CN114945170B - Mobile terminal file transmission method based on commercial cryptographic algorithm - Google Patents
Mobile terminal file transmission method based on commercial cryptographic algorithm Download PDFInfo
- Publication number
- CN114945170B CN114945170B CN202210570719.3A CN202210570719A CN114945170B CN 114945170 B CN114945170 B CN 114945170B CN 202210570719 A CN202210570719 A CN 202210570719A CN 114945170 B CN114945170 B CN 114945170B
- Authority
- CN
- China
- Prior art keywords
- mobile terminal
- key
- file
- server
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 230000005540 biological transmission Effects 0.000 title claims abstract description 13
- 238000004891 communication Methods 0.000 claims abstract description 8
- 238000010223 real-time analysis Methods 0.000 claims abstract description 5
- 238000004364 calculation method Methods 0.000 claims description 14
- 244000035744 Hura crepitans Species 0.000 description 3
- 238000012546 transfer Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 150000003839 salts Chemical class 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0464—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/128—Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a mobile terminal file transmission method based on a commercial cryptographic algorithm, which comprises the following steps: step S1, a mobile terminal A, a mobile terminal B and a server are included; s2, calling universal file modules of the mobile terminal A and the mobile terminal B to realize real-time analysis and viewing on the basis of encrypting and decrypting by using a commercial cryptographic algorithm; s3, using SM2, SM3 and SM4 algorithms of a commercial cryptographic algorithm to realize public key online distribution and symmetric encryption key distribution in a digital envelope mode; s4, registering the mobile terminal A and the mobile terminal B to the server; s5, the mobile terminal A and the mobile terminal B both generate SM2 public and private key pairs of a commercial cryptographic algorithm by themselves; s6, the server side generates an SM2 public and private key pair of a commercial cryptographic algorithm and stores the key pair in the server; step S7, the mobile terminal A and the mobile terminal B access a user list of existing users of the server; the invention can realize that the commercial cryptographic algorithm is used for protection in the communication and storage processes of the file.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a mobile terminal file transmission method based on a commercial cryptographic algorithm.
Background
At present, common mobile terminal communication tools such as WeChat and QQ do not use commercial cryptographic algorithms to protect communication contents, the security of a third party transfer server is uncontrollable, the public network transmission network environment is complex and changeable, and the risks of retention, leakage and tampering of transmitted files exist.
Disclosure of Invention
In view of the above, the present invention aims to provide a mobile terminal file transmission method based on a commercial cryptographic algorithm, which can be protected by using the commercial cryptographic algorithm in both file communication and storage processes and is independently deployed in an autonomous server and a private network.
The invention is realized by the following steps: the mobile terminal file transmission method based on the commercial cryptographic algorithm comprises the following steps:
Step S1, a mobile terminal A, a mobile terminal B and a server are included, and the mobile terminal A and the mobile terminal B transmit and receive files after being transferred by the server;
S2, calling universal file modules of the mobile terminal A and the mobile terminal B to realize real-time analysis and viewing on the basis of encrypting and decrypting by using a commercial cryptographic algorithm;
S3, using SM2, SM3 and SM4 algorithms of a commercial cryptographic algorithm to realize public key online distribution and symmetric encryption key distribution in a digital envelope mode;
S4, registering the mobile terminal A and the mobile terminal B to the server, filling in recorded account information, and identifying the mobile terminal A and the mobile terminal B;
Step S5, the mobile terminal A and the mobile terminal B both generate SM2 public and private key pairs of a commercial cryptographic algorithm by themselves and store the key pairs locally, and when the mobile terminal registers an account with the server, the local public key is uploaded to the server and stored in correspondence with the account information;
S6, the server side generates an SM2 public and private key pair of a commercial cryptographic algorithm and stores the key pair in the server, and the server public key is distributed to the mobile terminal A and the mobile terminal B after the mobile terminal A and the mobile terminal B successfully log in;
And S7, the mobile terminal A and the mobile terminal B access a user list of existing users of the server, and select a receiving object when the user list is used for sending the file, so that the commercial cryptographic algorithm is used for protection in the communication and storage processes of the file.
Further, the uploading operation flow of the commercial cryptographic algorithm for file encryption comprises the following steps:
Step S10, a mobile terminal A and a mobile terminal B generate SM2 key pairs of commercial cryptographic algorithms, and the mobile terminal A and the mobile terminal B store the SM2 key pairs of the commercial cryptographic algorithms to a server to acquire SM2 keys of the commercial cryptographic algorithms of the server;
step S11, a mobile terminal A and a mobile terminal B generate SM4 keys of a commercial cryptographic algorithm, the mobile terminal A and the mobile terminal B select files to be encrypted, and the files to be encrypted are encrypted by using the SM4 keys of the commercial cryptographic algorithm;
step S12, encrypting an SM4 key of the commercial cryptographic algorithm by using a public key of the commercial cryptographic algorithm SM2 of the server to form an SM4 ciphertext, performing abstract calculation on a file ciphertext by using an HMAC-SM3 algorithm, and uploading an encryption result to the server;
S13, the server receives the encryption result, decrypts the SM4 key by using the SM2 private key of the server, and carries out HMAC-SM3 algorithm abstract calculation on the file ciphertext;
And step S14, judging whether the ciphertext abstract generated in the step S13 is the same as the ciphertext abstract generated in the step S12, if so, the data is valid, the data is stored in a database, and if not, the data is invalid and is discarded.
Further, the file decryption process performed by the commercial cryptographic algorithm includes the following steps:
step S20, extracting SM4 ciphertext corresponding to file ciphertext required to be downloaded by a receiver and SM4 random offset data from the data volume, and decrypting ciphertext of an SM4 key by using an SM2 private key of a server to obtain the SM4 key;
s21, decrypting the file ciphertext by using the SM4 key and the SM4 random offset to obtain a file plaintext;
Step S22, generating a new SM4 key, encrypting a file by using the new SM4 key to obtain a new file ciphertext, encrypting the new SM4 key by using a SM2 public key of a receiver to obtain a new SM4 key ciphertext, performing abstract calculation on the new file ciphertext by using an HMAC-SM3 algorithm to obtain a new file ciphertext abstract, and returning calculation results to the mobile terminal A and the mobile terminal B;
S23, the mobile terminal A and the mobile terminal B receive the calculation result, decrypt the new SM4 key ciphertext by using the mobile terminal SM2 key to obtain a new SM4 key, and perform HMAC-SM3 algorithm abstract calculation on the new file ciphertext;
Step S24, judging whether the ciphertext abstract generated in the step S23 is equal to the ciphertext abstract generated in the step S22, if so, the data is valid, continuing to decrypt, decrypting the new file ciphertext by using the new SM4 key and the new SM4 random offset, obtaining a file plaintext, and displaying the file by using corresponding components according to different file types; if not, the data is invalid and the user is prompted.
The invention has the beneficial effects that: the invention uses commercial cipher algorithm to realize secret communication; the method of comprehensively using encryption and decryption and the digest with the secret key realizes the anti-eavesdropping, anti-tampering and anti-counterfeiting of the file in the whole process of transmission in the public network environment; the one-to-many file encryption transmission can be realized by a transfer mode of decrypting and re-encrypting by the server; the security of private key storage is ensured by utilizing a sandbox protection mechanism of the mobile terminal; the existing common mobile terminal equipment uses a sandbox technology to perform resource isolation among the APP, and protects files and data in the sandbox in cooperation with a strict access control strategy of an operating system, so as to prevent malicious APP from illegally accessing and modifying other normal APP, and based on the principle, a mobile terminal SM2 private key generated by the mobile terminal equipment can be protected by a certain program; the method is operated at a mobile terminal, is simple and convenient to operate, has rich use scenes, and can carry out secret transmission and reception of files at any time and any place; the method can be independently deployed on an autonomous server and a private network, so that the problems of file interception, secret leakage or illegal tampering caused by using conventional communication software for file transmission are avoided.
Drawings
FIG. 1 is a schematic flow chart of the method of the present invention.
Fig. 2 is a flowchart of an uploading operation of file encryption by using a cryptographic algorithm.
Fig. 3 is a flow chart of file decryption performed by a commercial cryptographic algorithm.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
Referring to fig. 1, the method for transmitting a mobile terminal file based on a commercial cryptographic algorithm of the present invention includes the following steps:
Step S1, a mobile terminal A, a mobile terminal B and a server are included, and the mobile terminal A and the mobile terminal B transmit and receive files after being transferred by the server;
S2, calling universal file modules of the mobile terminal A and the mobile terminal B to realize real-time analysis and viewing on the basis of encrypting and decrypting by using a commercial cryptographic algorithm;
S3, using SM2, SM3 and SM4 algorithms of a commercial cryptographic algorithm to realize public key online distribution and symmetric encryption key distribution in a digital envelope mode;
S4, registering the mobile terminal A and the mobile terminal B to the server, filling in recorded account information, and identifying the mobile terminal A and the mobile terminal B;
Step S5, the mobile terminal A and the mobile terminal B both generate SM2 public and private key pairs of a commercial cryptographic algorithm by themselves and store the key pairs locally, and when the mobile terminal registers an account with the server, the local public key is uploaded to the server and stored in correspondence with the account information;
S6, the server side generates an SM2 public and private key pair of a commercial cryptographic algorithm and stores the key pair in the server, and the server public key is distributed to the mobile terminal A and the mobile terminal B after the mobile terminal A and the mobile terminal B successfully log in;
And S7, the mobile terminal A and the mobile terminal B access a user list of existing users of the server, and select a receiving object when the user list is used for sending the file, so that the commercial cryptographic algorithm is used for protection in the communication and storage processes of the file.
The invention is further illustrated by the following examples:
Using a commercial cryptographic algorithm to encrypt and transmit the mobile terminal file;
the mobile terminal comprises a mobile terminal A, a mobile terminal B and a server, wherein the mobile terminal A and the mobile terminal B can transmit and receive files after being transferred by the server;
all the related files can be transferred, and the mobile terminal universal file module is called again to realize real-time analysis and viewing on the basis of encrypting and decrypting the following file types: at least comprises DOC/DOCX/XLSX/XLSX/PDF/TXT/JPG/JPEG/GIF/PNG/BMP, etc.
The method comprises the steps of comprehensively using SM2, SM3 and SM4 algorithms, using public keys for online distribution, using symmetric encryption keys for digital envelope distribution, using HMAC-SM3 for integrity check and the like, and guaranteeing confidentiality and integrity of a file transmission process;
specifically, a public-private key mechanism of an SM2 algorithm is used for protecting a session key; a symmetric encryption mechanism of an SM4 algorithm is used for encrypting and protecting file contents in a session; and carrying out keyed information abstraction on the file content of the session by using an HMAC-SM3 algorithm for protecting the integrity of data.
The mobile terminal registers with the server, fills in basic information, account numbers and passwords, and the server uses the recorded account number information to identify the mobile terminal;
the mobile terminal A and the mobile terminal B both generate SM2 public and private key pairs by themselves and store the key pairs locally, and when the mobile terminal registers an account with the server, the local public key is uploaded to the server and is stored corresponding to the account information;
the server generates an SM2 public and private key pair, stores the key pair in the server, and distributes the server public key to the mobile terminal after the mobile terminal successfully logs in.
The mobile terminal can access a user list of existing users of the server, and is used for selecting a receiving object when a file is sent;
referring to fig. 2, the file encryption uploading operation flow is as follows:
The mobile terminal selects a File, selects a File receiving object- > the mobile terminal generates an SM4 encryption Key Key-SM4 and an SM4 random Offset Offset- > encrypts a File binary stream to form a ciphertext M (File) - > encrypts the SM4 encryption Key by using a server public Key M (Key-SM 4) - > encrypts and abstracts the File ciphertext by using an HMAC-SM3 algorithm to generate an HMAC (M (File)), uploads the File ciphertext M (File), the SM4 random Offset Offset, the encrypted Key M (Key-SM 4) and the File ciphertext abstract HMAC (M (File)), and a File receiving object user name to the server- > the server decrypts the SM4 Key M (Key-SM 4) by using the server public Key, and performs abstracting on the File ciphertext by using the server public Key to perform encryption and comparing the File ciphertext with the HMAC (M (File)) uploaded by the mobile terminal to generate the HMAC (M (File)), and if the values are equal, and the File ciphertext M (Key-SM 4) is not equal, and the error is not returned.
The HMAC algorithm is a general algorithm, and HMAC-SM3 represents an HMAC algorithm that uses the SM3 algorithm for summarization.
HMAC algorithm: the HMAC algorithm is firstly based on the information digest algorithm, and currently mainly integrates two large series of information digest algorithms of MD and SHA. Besides the information digest algorithm, a key is also needed to participate in digest calculation, and the calculation process is actually a hash process similar to salt processing for the original text twice.
Referring to fig. 3, the file download decryption process is as follows: after the mobile terminal logs in, the file name list sent to the account can be queried, and the downloading request is initiated to the server by clicking the item in the list, and the downloading and analyzing process comprises the following two steps:
1) Server-side file preparation: inquiring the File item to be downloaded, obtaining a File ciphertext M (File), SM4 random Offset Offset, an encrypted Key M (Key-SM 4), a File ciphertext abstract HMAC (M (File)), decrypting an existing Key M (Key-SM 4) by a server Sm2 private Key at a File receiving object user name-server, obtaining Key-SM 4-and decrypting M (File) by using the Key-SM4 and SM4 random Offset Offset, obtaining File text- > generating an SM4 encryption Key S-Key-SM4 and an SM4 random Offset S-Offset- > through a receiving object user name query receiving end Sm2 public Key- > a server side to encrypt a File plaintext to form a ciphertext S-M (File) - > encrypting the SM4 encryption Key by using a server public Key S-Key-SM 4) - > encrypting and abstracting the File ciphertext by using an HMAC-SM3 algorithm to generate an S-HMAC (M (File)), and providing the File ciphertext S-M (File), the SM4 random Offset S-Offset, the encrypted Key S-M (S-Key-SM 4) and the File ciphertext abstract S-HMAC (M (File)) for the receiving end to download;
2) Downloading and decrypting the mobile terminal file: after the mobile terminal obtains a File ciphertext S-M (File), an SM4 random Offset S-Offset, an encrypted Key S-M (S-Key-SM 4) and a File ciphertext abstract S-HMAC (M (File)), the mobile terminal uses a mobile terminal Sm2 private Key to decrypt the S-M (S-Key-SM 4), obtains an S-Key-SM 4-and uses the S-Key-SM4 to participate in HMAC-SM3 to calculate the abstract value of the S-M (File), compares the abstract value with the S-HMAC (M (File), continues decryption if the values are equal, and decrypts the ciphertext S-M (File) by the aid of the random Offset S-Key-SM4 and the SM4 if the values are not equal, so as to obtain an original File, judge the File type of the original File, and display the File according to different types.
The foregoing description is only of the preferred embodiments of the invention, and all changes and modifications that come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.
Claims (1)
1. The mobile terminal file transmission method based on the commercial cryptographic algorithm is characterized by comprising the following steps of:
Step S1, a mobile terminal A, a mobile terminal B and a server are included, and the mobile terminal A and the mobile terminal B transmit and receive files after being transferred by the server;
S2, calling universal file modules of the mobile terminal A and the mobile terminal B to realize real-time analysis and viewing on the basis of encrypting and decrypting by using a commercial cryptographic algorithm;
S3, using SM2, SM3 and SM4 algorithms of a commercial cryptographic algorithm to realize public key online distribution and symmetric encryption key distribution in a digital envelope mode;
S4, registering the mobile terminal A and the mobile terminal B to the server, filling in recorded account information, and identifying the mobile terminal A and the mobile terminal B;
Step S5, the mobile terminal A and the mobile terminal B both generate SM2 public and private key pairs of a commercial cryptographic algorithm by themselves and store the key pairs locally, and when the mobile terminal registers an account with the server, the local public key is uploaded to the server and stored in correspondence with the account information;
S6, the server side generates an SM2 public and private key pair of a commercial cryptographic algorithm and stores the key pair in the server, and the server public key is distributed to the mobile terminal A and the mobile terminal B after the mobile terminal A and the mobile terminal B successfully log in;
step S7, the mobile terminal A and the mobile terminal B access a user list of existing users of the server, and select a receiving object when the user list is used for sending the file, so that the commercial cryptographic algorithm is used for protection in the communication and storage processes of the file;
the uploading operation flow of the commercial cryptographic algorithm for file encryption comprises the following steps:
Step S10, a mobile terminal A and a mobile terminal B generate SM2 key pairs of commercial cryptographic algorithms, and the mobile terminal A and the mobile terminal B store the SM2 key pairs of the commercial cryptographic algorithms to a server to acquire SM2 keys of the commercial cryptographic algorithms of the server;
step S11, a mobile terminal A and a mobile terminal B generate SM4 keys of a commercial cryptographic algorithm, the mobile terminal A and the mobile terminal B select files to be encrypted, and the files to be encrypted are encrypted by using the SM4 keys of the commercial cryptographic algorithm;
step S12, encrypting an SM4 key of the commercial cryptographic algorithm by using a public key of the commercial cryptographic algorithm SM2 of the server to form an SM4 ciphertext, performing abstract calculation on a file ciphertext by using an HMAC-SM3 algorithm, and uploading an encryption result to the server;
S13, the server receives the encryption result, decrypts the SM4 key by using the SM2 private key of the server, and carries out HMAC-SM3 algorithm abstract calculation on the file ciphertext;
step S14, judging whether the ciphertext abstract generated in the step S13 is the same as the ciphertext abstract generated in the step S12, if yes, the data is valid, the data is stored in a database, if no, the data is invalid, and discarding is carried out;
the file decryption process by the commercial cryptographic algorithm comprises the following steps:
step S20, extracting SM4 ciphertext corresponding to file ciphertext required to be downloaded by a receiver and SM4 random offset data from the data volume, and decrypting ciphertext of an SM4 key by using an SM2 private key of a server to obtain the SM4 key;
s21, decrypting the file ciphertext by using the SM4 key and the SM4 random offset to obtain a file plaintext;
Step S22, generating a new SM4 key, encrypting a file by using the new SM4 key to obtain a new file ciphertext, encrypting the new SM4 key by using a SM2 public key of a receiver to obtain a new SM4 key ciphertext, performing abstract calculation on the new file ciphertext by using an HMAC-SM3 algorithm to obtain a new file ciphertext abstract, and returning calculation results to the mobile terminal A and the mobile terminal B;
S23, the mobile terminal A and the mobile terminal B receive the calculation result, decrypt the new SM4 key ciphertext by using the mobile terminal SM2 key to obtain a new SM4 key, and perform HMAC-SM3 algorithm abstract calculation on the new file ciphertext;
Step S24, judging whether the ciphertext abstract generated in the step S23 is equal to the ciphertext abstract generated in the step S22, if so, the data is valid, continuing to decrypt, decrypting the new file ciphertext by using the new SM4 key and the new SM4 random offset, obtaining a file plaintext, and displaying the file by using corresponding components according to different file types; if not, the data is invalid and the user is prompted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210570719.3A CN114945170B (en) | 2022-05-24 | 2022-05-24 | Mobile terminal file transmission method based on commercial cryptographic algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210570719.3A CN114945170B (en) | 2022-05-24 | 2022-05-24 | Mobile terminal file transmission method based on commercial cryptographic algorithm |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114945170A CN114945170A (en) | 2022-08-26 |
| CN114945170B true CN114945170B (en) | 2024-10-22 |
Family
ID=82909212
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210570719.3A Active CN114945170B (en) | 2022-05-24 | 2022-05-24 | Mobile terminal file transmission method based on commercial cryptographic algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114945170B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116208428B (en) * | 2023-04-27 | 2023-07-18 | 中科信工创新技术(北京)有限公司 | Method, system, device, storage medium and electronic equipment for transmitting file |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113572741A (en) * | 2021-06-30 | 2021-10-29 | 深圳市证通云计算有限公司 | Method for realizing safe data transmission based on SM2-SM3-SM4 algorithm |
| CN113722749A (en) * | 2020-05-26 | 2021-11-30 | 北京北信源软件股份有限公司 | Data processing method and device for block chain BAAS service based on encryption algorithm |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114257398A (en) * | 2021-11-09 | 2022-03-29 | 广东南控云图科技有限公司 | Data processing method, system, equipment and medium based on state cryptographic algorithm |
| CN114338648B (en) * | 2021-12-17 | 2024-08-27 | 中国—东盟信息港股份有限公司 | SFTP multi-terminal file secure transmission method and system based on cryptographic algorithm |
-
2022
- 2022-05-24 CN CN202210570719.3A patent/CN114945170B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113722749A (en) * | 2020-05-26 | 2021-11-30 | 北京北信源软件股份有限公司 | Data processing method and device for block chain BAAS service based on encryption algorithm |
| CN113572741A (en) * | 2021-06-30 | 2021-10-29 | 深圳市证通云计算有限公司 | Method for realizing safe data transmission based on SM2-SM3-SM4 algorithm |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114945170A (en) | 2022-08-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100734162B1 (en) | Method and apparatus for secure distribution of public/private key pairs | |
| US8396218B2 (en) | Cryptographic module distribution system, apparatus, and program | |
| US20080181414A1 (en) | Method and apparatus for secure key delivery for decrypting bulk digital content files at an unsecure site | |
| US20120170740A1 (en) | Content protection apparatus and content encryption and decryption apparatus using white-box encryption table | |
| US20070033396A1 (en) | Method and device for securing content delivery over a communication network via content keys | |
| CN106453612A (en) | Data storage and sharing system | |
| GB2607846A (en) | Dongle for ciphering data | |
| CN112597523B (en) | File processing method, file conversion encryption machine, terminal, server and medium | |
| EP3476078A1 (en) | Systems and methods for authenticating communications using a single message exchange and symmetric key | |
| CN107070856A (en) | Encryption/decryption speed improvement method of encryption is applied compoundly | |
| CN115632880A (en) | Reliable data transmission and storage method and system based on state cryptographic algorithm | |
| CN114443718A (en) | Data query method and system | |
| CN114945170B (en) | Mobile terminal file transmission method based on commercial cryptographic algorithm | |
| CN113259317A (en) | Cloud storage data deduplication method based on identity agent re-encryption | |
| CN112528309A (en) | Data storage encryption and decryption method and device | |
| CN109194650B (en) | Encryption transmission method based on file remote encryption transmission system | |
| CN114785527B (en) | Data transmission method, device, equipment and storage medium | |
| KR20070062632A (en) | Mobile message and file security implementation by cryptography | |
| CN106972928B (en) | Bastion machine private key management method, device and system | |
| CN114157488B (en) | Key acquisition method, device, electronic equipment and storage medium | |
| CN112035820B (en) | Data analysis method used in Kerberos encryption environment | |
| CN115150076A (en) | Encryption system and method based on quantum random number | |
| CN111488618B (en) | Block chain-based one-time pad encryption method, device and storage medium | |
| CN114036541A (en) | Application method for compositely encrypting and storing user private content | |
| KR101595056B1 (en) | System and method for data sharing of intercloud enviroment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |