[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN103067170B - encrypting method based on EXT2 file system - Google Patents

encrypting method based on EXT2 file system Download PDF

Info

Publication number
CN103067170B
CN103067170B CN201210543698.2A CN201210543698A CN103067170B CN 103067170 B CN103067170 B CN 103067170B CN 201210543698 A CN201210543698 A CN 201210543698A CN 103067170 B CN103067170 B CN 103067170B
Authority
CN
China
Prior art keywords
file system
aes
index node
cipher key
key index
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201210543698.2A
Other languages
Chinese (zh)
Other versions
CN103067170A (en
Inventor
陈金强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guowei Group Shenzhen Co ltd
Original Assignee
Shenzhen State Micro Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen State Micro Technology Co Ltd filed Critical Shenzhen State Micro Technology Co Ltd
Priority to CN201210543698.2A priority Critical patent/CN103067170B/en
Publication of CN103067170A publication Critical patent/CN103067170A/en
Application granted granted Critical
Publication of CN103067170B publication Critical patent/CN103067170B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses an encrypting file system based on an EXT2 file system. The encrypting file system based on the EXT2 file system comprises a plurality of block groups, and each block group comprises memory spaces corresponding to the data of a superblock, a block group description list, a block bitmap, a file and catalogue index node bitmap, a file and catalogue index node list and a plurality of data blocks. A plurality of block group description lists are stored in a memory space corresponding to the block group description list. Each block group further comprises a secret key index node bitmap which is arranged behind the file and catalogue index node list and a memory space corresponding to a secret key index node list. The memory space corresponding to the block group description list is further provided with a file system digital certificate (DC). By means of the encrypting file system based on the EXT2 file system, the security of the EXT2 file system is improved. The invention further provides an encrypting method and a deciphering method based on the EXT2 file system.

Description

A kind of encryption method based on EXT2 file system
Technical field
The present invention relates to file system and store Technology On Data Encryption, particularly relate to a kind of encrypted file system based on EXT2 file system, encryption method and decryption method.
Background technology
File system is a kind of method of storage and constituent act and data, and it makes to access it and search to become easy.The memory device that file system uses SD card, USB flash disk, hard disk, SPI FLASH, NOR FLASH, NANDFLASH so usually, and maintenance documentation physical location in a device.A lot of file system only has management document and data function at present, does not have file and data security protecting function.As fruit product uses transparent file system, when product is lost, in product, valuable data is likely illegally used.
Such as, the EXT2 file system being usually used in built-in field provides storage and constituent act and data management, and file and data transparency mode store, and it can not be encrypted file, cause its Information Security not high.
Therefore, how to solve the problem of the data security in EXT2 file system, become current and be badly in need of one of technical problem solved.
Summary of the invention
The object of this invention is to provide a kind of encrypted file system based on EXT2 file system.
For solving technical problem of the present invention, the present invention discloses a kind of encrypted file system based on EXT2 file system, it comprises multiple pieces of groups, and each piece of group comprises memory space corresponding to following data: superblock, block group description list, bitmap block, file and directory inode bitmap, file and directory inode table and multiple data block; Organize in memory space corresponding to description list for described piece and have multiple pieces of group description lists; Wherein, described piece of group comprises further and is positioned at the file memory space corresponding with the cipher key index node bitmap after directory inode table and cipher key index node table, organizes in memory space corresponding to description list for described piece and has file system digital certificate further.
Wherein, described file or directory inode list item comprise " encryption indicator " and " cipher key index numbering " data item further, " encryption indicator " represents whether file or catalogue encrypt, if encryption, can find in corresponding " cipher key index node list item ", " cipher key index node list item " according to the value of " cipher key index node serial number " and there is file or catalogue deciphering relevant information.
Wherein, cipher key index node bitmap is for managing, following the tracks of the service condition of cipher key index node table.
Wherein, described cipher key index node table is made up of cipher key index node table item array, and each cipher key index node list item is made a summary by the plaintext of magic number, version number, AES pattern, digest algorithm pattern, AES key, AES initial vector, encrypted content, retain position (filling zero), random number filler forms.
The present invention also discloses a kind of encryption method based on EXT2 file system, and it comprises:
Step S11: first according to AES key and AES initial vector create-rule algorithm, generates AES key and AES initial vector;
Step S12: according to user's configuration excerpt algorithm pattern, the summary of calculation document or directory content;
Step S13: configure AES pattern according to AES key, AES initial vector, user, encrypt file or catalogue;
Step S14: the information combination of the plaintext of magic number, version number, AES pattern, digest algorithm pattern, AES key, AES initial vector, encrypted content summary is become expressly " cipher key index node list item ";
Step S15: read " file system digital certificate " in internal memory from file system storage device, the validity of checking " file system digital certificate "; If " file system digital certificate " is effective, then extract the public key information in " file system digital certificate ";
Step S16: the plaintext of step S14 " cipher key index node list item " PKI is encrypted to ciphertext " cipher key index node list item " in RSA cryptographic algorithms mode;
Step S17: according to " cipher key index node bitmap " information searching free time " cipher key index node list item ", obtain corresponding " cipher key index numbering " information;
Step S18: the data upgrading " encryption indicator " and " cipher key index node serial number " in " file or directory inode list item ", writes ciphertext in internal memory " cipher key index node list item " in file system storage device according to " cipher key index node serial number ".
In step S11, the value of the beginning 8 of 128 keys of AES is 0x53, and latter 120 are passed through random number CMOS macro cell; The value of the beginning 8 of 128 initial vectors of AES is 0x4D, and latter 120 are passed through random number CMOS macro cell.
In step S12, user's configuration excerpt algorithm pattern adopts SHA1 or SHA256.
In step S13, be electronic codebook mode (ECB) pattern when user configures AES pattern, with AES key, 128 bit data be blocked into file or catalogue and encrypt respectively; Be password packet train (CBC) pattern when user configures AES pattern, 128 bit data be blocked into file or catalogue encrypt in packet train mode with AES key, AES initial vector.
The present invention also provides a kind of decryption method based on EXT2 file system, it is characterized in that comprising:
Step S21: according to the data of " encryption indicator " and " cipher key index node serial number " in access " file or directory inode list item ", read corresponding ciphertext " cipher key index node list item " data in internal memory;
Step S22, ciphertext " cipher key index node list item " the data private key in internal memory to be decrypted into expressly " cipher key index node list item " in RSA decipherment algorithm mode;
Step S23, according to AES key, AES initial vector, AES pattern information declassified document or catalogue in expressly " cipher key index node list item ".
The described decryption method based on EXT2 file system, comprises further:
Step S24: according to digest algorithm type in plaintext " cipher key index node list item ", recalculates the rear file of plaintext of deciphering or the summary of catalogue;
Step S25: whether the summary recalculated in comparison step S24 is consistent with the digest value in plaintext " cipher key index node list item ", if comparative result is consistent, then illustrate that decrypting process is correct, if comparative result is inconsistent, declassified document or directory process failure are then described, prompting is abnormal.
Compared with prior art, because the encrypted file system based on EXT2 file system of the present invention adds file system digital certificate, cipher key index node bitmap and cipher key index node table on the basis of EXT2 file system, adopt file provided by the invention and encrypted directory and decryption method to be encrypted file or catalogue or to decipher, improve the fail safe of EXT2 file system.
Accompanying drawing explanation
Fig. 1 is EXT2 file system structure figure.
Fig. 2 is the encrypted file system structure chart based on EXT2 file system of the present invention.
Fig. 3 is cipher key index list structure figure.
Fig. 4 is file system encryption flow figure.
Fig. 5 is AES key generating structure figure.
Fig. 6 is AES initial vector generating structure figure.
Fig. 7 is file or directory content digest calculations structure chart.
Fig. 8 is file or directory content cryptographic structure figure.
Fig. 9 is file system deciphering flow chart.
Figure 10 is file or directory content deciphering structure chart.
Embodiment
As shown in Figure 1, be the structure chart of EXT2 file system organising data on a storage device.When formaing, first dividing multiple pieces of groups according to capacity of memory device, then comprising independently superblock, block group description list, bitmap block, file and directory inode bitmap, file and directory inode table and multiple data block each piece of group.
The placement data block address of the content record file of file or directory inode list item or the attribute of catalogue and file or catalogue real data.Physical record information is: the time that access mode, owner and group, amount of capacity, establishment or state change, the last reading time, nearest time etc. of revising.
As shown in Figure 2, be the structure chart of the encrypted file system based on EXT2 file system of the present invention organising data on a storage device.It increases safety encipher deciphering relevant information in each piece of group." file system digital certificate " is increased in block group description list; " cipher key index node bitmap ", " cipher key index node table " is increased after file and directory inode table.In order to meet PKIX based on safety requirements, file system digital certificate uses the form of general digital certificate, is convenient to the validity verifying digital certificate.
The data structure of each list item in " cipher key index node table ", as shown in Figure 3, its content has the plaintext summary of magic number, version number, AES pattern, digest algorithm pattern, AES key, AES initial vector, encrypted content, and total length is 2048.
" encryption indicator " and " cipher key index node serial number " data item is increased in file or directory inode list item." encryption indicator " represents whether file or catalogue encrypt, if encryption, can find corresponding " cipher key index node list item " according to the value of " cipher key index node serial number ".There is in " cipher key index node list item " file or catalogue deciphering relevant information.
EXT2 encrypted file system encrypt file or directory process, as shown in Figure 4.
Concrete steps are as follows:
Step S11, need encryption when file or catalogue, first according to AES key and AES initial vector create-rule algorithm, generation AES key and AES initial vector.128 keys of AES: the value starting 8 is 0x53 (in State word the ASCII character of S, as symmetric key identifying information), rear 120 by random number CMOS macro cell, as shown in Figure 5.128 initial vectors of AES: the value starting 8 is 0x4D (in Micro word the ASCII character of M, as initial vector identifying information), rear 120 by random number CMOS macro cell, as shown in Figure 6.
Step S12, according to user's configuration excerpt algorithm pattern, the summary of calculation document or directory content.As shown in Figure 7, when user's configuration excerpt algorithm pattern is SHA1, summary result length be 160 (align forward, after not enough zero padding).When user's configuration excerpt algorithm pattern is SHA256, summary result length is 256.
Step S13, configure AES pattern according to AES key, AES initial vector, user, encrypt file or catalogue, as shown in Figure 8.Be electronic codebook mode (ECB) pattern when user configures AES pattern, with AES key, 128 bit data be blocked into file or catalogue and encrypt respectively.Be password packet train (CBC) pattern when user configures AES pattern, 128 bit data be blocked into file or catalogue encrypt in packet train mode with AES key, AES initial vector.When length for file or catalogue is not the integral multiple of 128, last block mantissa according to this plaintext version directly adds after last group of ciphertext.
Step S14, information combination one-tenth plaintext " cipher key index node list item " that the plaintext of magic number, version number, AES pattern, digest algorithm pattern, AES key, AES initial vector, encrypted content is made a summary.The structure of " cipher key index node list item ", as shown in Figure 3.
Step S15, from file system storage device read " file system digital certificate " in internal memory, checking " file system digital certificate " validity.The inspection aspect of concrete validity: authentication certificate trust chain, confirms that certificate is effective; Look into CRL CRL(Certificate Revocation List), also known as blacklist, check whether certificate is revoked.If " file system digital certificate " is invalid, report is abnormal, stops subsequent file Dynamic System.If " file system digital certificate " is effective, extract public key information in " file system digital certificate ".Improve operational efficiency, during load document system, perform once.
Step S16, the plaintext of step S14 " cipher key index node list item " PKI is encrypted to ciphertext " cipher key index node list item " in RSA cryptographic algorithms mode.
Step S17, basis " cipher key index node bitmap " information searching free time " cipher key index node list item ".If do not found, " cipher key index node list item " is finished, and report is abnormal, current encrypt file or directory process failure.If found, obtain corresponding " cipher key index numbering " information.
The data of " encryption indicator " and " cipher key index node serial number " in step S18, renewal " file or directory inode list item ".According to " cipher key index node serial number ", ciphertext in internal memory " cipher key index node list item " is write in file system storage device.
EXT2 encrypted file system declassified document or directory process, as shown in Figure 9.
Concrete steps are as follows:
Step S21, according to the data of " encryption indicator " and " cipher key index node serial number " in access " file or directory inode list item ", read corresponding ciphertext " cipher key index node list item " data in internal memory.
Step S22, being ready in internal memory, ciphertext " cipher key index node list item " data private key is decrypted into expressly " cipher key index node list item " in RSA decipherment algorithm mode.Whether checking expressly " cipher key index node list item " magic number is effective, if magic number is invalid, possible private key data has problem; Report is abnormal, stops file system decrypting process.If magic number is effective, expressly the data of " cipher key index node list item " are also effective.
Step S23, according to AES key, AES initial vector, AES pattern information declassified document or catalogue in expressly " cipher key index node list item ", as shown in Figure 10.When AES pattern is electronic codebook mode (ECB) pattern, with AES key, 128 bit data is blocked into file or catalogue and deciphers respectively.When AES pattern is password packet train (CBC) pattern, 128 bit data are blocked into file or catalogue decipher in packet train mode with AES key, AES initial vector.When length for file or catalogue is not the integral multiple of 128, last block mantissa, according to being exactly expressly, does not need to process.
Step S24, according to digest algorithm type in expressly " cipher key index node list item ", to recalculate after deciphering the summary of file expressly or catalogue, as shown in Figure 7.When digest algorithm pattern is SHA1, summary result length is 160.When digest algorithm pattern is SHA256, summary result length is 256.
Step S25, comparison step S24 recalculate summary and expressly more whether " cipher key index node list item " middle digest value is consistent.If comparative result is consistent, then decrypting process is correct; If comparative result is inconsistent, then declassified document or directory process failure, report is abnormal, and data may be destroyed.
In sum, because the encrypted file system based on EXT2 file system of the present invention adds file system digital certificate, cipher key index node bitmap and cipher key index node table on the basis of EXT2 file system, adopt file provided by the invention and encrypted directory and decryption method to be encrypted file or catalogue or to decipher, improve the fail safe of EXT2 file system.

Claims (4)

1., based on an encryption method for EXT2 file system, it is characterized in that comprising:
Step S11: first according to AES key and AES initial vector create-rule algorithm, generates AES key and AES initial vector;
Step S12: according to user's configuration excerpt algorithm pattern, the summary of calculation document or directory content;
Step S13: configure AES pattern according to AES key, AES initial vector, user, encrypt file or catalogue;
Step S14: the information combination of the plaintext of magic number, version number, AES pattern, digest algorithm pattern, AES key, AES initial vector, encrypted content summary is become expressly " cipher key index node list item ";
Step S15: read " file system digital certificate " in internal memory from file system storage device, the validity of checking " file system digital certificate "; If " file system digital certificate " is effective, then extract the public key information in " file system digital certificate ";
Step S16: the plaintext of step S14 " cipher key index node list item " PKI is encrypted to ciphertext " cipher key index node list item " in RSA cryptographic algorithms mode;
Step S17: according to " cipher key index node bitmap " information searching free time " cipher key index node list item ", obtain corresponding " cipher key index numbering " information;
Step S18: the data upgrading " encryption indicator " and " cipher key index node serial number " in " file or directory inode list item ", writes ciphertext in internal memory " cipher key index node list item " in file system storage device according to " cipher key index node serial number ".
2. the encryption method based on EXT2 file system according to claim 1, is characterized in that, in step S11, the value of the beginning 8 of 128 keys of AES is 0x53, and latter 120 are passed through random number CMOS macro cell; The value of the beginning 8 of 128 initial vectors of AES is 0x4D, and latter 120 are passed through random number CMOS macro cell.
3. the encryption method based on EXT2 file system according to claim 1, is characterized in that, in step S12, user's configuration excerpt algorithm pattern adopts SHA1 or SHA256.
4. the encryption method based on EXT2 file system according to claim 1, is characterized in that, in step S13, is electronic codebook mode (ECB) pattern, is blocked into 128 bit data encrypts respectively with AES key to file or catalogue when user configures AES pattern; Be password packet train (CBC) pattern when user configures AES pattern, 128 bit data be blocked into file or catalogue encrypt in packet train mode with AES key, AES initial vector.
CN201210543698.2A 2012-12-14 2012-12-14 encrypting method based on EXT2 file system Expired - Fee Related CN103067170B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210543698.2A CN103067170B (en) 2012-12-14 2012-12-14 encrypting method based on EXT2 file system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210543698.2A CN103067170B (en) 2012-12-14 2012-12-14 encrypting method based on EXT2 file system

Publications (2)

Publication Number Publication Date
CN103067170A CN103067170A (en) 2013-04-24
CN103067170B true CN103067170B (en) 2015-04-15

Family

ID=48109641

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210543698.2A Expired - Fee Related CN103067170B (en) 2012-12-14 2012-12-14 encrypting method based on EXT2 file system

Country Status (1)

Country Link
CN (1) CN103067170B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103761487B (en) * 2014-01-27 2017-03-15 宇龙计算机通信科技(深圳)有限公司 The hidden method and device of file
CN103955654A (en) * 2014-04-02 2014-07-30 西北工业大学 USB (Universal Serial Bus) flash disk secure storage method based on virtual file system
TWI554073B (en) * 2014-07-28 2016-10-11 柯呈翰 A multiple encrypting method and system for encrypting a file and/or a protocol
CN106709380A (en) * 2015-07-20 2017-05-24 中国科学院声学研究所 Encryption and decryption method and system capable of aiming at disk data memory area
CN105183401A (en) * 2015-10-30 2015-12-23 深圳市泽云科技有限公司 Method, device and system for recovering data in solid state disk
CN106021466A (en) * 2016-05-17 2016-10-12 浙江大华技术股份有限公司 Data storage method and apparatus
CN106156639A (en) * 2016-06-28 2016-11-23 北京小米移动软件有限公司 Data partition encryption method and device
CN108228647B (en) * 2016-12-21 2022-05-24 伊姆西Ip控股有限责任公司 Method and apparatus for data copying
IL277816B2 (en) * 2018-07-12 2023-11-01 Seclous Gmbh Method for setting up a secure hierarchical referencing system
CN109274663A (en) * 2018-09-07 2019-01-25 西安莫贝克半导体科技有限公司 Communication means based on SM2 dynamic key exchange and SM4 data encryption
CN109657497B (en) * 2018-12-21 2023-06-13 北京思源理想控股集团有限公司 Secure file system and method thereof
CN110557680B (en) * 2019-07-30 2020-11-27 视联动力信息技术股份有限公司 Audio and video data frame transmission method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101159556A (en) * 2007-11-09 2008-04-09 清华大学 Group key server based key management method in sharing encryption file system
CN101247506A (en) * 2007-02-14 2008-08-20 中国科学院声学研究所 File enciphering method and enciphered file structure in digital media broadcasting system
CN102129532A (en) * 2011-03-23 2011-07-20 阮晓迅 Method and system for digital copyright protection

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
MXPA02005662A (en) * 1999-12-07 2004-09-10 Data Foundation Inc Scalable storage architecture.

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101247506A (en) * 2007-02-14 2008-08-20 中国科学院声学研究所 File enciphering method and enciphered file structure in digital media broadcasting system
CN101159556A (en) * 2007-11-09 2008-04-09 清华大学 Group key server based key management method in sharing encryption file system
CN102129532A (en) * 2011-03-23 2011-07-20 阮晓迅 Method and system for digital copyright protection

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于滚动加密在Linux文件系统下的安全存储技术;易飞;《中国优秀硕士学位论文全文数据库》;20101015;正文第2.2节、第3.1.1、3.1.2、3.2.1、3.4.2节,图3-1、3-3 *

Also Published As

Publication number Publication date
CN103067170A (en) 2013-04-24

Similar Documents

Publication Publication Date Title
CN103067170B (en) encrypting method based on EXT2 file system
CN100468438C (en) Encryption and decryption method for realizing hardware and software binding
US11184164B2 (en) Secure crypto system attributes
CN201181472Y (en) Hardware key device and movable memory system
CN101149768B (en) Special processor software encryption and decryption method
US20100005318A1 (en) Process for securing data in a storage unit
CN103701757B (en) Identity authentication method and system for service access
CN109067814B (en) Media data encryption method, system, device and storage medium
CN102355352B (en) Data confidentiality and integrity protection method
CN102904712A (en) Information encrypting method
CN102236756A (en) File encryption method based on TCM (trusted cryptography module) and USBkey
CN110650011A (en) Encryption storage method and encryption storage card based on quantum key
CN103914662A (en) Access control method and device of file encrypting system on the basis of partitions
CN103544453A (en) USB (universal serial bus) KEY based virtual desktop file protection method and device
CN103198264A (en) Method and device for recovering encrypted file system data
CN104410493A (en) Data security storage and reading method based on distributed system infrastructure
CN110298186B (en) Non-key data encryption and decryption method based on dynamic reconfigurable cipher chip
CN102811124B (en) Based on the system Authentication method of two card trigram technology
KR20110067417A (en) Method and apparatus for data encrypting and method and apparatus for data deciphering
CN102270285B (en) Key authorization information management method and device
CN107911221A (en) The key management method of solid-state disk data safety storage
CN102612025A (en) Protective system and protective method for mobile phone documents
CN112787996B (en) Password equipment management method and system
CN100594504C (en) Mobile medium divulgence-proof method based on concealed encrypted partition and PKI technology
CN102270182B (en) Encrypted mobile storage equipment based on synchronous user and host machine authentication

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: 518000 Guangdong Province Shenzhen Nanshan District High-tech Industrial Park South District High-tech Nandao National Micro-R&D Building 1 Floor West Part, 2 Floors

Patentee after: GUOWEI GROUP (SHENZHEN) Co.,Ltd.

Address before: 518000 2F, Shenzhen new high tech Industrial Park, Guangdong, China.

Patentee before: SHENZHEN STATE MICRO TECHNOLOGY Co.,Ltd.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20150415

Termination date: 20211214