Nothing Special   »   [go: up one dir, main page]

CN113572819A - SM3 cryptographic algorithm-based SFTP file transmission summary verification method - Google Patents

SM3 cryptographic algorithm-based SFTP file transmission summary verification method Download PDF

Info

Publication number
CN113572819A
CN113572819A CN202110740638.9A CN202110740638A CN113572819A CN 113572819 A CN113572819 A CN 113572819A CN 202110740638 A CN202110740638 A CN 202110740638A CN 113572819 A CN113572819 A CN 113572819A
Authority
CN
China
Prior art keywords
file
transmission
ssh
sftp
cryptographic algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110740638.9A
Other languages
Chinese (zh)
Other versions
CN113572819B (en
Inventor
陈都
唐卓
马兴旺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Zhengtong Cloud Computing Co ltd
Shenzhen Zhengtong Electronics Co Ltd
Original Assignee
Shenzhen Zhengtong Cloud Computing Co ltd
Shenzhen Zhengtong Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Zhengtong Cloud Computing Co ltd, Shenzhen Zhengtong Electronics Co Ltd filed Critical Shenzhen Zhengtong Cloud Computing Co ltd
Priority to CN202110740638.9A priority Critical patent/CN113572819B/en
Publication of CN113572819A publication Critical patent/CN113572819A/en
Application granted granted Critical
Publication of CN113572819B publication Critical patent/CN113572819B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an SFTP file transmission summary checking method based on SM3 cryptographic algorithm, which comprises the steps of adding SM3 cryptographic algorithm in a cipher algorithm file of a cipher.c in SSH source code; adding a python script call in an sftp.c secure transmission file in an SSH source code, wherein the python script is used for calculating a file hash value of the transmission file through an SM3 cryptographic algorithm; establishing an encryption tunnel; the SSH client transmits the transmission file based on the SFTP protocol; the SSH server calculates a first file hash value of a transmission file through a python script called by the SSH server; the SSH client side calculates a second file hash value of the transmission file through a python script called by the SSH client side; judging whether the second file hash value is equal to the first file hash value or not; if so, sending a transmission success message of the transmission file; if not, sending transmission failure information of the transmission file. According to the invention, by adding the SM3 cryptographic algorithm and matching with the python script for calling, the verification of uploading and downloading the file abstract of the SFTP protocol is realized, and the accuracy and the safety of file transmission are ensured.

Description

SM3 cryptographic algorithm-based SFTP file transmission summary verification method
Technical Field
The invention relates to the technical field of network security, in particular to an SFTP file transmission summary verification method based on SM3 cryptographic algorithm.
Background
Internet environments are becoming more complex and varied, people increasingly pay more attention to network security, plaintext transmission is used for data transmission under FTP (File Transfer Protocol), the data transmission comprises passwords, the transmission speed is high, but security guarantee is lacked, especially after data monitoring under an exchange environment, the plaintext transmission becomes particularly dangerous, lawless persons can intercept and transmit data and obtain some sensitive information such as user names, passwords and the like, so that the lawless persons can log in a system remotely, and further local overflow is adopted to obtain root authority to control the whole server. No matter government enterprises or private e-commerce platforms, the internal data of the companies belong to confidential data, so that users spend more energy on network security in order to avoid illegal tampering by others in the file transmission process
SFTP shall be transported, which is called secure file transfer protocol for short, and is to encrypt the transmitted data on the basis of FTP to ensure the secure transmission of the data. SFTP is encrypted and verified on the basis of SSH establishing a secure communication tunnel, and SSH verifies encryption through a public key algorithm, thereby adding a layer of security guarantee to message transmission; however, the situation that the file content is intercepted and tampered still exists in the message transmission, and how to ensure the accuracy and the integrity of the message transmission becomes a technical problem which needs to be solved urgently.
Disclosure of Invention
Based on this, it is necessary to provide an SFTP file transmission digest verification method based on the SM3 cryptographic algorithm to realize SFTP protocol file upload and download digest verification, and ensure accuracy and security of file transmission.
In order to solve the technical problems, the invention adopts the following technical scheme:
the invention provides an SFTP file transmission abstract checking method based on SM3 cryptographic algorithm, which comprises the following steps:
step S110, adding SM3 cryptographic algorithm to cipher algorithm file of cipher. c in SSH source code;
step S120, adding a python script call in the sftp.c secure transmission file in the SSH source code, wherein the python script is used for calculating a file hash value of the transmission file through an SM3 cryptographic algorithm;
step S130, an encryption tunnel is established, and the SSH client and the SSH server start to communicate;
step S140, the SSH client transmits the transmission file based on the SFTP protocol;
s150, the SSH server calculates a first file hash value of the transmission file through a python script called by the SSH server;
step S160, the SSH client calculates a second file hash value of the transmission file through a python script called by the SSH client;
step S170, judging whether the second file hash value is equal to the first file hash value; if yes, go to step S180; if not, executing step S190;
step S180, sending the information of successful transmission of the transmission file;
and step S190, sending transmission failure information of the transmission file.
In one embodiment, after step S190, the method further includes:
step S200, whether the transmission file needs to retransmit information or not is sent, and if yes, step S140 is executed; if not, no operation is executed.
In one embodiment, when the transmission file is an upload file, the method in step S150 specifically includes:
step S151, the SSH server receives the transmission file and completes the transmission;
step S152, the SSH server calculates a first file hash value of the transmission file through a python script called by the SSH server, and sends a return message to the SSH client; wherein the return message indicates that the SM3 hash value of the SSH server has been generated.
In one embodiment, when the transmission file is a download file, the method in step S140 specifically includes:
step S141, the SSH client side sends a download request of the transmission file to the SSH server side based on the SFTP protocol in the SSH;
step S142, the SSH server receives the download request and sends the transmission file to the SSH client based on the SFTP protocol;
step S143, the SSH client receives the transmission file and sends a response message to the SSH server; the response message indicates that the transmission file has been received completely.
In one embodiment, when the transmission file is a download file, the method in step S150 specifically includes:
and the SSH server receives the response message, combines the path parameter of the transmission file requested by the SSH client to be downloaded, calculates a first file hash value of the transmission file through a python script called by the SSH server, and sends a message to the SSH client to indicate that the first file hash value is generated.
In one embodiment, the path parameter of the SSH client requesting to download the transmission file is obtained by the download request in step S141.
In one embodiment, the S150 and the method for the SSH server to calculate the hash value of the first file of the transmission file through the python script called by the SSH server specifically include:
data filling;
data expansion;
and (5) performing iterative compression.
In one embodiment, the data filling method specifically includes:
binary conversion is carried out on the transmission file to obtain a message file with the length of L bits;
adding bit '1' to the end of the message file, adding k '0's, wherein k is the minimum negative integer satisfying L +1+ k 448mod512, and finally adding 64 bit strings to the end, wherein the bit strings are binary representations with length L, obtaining the padded message file, and the finally obtained padded message file has a bit length of multiple of 512, thereby realizing the data padding operation of the SM3 cryptographic algorithm.
In one embodiment, the data extension method specifically includes:
partitioning the filled message file, wherein the size of each block is 512 bits to obtain n message blocks, wherein n is an integer obtained by (L + k +64)/512, and then expanding the message blocks into 132 words;
the message block obtained by grouping the filled message files is divided into 16 words, the words from 17 to 67 are obtained by circularly shifting the bit to the left, and the last 64 words are obtained by circularly and-operating 4 words in the interval of the first 68 words.
In one embodiment, the iterative compression method specifically includes:
setting ABCDEFGH as a word register, TT1 and TT2 as intermediate value word registers, enabling a compression function to be CF, assigning an iteration value V0 initial variable IV to the ABCDEFGH as the word register, calculating intermediate values TT1 and TT2, updating the ABCDEFGH after calculation is finished, circularly adding one, iteratively calculating TT1 and TT2 values, updating the word register, and finally obtaining an iterative compression result Vn, wherein n is the number of the grouped message blocks.
In summary, the SM3 cryptographic algorithm-based SFTP file transmission summary verification method provided by the invention realizes SFTP protocol upload file summary verification and download file summary verification by adding SM3 cryptographic algorithm and matching with python script calling, thereby ensuring the accuracy and safety of file transmission.
Drawings
Fig. 1 is a schematic flowchart of a first SFTP file transmission digest verification method based on SM3 cryptographic algorithm according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a second SFTP file transmission digest verification method based on SM3 cryptographic algorithm according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic flow chart of a first SFTP file transmission digest verification method based on SM3 cryptographic algorithm according to an embodiment of the present invention, and as shown in fig. 1, the SFTP file transmission digest verification method based on SM3 cryptographic algorithm specifically includes the following steps:
and S110, adding an SM3 cryptographic algorithm to the cipher. c cryptographic algorithm file in the SSH source code to modify the cipher. c cryptographic algorithm file in the SSH source code.
And S120, adding a python script call in the sftp.c secure transmission file in the SSH source code, wherein the python script is used for calculating a file hash value of the transmission file through an SM3 cryptographic algorithm to modify the sftp.c secure transmission file in the SSH source code.
Step S130, an encryption tunnel is established, and the SSH client and the SSH server start to communicate; the SSH client is connected with the SSH server through a plaintext user name and password or a plaintext key to establish SSH security connection and an encryption tunnel.
Step S140, the SSH client transmits the transmission file based on the SFTP protocol; the transmission mode of the transmission file comprises uploading the transmission file or downloading the transmission file.
S150, the SSH server calculates a first file hash value of the transmission file through a python script called by the SSH server; wherein, the first file hash value of the transmission file is the SM3 hash value generated by the transmission file on the SSH server.
Step S160, the SSH client calculates a second file hash value of the transmission file through a python script called by the SSH client;
step S170, judging whether the second file hash value is equal to the first file hash value, if so, executing step S180; if not, go to step S190.
And step S180, sending the transmission success information of the transmission file so as to prove to the user that the file information of the transmission file is complete and is not modified.
And step S190, sending transmission failure information of the transmission file.
As shown in fig. 2, in one embodiment, after the step S190, the method further includes
Step S200, whether the transmission file needs to retransmit information or not is sent, and if yes, step S140 is executed; if not, no operation is executed.
The user can select whether to transmit the file according to the self requirement; specifically, when the transmission file is an uploaded file, the user selects whether to upload the uploaded file again according to the requirement of the user; when the transmission file is a download file, the user selects whether to re-download the download file according to the requirement of the user.
In one embodiment, in step S150, the SSH server calculates a hash value of a first file of the transmission file through a python script called by the SSH server, and the specific operations include,
data filling:
binary conversion is carried out on the transmission file to obtain a message file with the length of L bits (bit);
adding bit "1" to the end of the message file, and then adding k "0", wherein k is the minimum negative integer satisfying L +1+ k 448mod512, and finally adding 64 bit strings to the end, wherein the bit strings are binary representations of length L, obtaining the filled message file, and the finally obtained bit length of the filled message file is a multiple of 512, thereby realizing the data filling operation of the SM3 national cryptographic algorithm;
data expansion:
partitioning the filled message file, wherein the size of each block is 512 bits, so as to obtain n message blocks, wherein n is an integer obtained by (L + k +64)/512, and then expanding the message blocks into 132 words: w0,W1,...W67,W′0,W′1,...W′63
Specifically, the message block obtained by grouping the filled message files is divided into 16 words, the words 17 to 67 are obtained by circularly shifting the bit to the left, the last 64 words are obtained by circularly spacing 4 words by the first 68 words and calculating, and the calculation formula is as follows:
W0,...,W15message blocks are divided into 16 words;
Figure BDA0003141267420000071
Figure BDA0003141267420000072
wherein,
Figure BDA0003141267420000073
< means the left shift of the circulation position;
iterative compression:
setting ABCDEFGH as a word register, TT1 and TT2 as intermediate value word registers, enabling a compression function to be CF, assigning an iteration value V0 initial variable IV to the ABCDEFGH as the word register, calculating intermediate values TT1 and TT2, updating the ABCDEFGH after calculation is finished, circularly adding one, iteratively calculating TT1 and TT2 values, updating the word register, and finally obtaining an iterative compression result Vn, wherein n is the number of the grouped message blocks.
The iterative computation is disclosed as follows:
Vi+1=CF(Vi,Bi),i=0,…n-1,V0=IVVi+1=CF(Vi,Bi),i=0,…n-1,V0=IV,
IV=7380166f4914b2b9172442d7da8a0600a96f30bc163138aae38dee4db0fb0e4e。
in one embodiment, similarly, the operation process of step S160 is the same as above, and is not described herein again.
In order to make the technical solution of the present invention clearer, the following describes a preferred embodiment.
When the transmission file is an uploading file, the SFTP file transmission abstract checking method based on the SM3 cryptographic algorithm specifically comprises the following steps,
and S110, adding an SM3 cryptographic algorithm to the cipher. c cryptographic algorithm file in the SSH source code to modify the cipher. c cryptographic algorithm file in the SSH source code.
And step S120, adding a python script call in the sftp.c secure transmission file in the SSH source code, wherein the python script is used for calculating a file hash value of the transmission file through an SM3 cryptographic algorithm.
Step S130, an encryption tunnel is established, and the SSH client and the SSH server start to communicate; the SSH client is connected with the SSH server through a plaintext user name and password or a plaintext key to establish SSH security connection and an encryption tunnel.
And step S140, the SSH client transmits the transmission file based on the SFTP protocol.
Specifically, the SSH client sends the uploaded file to the SSH server according to the SFTP protocol and the file name of the uploaded file.
S150, the SSH server calculates a first file hash value of the transmission file through a python script called by the SSH server; wherein, the first file hash value of the transmission file is the SM3 hash value generated by the transmission file on the SSH server.
Specifically, in step S150, the SSH server calculates a first file hash value of the transmission file through a python script called by the SSH server, and the specific operations include:
step S151, the SSH server receives the transmission file and completes the transmission;
step S152, the SSH server calculates a first file hash value of the transmission file through a python script called by the SSH server, and sends a return message to the SSH client; wherein the return message indicates that the SM3 hash value of the SSH server has been generated.
And step S160, the SSH client calculates a second file hash value of the transmission file through the python script called by the SSH client.
Step S170, judging whether the second file hash value is equal to the first file hash value, if so, executing step S180; if not, go to step S190.
Specifically, the SSH client sends request information for downloading the hash value of the first file to the SSH server of the SSH server according to a return message sent by the SSH server; the SSH server side sends a first file hash value to the SSH client side according to the request information; after receiving the first file hash value sent by the SSH server, the SSH client judges whether the second file hash value is equal to the first file hash value; the first file hash value is generated only once, and only the corresponding SM3 hash value is not generated again, so as to ensure that the transmission file is not modified at the SSH server.
And step S180, sending the transmission success information of the transmission file so as to prove to the user that the file information of the transmission file is complete and is not modified.
And step S190, sending transmission failure information of the transmission file.
When the transmission file is a download file, the SFTP file transmission abstract checking method based on the SM3 cryptographic algorithm specifically comprises the following steps,
and S110, adding an SM3 cryptographic algorithm to the cipher. c cryptographic algorithm file in the SSH source code to modify the cipher. c cryptographic algorithm file in the SSH source code.
And step S120, adding a python script call in the sftp.c secure transmission file in the SSH source code, wherein the python script is used for calculating a file hash value of the transmission file through an SM3 cryptographic algorithm.
Step S130, an encryption tunnel is established, and the SSH client and the SSH server start to communicate; the SSH client is connected with the SSH server through a plaintext user name and password or a plaintext key to establish SSH security connection and an encryption tunnel.
And step S140, the SSH client transmits the transmission file based on the SFTP protocol.
Specifically, in step S140, the method for the SSH client to transmit the transmission file based on the SFTP protocol includes the following specific operations:
step S141, the SSH client side sends a download request of the transmission file to the SSH server side based on the SFTP protocol in the SSH;
step S142, the SSH server receives the download request and sends the transmission file to the SSH client based on the SFTP protocol;
step S143, the SSH client receives the transmission file and sends a response message to the SSH server; the response message indicates that the transmission file has been received completely.
S150, the SSH server calculates a first file hash value of the transmission file through a python script called by the SSH server; wherein, the first file hash value of the transmission file is the SM3 hash value generated by the transmission file on the SSH server.
Specifically, the SSH server receives the response message, combines the path parameter of the SSH client requesting to download the transmission file, calculates a first file hash value of the transmission file through a python script called by the SSH server, and sends a message to the SSH client indicating that the first file hash value has been generated; the path parameter of the SSH client requesting to download the transmission file is obtained through the download request in step S141.
And step S160, the SSH client calculates a second file hash value of the transmission file through the python script called by the SSH client.
Specifically, the SSH client side combines the path parameter of the transmission file requested to be downloaded by the SSH client side, and calculates the second file hash value of the transmission file through the python script called by the SSH client side.
Step S170, judging whether the second file hash value is equal to the first file hash value, if so, executing step S180; if not, go to step S190.
And step S180, sending the transmission success information of the transmission file so as to prove to the user that the file information of the transmission file is complete and is not modified.
And step S190, sending transmission failure information of the transmission file.
The invention relates to a STFP protocol file transmission digest verification method based on SM3 cryptographic algorithm, which uses the domestic secure SM3 digest algorithm to replace the traditional MD5 digest algorithm and SHA-1 algorithm, is more easily resistant to attack and tampering of others, and meets the national safe and reliable information strategy target.
The SSH client and the SSH server are established on a security channel after SSH key authentication, so that transmission is safer and more reliable; the SFTP protocol is safer and more reliable than FTP file transmission, data is safer through encryption and decryption transmission, additional server programs do not need to be installed, independent configuration is not needed, and file transmission of a server and a client can be easily carried out as long as SSH service is installed and started; three basic characteristics that the SM3 cryptographic algorithm satisfies: the method has the advantages that the collision stability, the original root stability and the safety are higher, the original file content is difficult to calculate from the obtained known hash value no matter the file hash value is obtained by uploading or downloading the file, the same file hash value cannot be given to different file contents, the algorithm execution efficiency is higher, the completeness and the accuracy of file transmission can be guaranteed, and meanwhile, the abstract of any target file can be quickly obtained for verification.
In summary, the SM3 cryptographic algorithm-based SFTP file transmission summary verification method provided by the invention realizes SFTP protocol file uploading and file summary downloading verification by adding SM3 cryptographic algorithm and matching with python script calling, thereby ensuring the accuracy and safety of file transmission.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present invention, it should be understood that the disclosed system and method can be implemented in other ways. For example, the system embodiments described above are merely illustrative. For example, the division of each unit is only one logic function division, and there may be another division manner in actual implementation. For example, various elements or components may be combined or may be integrated into another system, or some features may be omitted, or not implemented.
The steps in the method of the embodiment of the invention can be sequentially adjusted, combined and deleted according to actual needs. The units in the device of the embodiment of the invention can be merged, divided and deleted according to actual needs. In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a storage medium. Based on such understanding, the technical solution of the present invention essentially or partially contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a terminal, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention.
The above examples are merely illustrative of several embodiments of the present invention, and the description thereof is more specific and detailed, but not to be construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present invention should be subject to the appended claims.

Claims (10)

1. A SM3 cryptographic algorithm-based SFTP file transmission summary verification method is characterized by comprising the following steps:
step S110, adding SM3 cryptographic algorithm to cipher algorithm file of cipher. c in SSH source code;
step S120, adding a python script call in the sftp.c secure transmission file in the SSH source code, wherein the python script is used for calculating a file hash value of the transmission file through an SM3 cryptographic algorithm;
step S130, an encryption tunnel is established, and the SSH client and the SSH server start to communicate;
step S140, the SSH client transmits the transmission file based on the SFTP protocol;
s150, the SSH server calculates a first file hash value of the transmission file through a python script called by the SSH server;
step S160, the SSH client calculates a second file hash value of the transmission file through a python script called by the SSH client;
step S170, judging whether the second file hash value is equal to the first file hash value; if yes, go to step S180; if not, executing step S190;
step S180, sending the information of successful transmission of the transmission file;
and step S190, sending transmission failure information of the transmission file.
2. The SFTP file transmission digest checking method based on SM3 cryptographic algorithm of claim 1, wherein after step S190, the method further comprises:
step S200, whether the transmission file needs to retransmit information or not is sent, and if yes, step S140 is executed; if not, no operation is executed.
3. The method for verifying the transmission summary of the SFTP file based on the SM3 cryptographic algorithm according to claim 1 or 2, wherein when the transmission file is an uploaded file, the method in step S150 specifically includes:
step S151, the SSH server receives the transmission file and completes the transmission;
step S152, the SSH server calculates a first file hash value of the transmission file through a python script called by the SSH server, and sends a return message to the SSH client; wherein the return message indicates that the SM3 hash value of the SSH server has been generated.
4. The SFTP file transmission digest verification method based on the SM3 cryptographic algorithm according to claim 1 or 2, wherein: when the transmission file is a download file, the method of step S140 specifically includes:
step S141, the SSH client side sends a download request of the transmission file to the SSH server side based on the SFTP protocol in the SSH;
step S142, the SSH server receives the download request and sends the transmission file to the SSH client based on the SFTP protocol;
step S143, the SSH client receives the transmission file and sends a response message to the SSH server; the response message indicates that the transmission file has been received completely.
5. The SFTP file transmission digest verification method based on SM3 cryptographic algorithm of claim 4, wherein when the transmission file is a download file, the method of step S150 specifically comprises the following operations:
and the SSH server receives the response message, combines the path parameter of the transmission file requested by the SSH client to be downloaded, calculates a first file hash value of the transmission file through a python script called by the SSH server, and sends a message to the SSH client to indicate that the first file hash value is generated.
6. The SFTP file transmission digest verification method based on SM3 cryptographic algorithm of claim 5, wherein: the path parameter of the SSH client requesting the download of the transmission file is obtained by the download request in step S141.
7. The method for checking the transmission summary of an SFTP file based on the SM3 cryptographic algorithm of claim 1 or 2, wherein the S150 and the SSH server calculate the hash value of the first file of the transmission file through a python script called by the SSH server, and the specific operations include:
data filling;
data expansion;
and (5) performing iterative compression.
8. The SFTP file transmission digest verification method based on SM3 cryptographic algorithm of claim 7, wherein the data filling method specifically comprises:
binary conversion is carried out on the transmission file to obtain a message file with the length of L bits;
adding bit '1' to the end of the message file, adding k '0's, wherein k is the minimum negative integer satisfying L +1+ k 448mod512, and finally adding 64 bit strings to the end, wherein the bit strings are binary representations with length L, obtaining the padded message file, and the finally obtained padded message file has a bit length of multiple of 512, thereby realizing the data padding operation of the SM3 cryptographic algorithm.
9. The method for verifying the transmission summary of the SFTP file based on the SM3 cryptographic algorithm, according to claim 8, wherein the data expansion method specifically includes:
partitioning the filled message file, wherein the size of each block is 512 bits to obtain n message blocks, wherein n is an integer obtained by (L + k +64)/512, and then expanding the message blocks into 132 words;
the message block obtained by grouping the filled message files is divided into 16 words, the words from 17 to 67 are obtained by circularly shifting the bit to the left, and the last 64 words are obtained by circularly and-operating 4 words in the interval of the first 68 words.
10. The method for checking the transmission summary of the SFTP file based on the SM3 cryptographic algorithm of the country as claimed in claim 9, wherein the iterative compression method specifically comprises:
setting ABCDEFGH as a word register, TT1 and TT2 as intermediate value word registers, enabling a compression function to be CF, assigning an iteration value V0 initial variable IV to the ABCDEFGH as the word register, calculating intermediate values TT1 and TT2, updating the ABCDEFGH after calculation is finished, circularly adding one, iteratively calculating TT1 and TT2 values, updating the word register, and finally obtaining an iterative compression result Vn, wherein n is the number of the grouped message blocks.
CN202110740638.9A 2021-06-30 2021-06-30 SFTP file transmission abstract verification method based on SM3 national cryptographic algorithm Active CN113572819B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110740638.9A CN113572819B (en) 2021-06-30 2021-06-30 SFTP file transmission abstract verification method based on SM3 national cryptographic algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110740638.9A CN113572819B (en) 2021-06-30 2021-06-30 SFTP file transmission abstract verification method based on SM3 national cryptographic algorithm

Publications (2)

Publication Number Publication Date
CN113572819A true CN113572819A (en) 2021-10-29
CN113572819B CN113572819B (en) 2024-06-21

Family

ID=78163327

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110740638.9A Active CN113572819B (en) 2021-06-30 2021-06-30 SFTP file transmission abstract verification method based on SM3 national cryptographic algorithm

Country Status (1)

Country Link
CN (1) CN113572819B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114338648A (en) * 2021-12-17 2022-04-12 中国—东盟信息港股份有限公司 SFTP multi-terminal file secure transmission method and system based on state cryptographic algorithm
CN114760115A (en) * 2022-03-29 2022-07-15 中银金融科技有限公司 Integrity verification method, equipment and medium for file transmission based on SM3

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109934017A (en) * 2019-03-12 2019-06-25 苏州科达科技股份有限公司 Check information generates and file integrality method of calibration, system, equipment and medium
CN112565198A (en) * 2020-11-11 2021-03-26 浪潮电子信息产业股份有限公司 Secret-free login method and device, electronic equipment and storage medium
CN112738064A (en) * 2020-12-25 2021-04-30 北京航天云路有限公司 Method for improving security of SSH protocol based on SM2 and SM4 cryptographic algorithm
CN113037484A (en) * 2021-05-19 2021-06-25 银联商务股份有限公司 Data transmission method, device, terminal, server and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109934017A (en) * 2019-03-12 2019-06-25 苏州科达科技股份有限公司 Check information generates and file integrality method of calibration, system, equipment and medium
CN112565198A (en) * 2020-11-11 2021-03-26 浪潮电子信息产业股份有限公司 Secret-free login method and device, electronic equipment and storage medium
CN112738064A (en) * 2020-12-25 2021-04-30 北京航天云路有限公司 Method for improving security of SSH protocol based on SM2 and SM4 cryptographic algorithm
CN113037484A (en) * 2021-05-19 2021-06-25 银联商务股份有限公司 Data transmission method, device, terminal, server and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
HELEN1004: ""SSH协议总结"", Retrieved from the Internet <URL:https://blog.csdn.net/helen1004/article/details/103141411> *
蔡成杭;: "支持国产密码算法的OpenSSL设计实现及应用", 信息安全研究, no. 02 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114338648A (en) * 2021-12-17 2022-04-12 中国—东盟信息港股份有限公司 SFTP multi-terminal file secure transmission method and system based on state cryptographic algorithm
CN114338648B (en) * 2021-12-17 2024-08-27 中国—东盟信息港股份有限公司 SFTP multi-terminal file secure transmission method and system based on cryptographic algorithm
CN114760115A (en) * 2022-03-29 2022-07-15 中银金融科技有限公司 Integrity verification method, equipment and medium for file transmission based on SM3

Also Published As

Publication number Publication date
CN113572819B (en) 2024-06-21

Similar Documents

Publication Publication Date Title
CN109194466B (en) Block chain-based cloud data integrity detection method and system
CN108885741B (en) Tokenization method and system for realizing exchange on block chain
CN109474606B (en) File transmission method and device, computer equipment and storage medium
CN103763315B (en) A kind of trust data access control method being applied to mobile device cloud storage
CN112702160B (en) Method, device and system for encrypted storage and sharing of cloud data
US10482255B2 (en) Controlled secure code authentication
KR20180114182A (en) Secure personal devices using elliptic curve cryptography for secret sharing
US11153074B1 (en) Trust framework against systematic cryptographic
KR102028092B1 (en) Apparatus and method for reliable quantum signature
US20170264596A1 (en) Systems and methods for securing electronic data with embedded security engines
CN113572819A (en) SM3 cryptographic algorithm-based SFTP file transmission summary verification method
JP2006512853A (en) Method and apparatus for detecting a shared secret without compromising the non-shared secret
CN114503506A (en) Block chain system supporting clear text data alteration contained in transactions
CN107306274A (en) Data de-duplication method based on digital digest
CN107026729B (en) Method and device for transmitting software
CN109936438A (en) A kind of method of Internet of things system terminal device secure accessing certification
CN110932863B (en) Generalized signcryption method based on coding
CN110519225B (en) Anti-quantum computation HTTPS communication method and system based on asymmetric key pool and certificate cryptography
CN118074905A (en) Post quantum security VOPRF protocol, anonymous token authentication method and system
CN118051930A (en) Distributed privacy file encryption and decryption method, device and storage medium
KR101256114B1 (en) Message authentication code test method and system of many mac testserver
CN114760072B (en) Signature and signature verification method, device and storage medium
CN114826607B (en) Edge computing node compression method based on block chain and lightweight storage system
CN108566277B (en) Data storage position-based data copy deleting method in cloud storage
CN114244569B (en) SSL VPN remote access method, system and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant