CN100576792C - The method that file encryption is shared - Google Patents
The method that file encryption is shared Download PDFInfo
- Publication number
- CN100576792C CN100576792C CN200610011687A CN200610011687A CN100576792C CN 100576792 C CN100576792 C CN 100576792C CN 200610011687 A CN200610011687 A CN 200610011687A CN 200610011687 A CN200610011687 A CN 200610011687A CN 100576792 C CN100576792 C CN 100576792C
- Authority
- CN
- China
- Prior art keywords
- file
- key
- shared
- ciphertext
- encrypt
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 230000008569 process Effects 0.000 claims abstract description 10
- 238000012544 monitoring process Methods 0.000 abstract description 6
- 239000007943 implant Substances 0.000 abstract description 3
- 238000007726 management method Methods 0.000 description 6
- 230000008859 change Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000002513 implantation Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
A kind of by the management PKI, implant encryption key hereof and realize encrypting shared method and system.Described system is made up of file server and client, file server comprises that file monitoring module, file share scope module, public key acquisition module and encrypting module are set, and client comprises: the file identification module, separate file cipher key module and deciphering module.Ciphering process is: according to shared type different Shared Folders is set, each Shared Folders has encrypted public key separately respectively; To the file in each Shared Folders, at first use the symmetry algorithm encrypt file, and the key of this document is implanted in the ciphertext; Then according to the shared type of file, encrypt the key of described file with one or more PKIs respectively by asymmetric arithmetic, form key chain, and file-sharing type, PKI number and key chain are implanted the ciphertext head.
Description
Technical field
The present invention relates to information sharing and cooperation technology field, particularly relate to the method that a kind of file encryption is shared, is a kind of by the management PKI, implants encryption key hereof and realizes encrypting shared method.
Background technology
Along with the extensive use of network, information sharing is more and more general.Yet people will consciously or unconsciously be leaked some classified informations, or illegally be obtained by other people in the information of sharing.The main carrier of information is exactly a file, protects file, has also just protected most information.
Encryption is the method that protected file is effective and be widely used.Encrypt file mainly is to use symmetric encipherment algorithm at present, and the CA certificate management system is adopted in key management.For most of enterprises, shared file is extremely general on the local area network (LAN) of enterprises, yet there is not the people of authority can not see that some have the file of security properties in order to allow, dispose standard set CA management system, can bring bigger cost pressure, particularly for the enterprise or the research institution of some small scales.If adopt simple file sharing method, just have the danger that information is leaked.Yet the effective technical scheme that shared file is encrypted that does not also have discovery to propose in the prior art, at this technological deficiency.
Summary of the invention
The method and system dangerous at file sharing method in the prior art and defectives such as cost is high, inconvenient operation the object of the present invention is to provide a kind of new file encryption realized to share.This method can reduce the cost that file encryption is shared greatly, has also improved the fail safe of file-sharing simultaneously greatly.In this method and system, do not change the custom of user, and the encryption and decryption process all is transparent to the user to file operation, support file association, irrelevant with file format.
According to purpose of the present invention, a kind of method that file encryption is shared comprises step:
1) according to sharing type different Shared Folders is set, each Shared Folders has encrypted public key separately respectively;
2), at first use the symmetry algorithm encrypt file, and the key of this document is implanted in the ciphertext to the file in each Shared Folders;
Wherein, file data is adopted symmetry algorithm, commonly used have DES, IDEA and a Triple-DES etc.Third party's encipher interface is provided simultaneously, has made the user select required cryptographic algorithm, to adapt to user's specific demand according to the needs of oneself.
Wherein, adopt, can reduce the cost of cipher key delivery, realized the file format independence simultaneously well, guarantee the file reduction, and kept the file association of original file in system the method in the file key implantation file.
3) then according to the shared type of file, adopt asymmetric arithmetic to encrypt the key of described file respectively, form key chain with one or more PKIs, and with file-sharing type and PKI number information and key chain implantation ciphertext head.Also comprise following information in the described ciphertext head: the ID of the form of described file, the ID of described symmetry algorithm and described asymmetric arithmetic.Wherein, the form of described file includes but not limited to: .doc .txt .xls .exe .dll etc.
Wherein, adopt rivest, shamir, adelman to encrypt, fail safe that can the safeguard file key to the file key.In the prior art, general the most ripe, the most widely used RSA Algorithm of development that adopts.
For said method is described better, with certain local area network (LAN) is example, supposing has three groups of users in this local area network (LAN), all users shared in the content of Shared Folders A belonged to first and second groups, then the shared type of file is exactly that group shares in this document folder, and this document folder has first group PKI and second group PKI simultaneously.Therefore, for certain file in this document folder, use the key of public key encryption this document of first group PKI and second group respectively when encrypting, form key chain, the PKI number of this document is exactly 2.
For existing file-sharing scheme, the step in the said method is finished on file server.Described file server can be that interior any of certain local area network (LAN) deposited the terminal of Shared Folders.Decrypting process when the computer user reads through the shared file after the said method encryption below will be described.
According to purpose of the present invention, the present invention also provides a kind of and above-mentioned file encryption has been shared method accordingly to the method for shared file deciphering, and this method belongs to the part of file-sharing encryption method design among the present invention, and it comprises step:
1) reads the ciphertext header information of file in the Shared Folders, set form and condition code according to file header, judge whether it is encrypt file, and obtain the form of encrypted file, symmetry algorithm ID, asymmetric arithmetic ID and the PKI number information that adopts when sharing type, encrypt file.
2), take out corresponding private key decrypting ciphertext key according to described file-sharing type and asymmetric arithmetic ID.
Wherein, if the PKI number information that obtains greater than 1, then should be according to shared type with corresponding private key decrypting ciphertext key seriatim, till successful decryption or the number of times that repeats to decipher equal the PKI number.For example, file-sharing type in the Shared Folders of supposing to be read is that group shares, and Share Permissions is that first and second small group of users are shared, then during file in reading this document folder of first group and second group of user, seriatim the each several part in the key chain is decrypted taking out this group private key, if the first's deciphering to key chain is unsuccessful, then continue to untie another part of key chain with this private key.Because this document is to encrypt respectively with the PKI of these two groups, so this user of two groups always can untie key chain.When the 3rd group of user reads this document, because it does not have first or second group private key, then also can't untie key chain through twice deciphering, can not obtain the ciphertext key.
3) come decrypting ciphertext with the key that solves, reduce encrypted file.
For existing file-sharing scheme, be to finish as the step 1 in the said method in client with respect to file server.
Another purpose of the present invention is to provide a kind of system that above-mentioned file encryption is shared method that uses, and this system comprises a file encryption server and client side at least.Described file encryption server can be arbitrary file server of depositing shared file, and described client can be the terminal of arbitrary accessible file server.
Wherein, described file encryption server comprises:
The file monitoring module is used to monitor the variation of file in the file, comprises the putting into of new file, the modification of file content, the change of file name etc.; And the initiate file that does not have to encrypt is called encrypting module encrypt;
File is shared scope module is set, can interface form and user interactions, be used for the shared scope selected according to the user, and call the public key acquisition module, obtain corresponding public key;
The public key acquisition module is used for generating corresponding public key according to the shared scope that the user selects;
Encrypting module is used for the symmetry algorithm ID according to user's selection, calls corresponding symmetry algorithm enciphered data; Described client comprises:
The file identification module is used to read file header information, judges whether it is encrypt file, and the resolution file head, reads shared type, asymmetric arithmetic ID, symmetry algorithm ID, PKI number;
Separate the file cipher key module, be used to read key chain,, select corresponding asymmetric arithmetic private key declassified document key according to asymmetric arithmetic ID;
Deciphering module according to symmetry algorithm ID, is selected corresponding symmetry algorithm, data decryption.
Technique effect of the present invention is: the encryption and decryption process does not change user's use habit to user transparent; The encryption and decryption process is respectively the server and client side, the resource reasonable distribution; The file that will encrypt there is not format restriction; Guaranteeing that key management is simple under the safe situation, reduced the cost of key management.
Description of drawings
Fig. 1 represents the file-sharing type schematic diagram that is provided with on the file server;
Fig. 2 represents the ciphertext form schematic diagram of file after encrypted;
Fig. 3 represents the ciphertext head construction schematic diagram of file after encrypted;
Fig. 4 represents the structural representation of file encryption server;
Fig. 5 represents the structural representation of client.
Embodiment
Below describe content of the present invention in detail by simple server one client models, but be not construed as limiting the invention.
In the present embodiment, the file encryption shared system is made up of some file servers and terminal (client), and all users are divided into 3 user's groups.The ciphering process of file can select a file server as the encrypt file server arbitrarily at the file encryption server, will encrypt monitor service and be contained on this file server.The in store overall situation of file server, each group and each user's PKI.Decrypting process is in client, and client host is installed decrypted program.Can guarantee the reasonable utilization of computer resource so well.
Wherein, the structure of file encryption server as shown in Figure 4, it comprises: file monitoring module, file are shared scope module, public key acquisition module and encrypting module are set, the structure of client as shown in Figure 5, it comprises: the file identification module, separate file cipher key module and deciphering module.Below the concrete function and the effect of each module in the said system will be described in the process of describing the encryption and decryption step in conjunction with other accompanying drawings.
Create Shared Folders at file server, share scope by the file on the file encryption server the shared scope that module is provided with each file is set.The file of sharing has the PKI of varying number according to the difference of the scope of sharing.As shown in Figure 3, file 1 is overall Shared Folders, and this document clamping has overall PKI, and file 2 is the file that first small group of users is shared, and this document folder has first group's PKI; File 3 is the file that first and second groups share, and this document folder has the PKI of first and second groups.A shared file has several PKIs, several key information structures is just arranged, as shown in Figure 2 in ciphertext.The number of PKI has been represented the sharable scope of encrypt file in this file.Setting completed for Shared Folders, and the file monitoring module begins to monitor the variation of file in the file, comprises the putting into of new file, the modification of file content, the change of file name etc.
As shown in Figure 3, be example with overall Shared Folders 1, when new file was put into this file, the file monitoring module called encrypting module to initiate file and encrypts.Encrypting module calls corresponding symmetry algorithm encrypted file data according to the symmetry algorithm ID that the user selects.Then, the public key acquisition module generates corresponding overall PKI according to the shared scope that the user selects, by the file monitoring module with this overall public key encryption file key, adopt public and private key system during the encrypt file key, when the distribution private key, adopt the challenge response mode of one-time pad, guaranteed the fail safe of private key distribution well.To add overstocked key and implant file, this file can be shared by all users.File passes through encrypts the back ciphertext form that generates as shown in Figure 2, and wherein, the ciphertext header structure as shown in Figure 3.
In like manner, 2 PKIs of holding one group of file, therefore putting into the encrypt file of its inside can only be shared by a group membership, 3 PKIs that have one two two groups of file, the file encryption server is distinguished the encrypt file keys with two PKIs, then the encrypted secret key chain is implanted file, therefore put into the encrypt file of its inside, just can be shared by the member of one two two groups.Hence one can see that, and the group all to the overall situation all can set the file of sharing between group as required arbitrarily.
In client, each user holds three private keys, promptly overall private key, group's private key and individual private key.When the client user will go out the file-sharing of oneself,, file is put into the corresponding Shared Folders of file server according to shared scope; In the time will checking shared file, be provided with in the file server in the file of corresponding Share Permissions and obtain file to local, can decipher and check.If oneself do not have the file of authority, promptly enable to decipher and check from wherein taking out file.
When the user gets shared file, from the file server file in download, in this locality by the decrypted program decrypting ciphertext and be reduced into the original form of file file.During decrypting ciphertext, at first read file header information, judge its whether encrypt file by the file identification module, and the resolution file head, the shared type, asymmetric arithmetic ID, the symmetry that read are wherein calculated ID and PKI number information.Shared type and asymmetric arithmetic ID according to file, separating the file cipher key module selects corresponding asymmetric arithmetic with corresponding private key declassified document key one by one, if successful decryption, then deciphering module is selected corresponding symmetry algorithm decrypted file data according to symmetry algorithm ID.If the deciphering failure illustrates that then the active user haves no right to share this document.As shown in Figure 1, for the file of being shared by the overall situation 1, all users can decipher wherein file with corresponding overall private key; And, have only first group of user can enough group's private key deciphering files wherein that it has for the file of sharing by first group of user 2, when the user of other groups reads file in this document folder, the result will be the deciphering failure; For the file of sharing by one or two groups of users 3, during file in one or two groups users read this document folder, the private key that uses this group is removed key chain in the declassified document head respectively, just can untie through twice deciphering at most, and the user of other groups fails through twice deciphering, and the authority of not checking this document then is described.
More than describe the present invention in detail by specific embodiment, those skilled in the art will be understood that, in the scope that does not break away from essence of the present invention, can modify and be out of shape, such as the present invention being applied in the more simple or complicated computer network system of structure and level, still can realize purpose of the present invention.
Claims (6)
1, a kind of to the shared file method of encrypting, comprise step:
1) according to sharing type different Shared Folders is set, each Shared Folders has encrypted public key separately respectively; Described shared type comprises: the overall situation is shared, single group shares and a plurality of groups share;
2), use the symmetry algorithm encrypt file, and the file key that this symmetry algorithm uses is implanted in the ciphertext to the file in each Shared Folders;
The method that described file key is implanted ciphertext is: according to the shared type of file, encrypt described file key with one or more PKIs respectively by asymmetric arithmetic, form key chain, and file-sharing type, PKI number information and key chain are implanted the ciphertext head; Share if file is the overall situation, use overall public key encryption; If belonging to single group, shares by file, with this group's public key encryption; Share if file belongs to a plurality of groups, use the public key encryption of a plurality of groups respectively;
Also comprise following information in the described ciphertext head: the ID of the form of described file, the ID of described symmetry algorithm and described asymmetric arithmetic.
2, the method for claim 1 is characterized in that, described step 2) in ciphering process on file server, finish.
3, the method for claim 1 is characterized in that, described symmetry algorithm comprises at least: DES, IDEA or Triple-DES.
4, the method for claim 1 is characterized in that, described asymmetric arithmetic comprises RSA Algorithm at least.
5, a kind of method that the shared file of using encryption method as claimed in claim 1 to encrypt is deciphered comprises step:
1) reads the ciphertext header information of file in the Shared Folders, set form and condition code according to file header, judge whether it is encrypt file, and obtain the form of encrypted file, symmetry algorithm ID, asymmetric arithmetic ID and the PKI number information that adopts when sharing type, encrypt file;
2), take out corresponding private key, with the ciphertext key in the pairing algorithm decruption key of the asymmetric arithmetic ID chain according to described file-sharing type and asymmetric arithmetic ID; If PKI number information is greater than 1,, equal the PKI number until successful decryption or the number of times that repeats to decipher then according to sharing type with corresponding private key decrypting ciphertext key one by one; If being the overall situation, shares by file, with overall private key deciphering; Share if file belongs to single group, be decrypted with group's private key; Share if file belongs to a plurality of groups, each the private key with a plurality of groups is decrypted respectively;
3) use file key and the symmetry algorithm ID corresponding algorithm solve to come decrypting ciphertext, reduce encrypted file.
6, method as claimed in claim 5 is characterized in that, described step 1), 2) and 3) in decrypting process finish in client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610011687A CN100576792C (en) | 2006-04-14 | 2006-04-14 | The method that file encryption is shared |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610011687A CN100576792C (en) | 2006-04-14 | 2006-04-14 | The method that file encryption is shared |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1832398A CN1832398A (en) | 2006-09-13 |
| CN100576792C true CN100576792C (en) | 2009-12-30 |
Family
ID=36994423
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200610011687A Expired - Fee Related CN100576792C (en) | 2006-04-14 | 2006-04-14 | The method that file encryption is shared |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100576792C (en) |
Families Citing this family (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4396865B2 (en) * | 2007-05-09 | 2010-01-13 | 村田機械株式会社 | Relay server and relay communication system |
| CN101473332B (en) | 2007-06-15 | 2012-04-04 | 日立软件工程株式会社 | Document processing system and method |
| CN101572659B (en) * | 2008-04-30 | 2012-08-15 | 北京明朝万达科技有限公司 | Network sharing range control method for files |
| CN101409618B (en) * | 2008-11-24 | 2011-01-26 | 农革 | A Multi-Reader Document Encryption and Decryption Method |
| CN102231181B (en) * | 2009-10-22 | 2014-08-06 | 鸿富锦精密工业(深圳)有限公司 | Computer system used for file encryption and file encryption method |
| CN101710380B (en) * | 2009-12-22 | 2012-04-25 | 中国软件与技术服务股份有限公司 | Electronic file security protection method |
| CN103166757B (en) * | 2011-12-19 | 2016-01-20 | 卓望数码技术(深圳)有限公司 | A kind of method and system of dynamic protection privacy of user data |
| CN102629940A (en) * | 2012-03-19 | 2012-08-08 | 天津书生投资有限公司 | Storage method, system and device |
| CN103595698B (en) * | 2012-08-16 | 2017-05-03 | 福建福昕软件开发股份有限公司 | Management method for digital rights |
| CN102868748B (en) * | 2012-09-19 | 2016-03-09 | 无锡华御信息技术有限公司 | A kind of file security shared system and file security shared server, client |
| US9164926B2 (en) | 2012-11-22 | 2015-10-20 | Tianjin Sursen Investment Co., Ltd. | Security control method of network storage |
| CN103220293B (en) * | 2013-04-23 | 2016-05-11 | 福建伊时代信息科技股份有限公司 | A kind of document protection method and device |
| CN105184180B (en) * | 2014-06-12 | 2019-03-29 | 联想(北京)有限公司 | A kind of document handling method and device |
| CN106843853B (en) * | 2016-12-28 | 2020-09-08 | 北京五八信息技术有限公司 | Method and device for protecting user information |
| CN109729041B (en) * | 2017-10-27 | 2022-03-18 | 上海策赢网络科技有限公司 | Method and device for issuing and acquiring encrypted content |
| CN111125742B (en) * | 2018-10-30 | 2024-04-05 | 奇酷互联网络科技(深圳)有限公司 | File management method, intelligent terminal and device with storage function |
| TWI687839B (en) * | 2019-07-15 | 2020-03-11 | 天逸財金科技服務股份有限公司 | Public document limited viewing method and system thereof |
| TWI762120B (en) * | 2020-12-28 | 2022-04-21 | 鴻海精密工業股份有限公司 | File encryption and decryption method, device , and electronic device |
| CN115765978B (en) * | 2022-09-26 | 2025-09-26 | 浙江大华技术股份有限公司 | File encryption method, device, storage medium and electronic device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1487423A (en) * | 2002-09-30 | 2004-04-07 | �Ҵ���˾ | Protection system and method for memory equipment for duplicating on computer network |
| CN1558594A (en) * | 2004-01-14 | 2004-12-29 | 哈尔滨工业大学 | A Processing Method for Confidentiality, Authentication, Rights Management and Diffusion Control of Electronic Documents |
-
2006
- 2006-04-14 CN CN200610011687A patent/CN100576792C/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1487423A (en) * | 2002-09-30 | 2004-04-07 | �Ҵ���˾ | Protection system and method for memory equipment for duplicating on computer network |
| CN1558594A (en) * | 2004-01-14 | 2004-12-29 | 哈尔滨工业大学 | A Processing Method for Confidentiality, Authentication, Rights Management and Diffusion Control of Electronic Documents |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1832398A (en) | 2006-09-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100576792C (en) | The method that file encryption is shared | |
| CN109587132B (en) | Data transmission method and device based on alliance chain | |
| EP3289723B1 (en) | Encryption system, encryption key wallet and method | |
| US20190318356A1 (en) | Offline storage system and method of use | |
| CN108985099B (en) | Proxy cloud storage security control method and system based on public key pool | |
| CN108989033B (en) | Cloud storage security control method and system based on public key pool | |
| JP2009103774A (en) | Secret sharing system | |
| CN109151053A (en) | Anti- quantum calculation cloud storage method and system based on public asymmetric key pond | |
| CN105100083B (en) | An attribute-based encryption method and system that protects privacy and supports user revocation | |
| CN109150519A (en) | Anti- quantum calculation cloud storage method of controlling security and system based on public keys pond | |
| EP1673898A1 (en) | Data communication security arrangement and method | |
| CN1939028A (en) | Accessing protected data on network storage from multiple devices | |
| CN109951453A (en) | A kind of safe encryption method based on block chain | |
| CN105072107A (en) | System and method for enhancing data transmission and storage security | |
| CN102025744A (en) | Import and export system of virtual machine image in cloud computing | |
| CN112822255A (en) | Block chain-based mail processing method, mail sending end, receiving end and equipment | |
| CN111262852B (en) | Business card signing and issuing method and system based on block chain | |
| CN103973440A (en) | File cloud security management method and system based on CPK | |
| JP2014175970A (en) | Information distribution system, information processing device, and program | |
| CN109981275A (en) | Data transmission method, device, system, equipment and storage medium | |
| CA3056814A1 (en) | Symmetric cryptographic method and system and applications thereof | |
| CN109299618A (en) | Anti- quantum calculation cloud storage method and system based on quantum key card | |
| CN109302283A (en) | Cloud storage method and system is acted on behalf of in anti-quantum calculation based on public asymmetric key pond | |
| CN117648706B (en) | Access control method based on block chain and attribute encryption | |
| CN102025743A (en) | Method and device for exporting mirror image of virtual machine in cloud computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091230 Termination date: 20180414 |