CN111324901A - Method for creating and decrypting enterprise security encrypted file - Google Patents
Method for creating and decrypting enterprise security encrypted file Download PDFInfo
- Publication number
- CN111324901A CN111324901A CN202010101508.6A CN202010101508A CN111324901A CN 111324901 A CN111324901 A CN 111324901A CN 202010101508 A CN202010101508 A CN 202010101508A CN 111324901 A CN111324901 A CN 111324901A
- Authority
- CN
- China
- Prior art keywords
- field
- file
- key
- enterprise
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method for creating an enterprise security encrypted file, which comprises the following steps: the method comprises the steps of setting a file header structure body which comprises an enterprise name field, a GUID field, an encrypted file identification field, a file version field, a file operation level field, a department identification field, a random seed field, a key check value field, an encryption algorithm number field and a file owner field, obtaining a key bank on a server, dynamically generating a random number through a random function, generating a key according to the key bank and the random number, storing the file header structure body at the forefront end of a file, executing encryption operation on the file by using the generated key and an encryption algorithm corresponding to the encryption algorithm number field to obtain an encryption result, and storing the encryption result to a position, close to the file header structure body, in the file. The invention can solve the technical problems of poor flexibility, safety, robustness, usability and expandability of the encrypted file in the existing file encryption and decryption system.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a method for creating and decrypting an enterprise security file.
Background
The file encryption and decryption system is widely used commercially at present, and realizes that when an electronic file is opened, the electronic file is automatically decrypted to a memory and is correctly identified by an application program; when the file is stored, the file is automatically encrypted to a magnetic disk, so that the electronic file is prevented from being divulged; even if the electronic file is copied out, the electronic file is still in an encrypted state, so that the requirement of enterprises on the protection of business secrets is solved; in addition, the file transparent encryption and decryption system does not change the original file operation process and is not aware of the user.
However, the encrypted files in the existing file encryption and decryption systems have some technical problems which are not negligible:
1. poor flexibility: the method can not meet various requirements of enterprises, and if the enterprises require encrypted files in office areas and research and development areas, the following effects are achieved: the computer in the research and development area can open the encrypted file in the office area, otherwise, the encrypted file cannot be opened; the computer in the leader role can open the files generated by the computer in the common role, otherwise, the files are not opened.
2. The safety is not strong enough: when a hacker acquires the key of the encrypted file in an exhaustive manner, the files of the whole company are in a dangerous state.
3. The robustness is not strong enough: when the header of the encrypted file is disordered or damaged for various reasons, such as a byte is destroyed or tampered, the encrypted file may be decrypted into an incorrect file, and finally the file cannot be restored, i.e. irreversible damage is formed.
4. Poor usability: when external personnel, such as a third party, cannot open the encrypted file after taking the encrypted file, the file may be considered damaged, and no friendly prompt information is displayed.
5. The expandability is not strong: with the development of information technology, the algorithm of the encrypted file needs to be upgraded in time, so that the file in the original encryption format cannot be compatible, and the like.
Disclosure of Invention
In view of the above drawbacks or needs for improvement of the prior art, the present invention provides a method for creating and decrypting an enterprise security file, which aims to solve the technical problems of poor flexibility, security, robustness, usability and extensibility in an encrypted file in the existing file encryption and decryption system.
To achieve the above object, according to one aspect of the present invention, there is provided a method for creating an enterprise-secure encrypted file, comprising the steps of:
(1) setting a file header structure body which comprises an enterprise name field, a GUID field, an encrypted file identification field, a file version field, a file operation level field, a department identification field, a random seed field, a key check value field, an encryption algorithm number field and a file owner field; the system comprises an enterprise name field, a GUID field, an encrypted file identification field, a department identification field, a random seed field, a key check value field, an encryption algorithm number field and a file owner field, wherein the enterprise name field is used for recording the full name of an enterprise, the GUID field is used for recording the GUID value of the enterprise, the encrypted file identification field is used for marking whether the file is an encrypted file, the department identification field is used for recording the department identification information of the file, the random seed field is used for recording the random seed corresponding to the file, the key check value field is used for recording the check value corresponding to the key for encrypting the file, namely the check value corresponding to the key is formed after the key is generated according to the random seed and a key bank, the encryption algorithm number field;
(2) acquiring a key bank (1024 bytes) on a server, dynamically generating a random number through a random function srand generating a 256-byte key according to the key bank and the random number;
(3) and storing a file header structure body provided with an enterprise name field, a GUID field, an encrypted file identification field, a file version field, a file operation level field, a department identification field, a random seed field, a key verification value field, an encryption algorithm number field and a file owner field at the forefront of the file.
(4) And (3) performing encryption operation on the file by using the key generated in the step (2) and the encryption algorithm corresponding to the encryption algorithm number field to obtain an encryption result, and storing the encryption result to a position in the file, which is close to the file header structure.
Preferably, the enterprise name field occupies 100 bytes, so that when the file cannot be opened, a user can recognize that the file is in an encrypted state through the field; the GUID field occupies 40 bytes to uniquely distinguish one enterprise and realize file isolation among a plurality of enterprises; the encrypted file identification field occupies 16 bytes; the file version field occupies 4 bytes and is used for scheduling compatible processing after the file header structure body is upgraded; the file operation level field occupies 4 bytes and is used for realizing that clients of different levels execute opening operation on the file; the department identification field occupies 4 bytes and is used for realizing the opening operation of different departments on the file; the random seed field occupies 4 bytes, and the key of each file is generated according to the key bank and the random seed by using a random algorithm, so that the keys of all files are different; the key check value field occupies 4 bytes; the encryption algorithm number field occupies 4 bytes, and the encryption algorithm of each file is randomly selected from the algorithm library and is used for preventing the file from being in a dangerous state after being maliciously cracked; the file owner field takes 100 bytes and is traceable.
According to another aspect of the present invention, there is provided a system for creating an enterprise-secure encrypted file, comprising:
the file header structure comprises an enterprise name field, a GUID field, an encrypted file identification field, a file version field, a file operation level field, a department identification field, a random seed field, a key check value field, an encryption algorithm number field and a file owner field; the system comprises an enterprise name field, a GUID field, an encrypted file identification field, a department identification field, a random seed field, a key check value field, an encryption algorithm number field and a file owner field, wherein the enterprise name field is used for recording the full name of an enterprise, the GUID field is used for recording the GUID value of the enterprise, the encrypted file identification field is used for marking whether the file is an encrypted file, the department identification field is used for recording the department identification information of the file, the random seed field is used for recording the random seed corresponding to the file, the key check value field is used for recording the check value corresponding to the key for encrypting the file, namely the check value corresponding to the key is formed after the key is generated according to the random seed and a key bank, the encryption algorithm number field;
the second module is used for acquiring a key bank on the server, dynamically generating a random number through a random function srand, and generating a 256-byte key according to the key bank and the random number;
and the third module is used for storing the file header structure body provided with the enterprise name field, the GUID field, the encrypted file identification field, the file version field, the file operation level field, the department identification field, the random seed field, the key check value field, the encryption algorithm number field and the file owner field at the forefront of the file.
And the fourth module is used for performing encryption operation on the file by using the key generated by the second module and the encryption algorithm corresponding to the encryption algorithm number field to obtain an encryption result, and storing the encryption result to a position, close to the file header structure, in the file.
According to another aspect of the present invention, there is provided a method for decrypting the above-mentioned enterprise security encrypted file, comprising the steps of:
(1) reading a file header structure of a file to obtain all fields in the file header structure;
(2) judging whether the obtained encrypted file identification field is the same as a first preset value stored in the client side, if not, indicating that the file is not an enterprise security encrypted file, and ending the process, otherwise, entering the step (3);
(3) and judging whether the obtained GUID field is the same as a second preset value stored in the client side, if not, indicating that the file is not an enterprise security encrypted file, and ending the process. Otherwise, entering the step (4);
(4) judging whether the obtained file operation level field, the obtained department identification field and the obtained file owner field are respectively matched with a third preset value, a fourth preset value and a fifth preset value stored in the client, if not, indicating that no authority is available to decrypt the file, and if not, entering the step (5);
(5) acquiring a key bank from a server, and generating a key according to the random seed in the acquired random seed field and the key bank;
(6) generating a check value for the key generated in the step (5), judging whether the check value is matched with the obtained key check value field, if not, indicating that the structure of the file header is damaged and the file cannot be decrypted, and ending the process, otherwise, entering the step (7);
(7) and (5) performing decryption operation on the file by using the key generated in the step (5) and the algorithm corresponding to the obtained encryption algorithm number field to obtain a decryption result.
According to still another aspect of the present invention, there is provided a system for decrypting the above-mentioned enterprise security encrypted file, comprising:
the first module is used for reading a file header structure of a file to acquire all fields in the file header structure;
the second module is used for judging whether the obtained encrypted file identification field is the same as a first preset value stored in the client side or not, if not, the file is indicated to be not an enterprise security encrypted file, the process is finished, otherwise, the third module is entered;
and the third module is used for judging whether the obtained GUID field is the same as a second preset value stored in the client, and if the obtained GUID field is different from the second preset value, the file is not an enterprise security encrypted file, and the process is ended. Otherwise, entering a fourth module;
the fourth module is used for judging whether the acquired file operation level field, the acquired department identification field and the acquired file owner field are respectively matched with a third preset value, a fourth preset value and a fifth preset value stored in the client, if the acquired file operation level field, the department identification field and the acquired file owner field are not matched with the third preset value, the fourth preset value and the fifth preset value, the file is decrypted without permission, the process is finished, and otherwise, the fifth module is started;
a fifth module, configured to obtain a key store from the server, and generate a key according to the random seed in the obtained random seed field and the key store;
a sixth module, configured to generate a check value for the key generated by the fifth module, and determine whether the check value matches the obtained key check value field, if the check value does not match the obtained key check value field, it indicates that the file header structure is damaged, the file cannot be decrypted, and the process is ended, otherwise, the seventh module is entered;
and the seventh module is used for executing decryption operation on the file by using the key generated by the fifth module and the algorithm corresponding to the acquired encryption algorithm number field to obtain a decryption result.
In general, compared with the prior art, the above technical solution contemplated by the present invention can achieve the following beneficial effects:
(1) because the step (1) is adopted in the creating process and the step (4) is adopted in the decrypting process, the operation level field, the department identification field and the file owner field of the file are compared, and various authority requirements of enterprises can be met, and the technical problem that the existing method is poor in flexibility can be solved.
(2) Because the invention adopts the steps (1) to (3), the key is generated according to different random numbers for each file, different encryption algorithms are randomly adopted to encrypt the files, and the encryption key and the encryption algorithm of each file are different, the technical problem that the safety of the existing method is not strong enough can be solved.
(3) Because the step (1) is adopted in the creating process and the step (6) is adopted in the decrypting process, the check value of the key needs to be checked before the file is decrypted, namely the correctness of the key is checked, and therefore, the technical problem that the existing method is not strong enough in robustness can be solved.
(4) The invention adopts the step (1) of recording the name information of the enterprise to which the current file belongs, and displaying the name information of the enterprise when the file cannot be normally opened, thereby solving the technical problem of poor usability of the existing method.
(5) Because the invention adopts the step (1), the recorded file header has the residual part which is used as the reserved field for later expansion, thereby solving the technical problem of poor expandability of the existing method.
Drawings
FIG. 1 is a schematic diagram of the fields created in step (1) of the method of the present invention for creating an enterprise-secure encrypted file.
FIG. 2 is a flow diagram of a method of the present invention for creating an enterprise-secure encrypted file.
FIG. 3 is a flow chart of a method of the present invention for decrypting an enterprise secure encrypted file.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
As shown in FIG. 2, the present invention provides a method for creating an enterprise secure encrypted file, comprising the steps of:
(1) setting a file header structure body which comprises an enterprise name field, a Globally Unique Identifier (GUID) field, an encrypted file identification field, a file version field, a file operation level field, a department identification field, a random seed field, a key check value field, an encryption algorithm number field and a file owner field;
as shown in fig. 1, the 10 fields are sequentially marked with numbers ① to ⑩.
Specifically, the size of the file structure provided by the invention is 4 kbytes, namely 4096 bytes, and a plurality of variables are arranged in the file structure and respectively record corresponding control information.
The enterprise name field is used for recording the full name of an enterprise, and occupies 100 bytes, so that when a file cannot be opened, a user can easily identify that the file is in an encrypted state of a certain enterprise through the field, but not in a damaged state of the file.
For example, the enterprise name field may be a name such as "china mechanical industries group limited.
The GUID field is used to record a GUID value for a business, which takes 40 bytes to uniquely distinguish one business and enable file isolation between multiple businesses.
For example, the GUID field may be a field such as "63D 40388-E758476BA6FA0F5944F1E 13B".
The encrypted file identification field is used to mark whether the file is an encrypted file, which is a string of binary values and takes 16 bytes. When the subsequent client needs to decrypt the encrypted file, the value in the field is read firstly and compared with the preset value stored in the client, if the value is equal to the preset value, the file is an encrypted file, otherwise, the file is not the encrypted file.
For example, the encrypted file identification field may be "\ x98\ x53\ x64\ x58\ x2D \ x25\ x18\ x0E \ x9E \ x54\ x43\ x26\ x01\ xB5\ xC5\ xA 7";
the file version field is used for marking the version information of the file header structure body, and occupies 4 bytes, so that the file header structure body can be compatibly processed after being upgraded.
For example, the file version field may be, for example, "1" which indicates that the header structure is the first version.
The file operation level field is used for recording the operation level information of the file, occupies 4 bytes, and is used for realizing that the computer of a superior leader can open the encrypted file generated by the computer of a subordinate employee, and the computer of the subordinate employee cannot open the encrypted file generated by the superior leader;
for example, the file operation level field may be, for example, "100".
The department identification field is used for recording the department identification information of the file, occupies 4 bytes and is used for realizing department isolation, namely, the computer of the A department can open the encrypted file of the computer of the B department, otherwise, the encrypted file cannot be opened.
For example, the department identification field may be, for example, "10".
The random seed field is used for recording random seeds corresponding to the files, the random seeds occupy 4 bytes, the secret key of each file is generated according to the secret key library and the random seeds by using a random algorithm, the secret keys of all the files are different, and all the files are prevented from being in a dangerous state after being maliciously cracked by a hacker. It is noted that the keystore and the resulting keys are not stored in the header in order to reduce security risks.
For example, the key seed field may be a random number such as "4589".
The key check value field is used for recording a check value corresponding to a key for encrypting the file, namely, the check value corresponding to the key is formed after the key is generated according to the random seed and the key base, and occupies 4 bytes.
Before a subsequent client decrypts a file, whether a check value of a key character string dynamically generated by the client is equal to a value in a key check value field or not needs to be checked, and if the check value is not equal to the value in the key check value field, the file cannot be decrypted, so that the file is prevented from being decrypted by an incorrect key after being damaged or maliciously tampered, and further irreversible damage is caused.
For example, the key check value field may be a field such as "5689632".
The encryption algorithm number field is used for recording an encryption algorithm used for encrypting the file, the encryption algorithm occupies 4 bytes, the encryption algorithm of each file is randomly selected from an algorithm library, and the file is prevented from being in a dangerous state after being maliciously cracked.
For example, the encryption algorithm number field may be, for example, "2".
The file owner field records the owner of the file, which takes 100 bytes and is traceable.
For example, the file owner field may be a field such as "ZhangS 01".
For the rest of the file header, it is used as a reserved field for later extension.
(2) Acquiring a key bank (1024 bytes) on a server, dynamically generating a random number through a random function srand generating a 256-byte key according to the key bank and the random number;
(3) a file header structure, in which an enterprise name field, a GUID field, an encrypted file identification field, a file version field, a file operation level field, a department identification field, a random seed field, a key check value field, an encryption algorithm number field, and a file owner field are set, is stored at the forefront of the file (i.e., the first 4096 bytes).
(4) Performing encryption operation on the file by using the key generated in the step (2) and the encryption algorithm corresponding to the encryption algorithm number field to obtain an encryption result, and storing the encryption result to a position in the file, which is close to the file header structure;
as shown in fig. 3, the present invention further provides a method for decrypting the created enterprise security encrypted file, including the following steps:
(1) reading a file header structure (the first 4096 bytes) of a file to obtain all fields in the file header structure;
(2) judging whether the obtained encrypted file identification field is the same as a first preset value stored in the client side, if not, indicating that the file is not an enterprise security encrypted file, and ending the process, otherwise, entering the step (3);
specifically, the first preset value may be "\\ x98\ x53\ x64\ x58\ x2D \ x25\ x18\ x0E \ x9E \ x54\ x43\ x26\ x01\ xB5\ xC5\ xA 7", for example.
(3) And judging whether the obtained GUID field is the same as a second preset value stored in the client side, if not, indicating that the file is not an enterprise security encrypted file, and ending the process. Otherwise, entering the step (4);
specifically, the second preset value may be, for example, "63D 40388-E758476BA6FA0F5944F1E 13B".
(4) Judging whether the obtained file operation level field, the obtained department identification field and the obtained file owner field are respectively matched with a third preset value, a fourth preset value and a fifth preset value stored in the client, if not, indicating that no authority is available to decrypt the file, and if not, entering the step (5);
(5) acquiring a key database (1024 bytes) from a server, and generating a 256-byte key according to the random seed in the acquired random seed field and the key database;
specifically, a 256-byte key is a random algorithm (keystore + random seed).
(6) Generating a check value for the key generated in the step (5), judging whether the check value is matched with the obtained key check value field, if not, indicating that the structure of the file header is damaged and the file cannot be decrypted, and ending the process, otherwise, entering the step (7);
(7) and (5) performing decryption operation on the file by using the key generated in the step (5) and the algorithm corresponding to the obtained encryption algorithm number field to obtain a decryption result.
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (5)
1. A method for creating an enterprise-secure encrypted file, comprising the steps of:
(1) setting a file header structure body which comprises an enterprise name field, a GUID field, an encrypted file identification field, a file version field, a file operation level field, a department identification field, a random seed field, a key check value field, an encryption algorithm number field and a file owner field; the system comprises an enterprise name field, a GUID field, an encrypted file identification field, a department identification field, a random seed field, a key check value field, an encryption algorithm number field and a file owner field, wherein the enterprise name field is used for recording the full name of an enterprise, the GUID field is used for recording the GUID value of the enterprise, the encrypted file identification field is used for marking whether the file is an encrypted file, the department identification field is used for recording the department identification information of the file, the random seed field is used for recording the random seed corresponding to the file, the key check value field is used for recording the check value corresponding to the key for encrypting the file, namely the check value corresponding to the key is formed after the key is generated according to the random seed and a key bank, the encryption algorithm number field;
(2) acquiring a key bank on a server, dynamically generating a random number through a random function, and generating a key according to the key bank and the random number;
(3) and storing a file header structure body provided with an enterprise name field, a GUID field, an encrypted file identification field, a file version field, a file operation level field, a department identification field, a random seed field, a key verification value field, an encryption algorithm number field and a file owner field at the forefront of the file.
(4) And (3) performing encryption operation on the file by using the key generated in the step (2) and the encryption algorithm corresponding to the encryption algorithm number field to obtain an encryption result, and storing the encryption result to a position in the file, which is close to the file header structure.
2. The method of claim 1,
the enterprise name field occupies 100 bytes, so that when the file cannot be opened, a user can recognize that the file is in an encrypted state through the field;
the GUID field occupies 40 bytes to uniquely distinguish one enterprise and realize file isolation among a plurality of enterprises;
the encrypted file identification field occupies 16 bytes;
the file version field occupies 4 bytes and is used for scheduling compatible processing after the file header structure body is upgraded;
the file operation level field occupies 4 bytes and is used for realizing that clients of different levels execute opening operation on the file;
the department identification field occupies 4 bytes and is used for realizing the opening operation of different departments on the file;
the random seed field occupies 4 bytes, and the key of each file is generated according to the key bank and the random seed by using a random algorithm, so that the keys of all files are different;
the key check value field occupies 4 bytes;
the encryption algorithm number field occupies 4 bytes, and the encryption algorithm of each file is randomly selected from the algorithm library and is used for preventing the file from being in a dangerous state after being maliciously cracked;
the file owner field takes 100 bytes and is traceable.
3. A system for creating an enterprise-secure encrypted file, comprising:
the file header structure comprises an enterprise name field, a GUID field, an encrypted file identification field, a file version field, a file operation level field, a department identification field, a random seed field, a key check value field, an encryption algorithm number field and a file owner field; the system comprises an enterprise name field, a GUID field, an encrypted file identification field, a department identification field, a random seed field, a key check value field, an encryption algorithm number field and a file owner field, wherein the enterprise name field is used for recording the full name of an enterprise, the GUID field is used for recording the GUID value of the enterprise, the encrypted file identification field is used for marking whether the file is an encrypted file, the department identification field is used for recording the department identification information of the file, the random seed field is used for recording the random seed corresponding to the file, the key check value field is used for recording the check value corresponding to the key for encrypting the file, namely the check value corresponding to the key is formed after the key is generated according to the random seed and a key bank, the encryption algorithm number field;
the second module is used for acquiring a key bank on the server, dynamically generating a random number through a random function, and generating a key according to the key bank and the random number;
and the third module is used for storing the file header structure body provided with the enterprise name field, the GUID field, the encrypted file identification field, the file version field, the file operation level field, the department identification field, the random seed field, the key check value field, the encryption algorithm number field and the file owner field at the forefront of the file.
And the fourth module is used for performing encryption operation on the file by using the key generated by the second module and the encryption algorithm corresponding to the encryption algorithm number field to obtain an encryption result, and storing the encryption result to a position, close to the file header structure, in the file.
4. A method for decrypting an enterprise-secure encrypted file according to any one of claims 1 to 3, comprising the steps of:
(1) reading a file header structure of a file to obtain all fields in the file header structure;
(2) judging whether the obtained encrypted file identification field is the same as a first preset value stored in the client side, if not, indicating that the file is not an enterprise security encrypted file, and ending the process, otherwise, entering the step (3);
(3) and judging whether the obtained GUID field is the same as a second preset value stored in the client side, if not, indicating that the file is not an enterprise security encrypted file, and ending the process. Otherwise, entering the step (4);
(4) judging whether the obtained file operation level field, the obtained department identification field and the obtained file owner field are respectively matched with a third preset value, a fourth preset value and a fifth preset value stored in the client, if not, indicating that no authority is available to decrypt the file, and if not, entering the step (5);
(5) acquiring a key bank from a server, and generating a key according to the random seed in the acquired random seed field and the key bank;
(6) generating a check value for the key generated in the step (5), judging whether the check value is matched with the obtained key check value field, if not, indicating that the structure of the file header is damaged and the file cannot be decrypted, and ending the process, otherwise, entering the step (7);
(7) and (5) performing decryption operation on the file by using the key generated in the step (5) and the algorithm corresponding to the obtained encryption algorithm number field to obtain a decryption result.
5. A system for decrypting an enterprise-secure encrypted file according to any one of claims 1 to 3, comprising:
the first module is used for reading a file header structure of a file to acquire all fields in the file header structure;
the second module is used for judging whether the obtained encrypted file identification field is the same as a first preset value stored in the client side or not, if not, the file is indicated to be not an enterprise security encrypted file, the process is finished, otherwise, the third module is entered;
and the third module is used for judging whether the obtained GUID field is the same as a second preset value stored in the client, and if the obtained GUID field is different from the second preset value, the file is not an enterprise security encrypted file, and the process is ended. Otherwise, entering a fourth module;
the fourth module is used for judging whether the acquired file operation level field, the acquired department identification field and the acquired file owner field are respectively matched with a third preset value, a fourth preset value and a fifth preset value stored in the client, if the acquired file operation level field, the department identification field and the acquired file owner field are not matched with the third preset value, the fourth preset value and the fifth preset value, the file is decrypted without permission, the process is finished, and otherwise, the fifth module is started;
a fifth module, configured to obtain a key store from the server, and generate a key according to the random seed in the obtained random seed field and the key store;
a sixth module, configured to generate a check value for the key generated by the fifth module, and determine whether the check value matches the obtained key check value field, if the check value does not match the obtained key check value field, it indicates that the file header structure is damaged, the file cannot be decrypted, and the process is ended, otherwise, the seventh module is entered;
and the seventh module is used for executing decryption operation on the file by using the key generated by the fifth module and the algorithm corresponding to the acquired encryption algorithm number field to obtain a decryption result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010101508.6A CN111324901A (en) | 2020-02-19 | 2020-02-19 | Method for creating and decrypting enterprise security encrypted file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010101508.6A CN111324901A (en) | 2020-02-19 | 2020-02-19 | Method for creating and decrypting enterprise security encrypted file |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111324901A true CN111324901A (en) | 2020-06-23 |
Family
ID=71163478
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010101508.6A Withdrawn CN111324901A (en) | 2020-02-19 | 2020-02-19 | Method for creating and decrypting enterprise security encrypted file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111324901A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112100631A (en) * | 2020-08-11 | 2020-12-18 | 福建天泉教育科技有限公司 | Processing method and terminal for judging encryption of PPTX (Power Point X) document |
| CN112199703A (en) * | 2020-10-22 | 2021-01-08 | 福建天晴数码有限公司 | Web data dynamic encryption transmission method and system based on client |
| CN112241538A (en) * | 2020-09-27 | 2021-01-19 | 上海连尚网络科技有限公司 | Method and equipment for generating encrypted file |
| CN113792319A (en) * | 2021-09-18 | 2021-12-14 | 深圳须弥云图空间科技有限公司 | File encryption method and device, storage medium and electronic equipment |
| CN116305193A (en) * | 2023-02-10 | 2023-06-23 | 广州通则康威智能科技有限公司 | Encryption configuration file generation method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102819704A (en) * | 2012-07-20 | 2012-12-12 | 北京亿赛通科技发展有限责任公司 | Document copyright protection method for intelligent terminal |
| CN102930225A (en) * | 2012-10-25 | 2013-02-13 | 中国航天科工集团第二研究院七〇六所 | Electronic document access control method based on confidential identifier |
| CN106650482A (en) * | 2015-11-04 | 2017-05-10 | 阿里巴巴集团控股有限公司 | Electronic file encryption method and device, electronic file decryption method and device and electronic file encryption and decryption system |
-
2020
- 2020-02-19 CN CN202010101508.6A patent/CN111324901A/en not_active Withdrawn
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102819704A (en) * | 2012-07-20 | 2012-12-12 | 北京亿赛通科技发展有限责任公司 | Document copyright protection method for intelligent terminal |
| CN102930225A (en) * | 2012-10-25 | 2013-02-13 | 中国航天科工集团第二研究院七〇六所 | Electronic document access control method based on confidential identifier |
| CN106650482A (en) * | 2015-11-04 | 2017-05-10 | 阿里巴巴集团控股有限公司 | Electronic file encryption method and device, electronic file decryption method and device and electronic file encryption and decryption system |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112100631A (en) * | 2020-08-11 | 2020-12-18 | 福建天泉教育科技有限公司 | Processing method and terminal for judging encryption of PPTX (Power Point X) document |
| CN112100631B (en) * | 2020-08-11 | 2022-09-06 | 福建天泉教育科技有限公司 | Processing method and terminal for judging encryption of PPTX (Power Point X) document |
| CN112241538A (en) * | 2020-09-27 | 2021-01-19 | 上海连尚网络科技有限公司 | Method and equipment for generating encrypted file |
| CN112199703A (en) * | 2020-10-22 | 2021-01-08 | 福建天晴数码有限公司 | Web data dynamic encryption transmission method and system based on client |
| CN112199703B (en) * | 2020-10-22 | 2022-09-06 | 福建天晴数码有限公司 | Web data dynamic encryption transmission method and system based on client |
| CN113792319A (en) * | 2021-09-18 | 2021-12-14 | 深圳须弥云图空间科技有限公司 | File encryption method and device, storage medium and electronic equipment |
| CN116305193A (en) * | 2023-02-10 | 2023-06-23 | 广州通则康威智能科技有限公司 | Encryption configuration file generation method and device |
| CN116305193B (en) * | 2023-02-10 | 2024-01-26 | 广州通则康威科技股份有限公司 | Encryption configuration file generation method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111324901A (en) | Method for creating and decrypting enterprise security encrypted file | |
| JP4759513B2 (en) | Data object management in dynamic, distributed and collaborative environments | |
| CN102945355B (en) | Fast Data Encipherment strategy based on sector map is deferred to | |
| CN1329909C (en) | Secure single drive copy method and apparatus | |
| TW514844B (en) | Data processing system, storage device, data processing method and program providing media | |
| US7770213B2 (en) | Method and apparatus for securely forgetting secrets | |
| CN102855452B (en) | Fast Data Encipherment strategy based on encryption chunk is deferred to | |
| US20080104417A1 (en) | System and method for file encryption and decryption | |
| US20090196417A1 (en) | Secure disposal of storage data | |
| US20180357393A1 (en) | Encryption method for digital data memory card and assembly for performing the same | |
| CN109308421B (en) | Information tamper-proofing method and device, server and computer storage medium | |
| JP2007510209A (en) | How to ensure the integrity of a data record set | |
| US9251007B1 (en) | Data storage arrangement and key distribution | |
| US11909859B2 (en) | Removing access to blockchain data | |
| JP4266412B2 (en) | Data storage system | |
| JP2008160485A (en) | Document management system, document managing method, document management server, work terminal, and program | |
| CN112395627A (en) | Encryption and decryption method, device and storage medium | |
| JP2006172351A (en) | Method and system for content expiration date management by use of removable medium | |
| US7421078B2 (en) | Valid medium management system | |
| CN101099207B (en) | Portable data support with watermark function | |
| JP2003091240A (en) | Method for managing enciphered information | |
| CN111404662B (en) | Data processing method and device | |
| CN100421090C (en) | Storing component data protecting method and system | |
| CA2563144C (en) | System and method for file encryption and decryption | |
| JP4899196B2 (en) | Data management system, terminal computer, management computer, data management method and program thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20200623 |