CN118260775A - Method for controlling authority of encrypted file - Google Patents
Method for controlling authority of encrypted file Download PDFInfo
- Publication number
- CN118260775A CN118260775A CN202211682081.9A CN202211682081A CN118260775A CN 118260775 A CN118260775 A CN 118260775A CN 202211682081 A CN202211682081 A CN 202211682081A CN 118260775 A CN118260775 A CN 118260775A
- Authority
- CN
- China
- Prior art keywords
- key
- file
- authority
- field
- size
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 16
- 238000000547 structure data Methods 0.000 claims description 2
- 238000005336 cracking Methods 0.000 abstract description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
- G06Q10/103—Workflow collaboration or project management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Human Resources & Organizations (AREA)
- Entrepreneurship & Innovation (AREA)
- Economics (AREA)
- Databases & Information Systems (AREA)
- General Business, Economics & Management (AREA)
- Tourism & Hospitality (AREA)
- Quality & Reliability (AREA)
- Operations Research (AREA)
- Marketing (AREA)
- Data Mining & Analysis (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method for controlling authority of an encrypted file, which comprises the following steps: defining a structure body for storing information required by encryption and decryption and authority; and II: the administrator distributes and distributes one or more pieces of random binary data for different department computers, and the random binary data are used as key fields and stored in the local computer; thirdly,: when encrypting the file, generating a real encryption key according to the key field, and writing the key field and the rest of the structural body into the encrypted file head; fourth, the method comprises the following steps: when a user needs to decrypt the file, judging whether the file is an encrypted file or not by checking the structural body, and if not, not executing decryption operation; if yes, the key is read and compared with the key stored in the computer, if the key has an intersection, the key is judged to have authority to decrypt, and if the key has no intersection, the key is judged to have no authority to decrypt. The invention realizes more flexible control of file authority, small occupied data volume, and easy expansion and difficult cracking of the authority and key generation algorithm.
Description
Technical Field
The invention relates to a method for controlling authority of an encrypted file, belonging to the technical field of file encryption and decryption authority management.
Background
In the safe use process of the terminal computer, files are required to be encrypted, and files which flow to other departments are subjected to authority control through management mechanisms such as secret keys. For example, a certain file under the financial department can only be decrypted and opened under the financial department after being encrypted, and other departments cannot normally decrypt and open under the logistic department. And the financial department and the logistics department can decrypt and open a certain file after encrypting the file.
The relevant information such as encryption and authority control of the file is stored by opening a section of space at the head or the tail of the file. Most of the existing implementation methods directly write the information such as department ID, secret key and the like into the encrypted file as is. The written department IDs have limited numbers, the authorities are not easy to allocate and expand, and the occupied data is more. The secret key is stored in the encrypted file and is easy to crack and compromise.
Disclosure of Invention
In order to solve the problems, the invention provides a method for controlling the authority of an encrypted file, which has the following specific technical scheme,
A method of controlling rights to an encrypted file, comprising the steps of:
Step one: defining a structure body for storing information required by encryption and decryption and authority;
step two: the administrator distributes and distributes one or more pieces of random binary data for different department computers, and the random binary data are used as key fields and stored in the local computer;
Step three: when encrypting the file, generating a real encryption key through operation according to the key field, and writing the key field and the residual field of the structural body into the encrypted file head;
Step four: when a user needs to decrypt the file, judging whether the file is an encrypted file or not by checking the structural body, and if not, not executing decryption operation; if yes, the key is read and compared with the key stored in the computer, if the key has an intersection, the key is judged to have authority to decrypt, and if the key has no intersection, the key is judged to have no authority to decrypt.
Preferably, the structure includes a magic field, crcsum field, a key field, an encrypted_size, and an original_size field.
Further, the magic field is an int32_t type, four-byte size, fixed field, and is used for judging whether the file is an encrypted file.
Further, the crcsum field is of the int32_t type, four bytes in size, and crc check, which is used for checking the structure data and preventing tampering.
Further, the key is an int32_t array, the default array size is 16, and the information required by judging the authority and generating the decryption key is judged.
Further, the encrypted_size and the original_size are of the type int64_t, and are used for recording the sizes of plaintext and ciphertext files.
The invention realizes more flexible control of file authority, small occupied data volume, easy expansion of authority and key generation algorithm, difficult cracking, flexible control of encrypted file authority without storing real key, and no relation with platform, and supports all operating systems.
Drawings
FIG. 1 is a flow chart of the operation of the present invention for encrypting a file.
Fig. 2 is a flowchart of the present invention for decrypting a file.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The technical terms related to the invention are explained as follows:
encryption and decryption: through an algorithm, the plaintext and the ciphertext are converted with each other;
Secret key: a parameter, a parameter entered in an algorithm for interconversion between plaintext and ciphertext.
As shown in fig. 1 and 2, a method for controlling authority of an encrypted file is specifically implemented as follows:
Step one: defining a C/C++ language structure body for storing information required by encryption and decryption and authority; the structure includes a mac field, crcsum field, keys field, encrypted_size, and original_size field.
The magic field is of the type int32_t, four bytes in size, and is a fixed field, the invention is fixed to 0x67647362, and the abbreviation of the corresponding character string "gdsb", namely "goldsandbox", is used for judging whether the file is an encrypted file.
The crcsum field is of the type int32_t, four bytes in size and crc check, and is used for checking structural data and preventing tampering.
And the key is an int32_t array, the default array size is 16, and the information required by judging the authority and generating the decryption key is judged.
The encrypted_size and the original_size are of the type int64_t, and are used for recording the sizes of plaintext and ciphertext files.
Step two: an administrator distributes and distributes one or more random binary data to different department computers according to the authority strategy to serve as a key field;
Step three: when encrypting the file, generating a real encryption key through operation according to the key field, writing the key field and the rest field of the structure body into an encrypted file header, and writing the encrypted content into the back of the file header;
Step four: when a user needs to decrypt the file, judging whether the file is an encrypted file or not by checking the structural body, and if not, not executing decryption operation; if yes, the key is read and compared with the key stored in the computer, if the key has an intersection, the key is judged to have authority to decrypt, and if the key has no intersection, the key is judged to have no authority to decrypt.
Taking the encrypted file of the department A, the department B has no authority, the department C can have the authority of the encrypted file of the department A and the department B at the same time as an example, the processing flow of the scheme is as follows:
The administrator issues random authority data, department A is 0xaaaaaaaa, department B is 0xbbbbbbbb, and department C is a collection of department A and department B, namely 0xaaaaaaaa and 0xbbbbbbbb;
The department a encrypts a file, such as a playltext, txt, and fills a corresponding structure field, wherein the key field is rights data 0xaaaaaaaa of the department a, generates an encryption key, such as [ 0xabcdef ], by using an algorithm (exclusive or algorithm) through the rights data, encrypts the playltext, txt, and stores the encrypted data as encrypted.
When the encrypt.txt file is to be decrypted, reading the file header structure content, wherein the acquired key is 0xaaaaaaaa, and if the current computer is department B, 0xaaaaaaaa is not intersected with the key of department B, namely 0xbbbbbbbb, and decryption cannot be performed; if the current computer is department C, 0xaaaaaaaa has a common intersection, namely 0xaaaaaaaa, if the key of department C, then decryption can be performed normally, and a decryption key is generated through 0xaaaaaaaa, namely [ 0xabcdef ].
Although the present invention has been described with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described, or equivalents may be substituted for elements thereof, and any modifications, equivalents, improvements and changes may be made without departing from the spirit and principles of the present invention.
Claims (6)
1. A method for controlling rights of an encrypted file, comprising the steps of:
Step one: defining a structure body for storing information required by encryption and decryption and authority;
step two: the administrator distributes and distributes one or more pieces of random binary data for different department computers, and the random binary data are used as key fields and stored in the local computer;
Step three: when encrypting the file, generating a real encryption key through operation according to the key field, and writing the key field and the residual field of the structural body into the encrypted file head;
Step four: when a user needs to decrypt the file, judging whether the file is an encrypted file or not by checking the structural body, and if not, not executing decryption operation; if yes, the key is read and compared with the key stored in the computer, if the key has an intersection, the key is judged to have authority to decrypt, and if the key has no intersection, the key is judged to have no authority to decrypt.
2. The method of claim 1, wherein the structure body includes a mac field, crcsum field, keys field, encrypted_size and original_size fields.
3. The method of claim 2, wherein the magic field is an int32_t type, four-byte size, fixed field, and is used to determine whether the file is encrypted.
4. The method of claim 2, wherein the crcsum field is of the type int32_t, four bytes in size, and crc check, used for checking the structure data, and preventing tampering.
5. The method of claim 2, wherein the keys is an int32_t array, the default array size is 16, and the rights are determined and information required for generating the decryption key is generated.
6. The method of claim 2, wherein the encrypted_size and the original_size are of the type int64_t for recording the size of the plaintext and ciphertext files.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211682081.9A CN118260775A (en) | 2022-12-26 | 2022-12-26 | Method for controlling authority of encrypted file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211682081.9A CN118260775A (en) | 2022-12-26 | 2022-12-26 | Method for controlling authority of encrypted file |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118260775A true CN118260775A (en) | 2024-06-28 |
Family
ID=91601248
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211682081.9A Pending CN118260775A (en) | 2022-12-26 | 2022-12-26 | Method for controlling authority of encrypted file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118260775A (en) |
-
2022
- 2022-12-26 CN CN202211682081.9A patent/CN118260775A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111355705B (en) | Data auditing and safety duplicate removal cloud storage system and method based on block chain | |
| US10348497B2 (en) | System and method for content protection based on a combination of a user pin and a device specific identifier | |
| US10447476B2 (en) | Multi-key graphic cryptography for encrypting file system acceleration | |
| US7792300B1 (en) | Method and apparatus for re-encrypting data in a transaction-based secure storage system | |
| US7320076B2 (en) | Method and apparatus for a transaction-based secure storage file system | |
| US9559837B2 (en) | Methods for cryptographic delegation and enforcement of dynamic access to stored data | |
| US7526795B2 (en) | Data security for digital data storage | |
| US8107621B2 (en) | Encrypted file system mechanisms | |
| US9009496B2 (en) | Method and apparatus for implementing secure and selectively deniable file storage | |
| JP3810425B2 (en) | Falsification detection data generation method, and falsification detection method and apparatus | |
| US8880879B2 (en) | Accelerated cryptography with an encryption attribute | |
| KR101613146B1 (en) | Method for encrypting database | |
| US20020073326A1 (en) | Protect by data chunk address as encryption key | |
| CN104484628B (en) | It is a kind of that there is the multi-application smart card of encrypting and decrypting | |
| CN111324901A (en) | Method for creating and decrypting enterprise security encrypted file | |
| JP2002539545A (en) | Anonymization method | |
| CN118260775A (en) | Method for controlling authority of encrypted file | |
| CN110210259B (en) | Data protection method and system for solid state disk | |
| CN113806785A (en) | Method and system for carrying out safety protection on electronic document | |
| CN112615816A (en) | Cloud document transmission encryption and decryption method | |
| JPH08509087A (en) | File encryption structure | |
| JP2006197581A (en) | Method of generating alteration detection data | |
| CN115296789A (en) | Method and system for processing key and electronic device | |
| Park et al. | SPECS: smart partial enciphering service for accessing encrypted files with efficient and transparent | |
| GB2376775A (en) | Data protection by address re-mapping and encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |