馈移位寄存器为核心，通过设定寄存器个数来生成相应比特数的对称密钥；第三方每次把加密的密文与消息摘要Ⅰ发送给服务器时，都从密钥流生成器生成新的的密钥对密文与消息摘要Ⅰ进行对称加密。3. the application method of a kind of compound encryption storage user private content according to claim 1, it is characterized in that when third party sends to server in step 2, carry out symmetric encryption and adopt the form of key stream generator, shift with linear feedback The register is the core, and the symmetric key with the corresponding number of bits is generated by setting the number of registers; every time the third party sends the encrypted ciphertext and message digest I to the server, it will generate a new one from the key stream generator. The key pair ciphertext and message digest I are symmetrically encrypted.4.根据权利要求3所述的一种复合加密存储用户私密内容的应用方法，其特征在于所使用的对称加密包括DES、AES、SM4等主要白盒加密算法中的一种。4. A kind of application method of compound encryption storage user private content according to claim 3, it is characterized in that the symmetric encryption used comprises a kind of in main white box encryption algorithms such as DES, AES, SM4.

Images