Search

CN-114785492-B - Data encryption method, device, electronic equipment and storage medium

CN114785492BCN 114785492 BCN114785492 BCN 114785492BCN-114785492-B

Abstract

The disclosure provides a data encryption method, a data encryption device, electronic equipment and a storage medium. The method comprises the steps of obtaining a byte stream to be encrypted, determining an encryption information generation rule corresponding to the byte stream to be encrypted, generating encryption information corresponding to the byte stream to be encrypted according to the encryption information generation rule, and splicing the encryption information at a preset splicing position of the byte stream to be encrypted to form an encrypted byte stream. This embodiment can avoid potential security concerns that may occur and does not destroy the byte stream itself.

Inventors

  • WANG XIAOHUI

Assignees

  • 中信百信银行股份有限公司

Dates

Publication Date
20260505
Application Date
20220317

Claims (12)

  1. 1. A method of data encryption, comprising: Acquiring a byte stream to be encrypted; determining an encryption information generation rule corresponding to the byte stream to be encrypted; generating encryption information corresponding to the byte stream to be encrypted according to the encryption information generation rule; Splicing the encryption information at a preset splicing position of the byte stream to be encrypted to form an encrypted byte stream; Determining an encryption information generation rule corresponding to the byte stream to be encrypted, wherein the determination of the encryption information generation rule corresponding to the byte stream to be encrypted comprises determining the encryption information generation rule corresponding to the file type corresponding to the byte stream to be encrypted according to a corresponding relation between a preset file type and the encryption information generation rule; the encryption information generation rule comprises a data to be encrypted determination rule and an encryption algorithm identification, and Generating data to be encrypted by using at least one of the following byte streams to be encrypted, wherein the at least one item specifically comprises file types, file sizes and file header data corresponding to the byte streams to be encrypted; the generating encryption information corresponding to the byte stream to be encrypted according to the encryption information generation rule comprises the following steps: determining data to be encrypted corresponding to the byte stream to be encrypted according to the data to be encrypted determining rule; Encrypting the data to be encrypted by utilizing the encryption algorithm indicated by the encryption algorithm identification to obtain encrypted data corresponding to the byte stream to be encrypted; And generating encryption information corresponding to the byte stream to be encrypted based on encryption information generation rules corresponding to the byte stream to be encrypted and the encrypted data.
  2. 2. The method of claim 1, wherein the byte stream to be encrypted is a byte stream decoded from a Base64 encoded byte stream.
  3. 3. The method of claim 1, wherein the obtaining the byte stream to be encrypted comprises: and responding to receiving a file uploading request, wherein the file uploading request comprises a first byte stream obtained after Base64 encoding of a file to be uploaded, and Base64 decoding is carried out on the first byte stream to obtain the byte stream to be encrypted.
  4. 4. The method of claim 3, wherein the encryption information generation rule further comprises a byte stream related information generation rule, and Before generating the encryption information corresponding to the byte stream to be encrypted based on the encryption information generation rule corresponding to the byte stream to be encrypted and the encrypted data, the method further includes: Generating relevant information corresponding to the byte stream to be encrypted according to the byte stream relevant information generation rule and The generating encryption information corresponding to the byte stream to be encrypted based on encryption information generation rules corresponding to the byte stream to be encrypted and the encrypted data comprises the following steps: And generating encryption information corresponding to the byte stream to be encrypted based on encryption information generation rules corresponding to the byte stream to be encrypted, the encrypted data and related information.
  5. 5. The method of any of claims 3-4, wherein the file to be uploaded is an unstructured file.
  6. 6. The method of claim 1, wherein the method further comprises: storing the encrypted byte stream.
  7. 7. The method of claim 6, wherein the storing the encrypted byte stream comprises: Determining whether the data size of the encrypted byte stream is greater than a preset data size threshold; in response to determining no, storing the encrypted byte stream to a preset distributed non-relational database; And in response to determining that the encrypted byte stream is stored to a preset distributed file system.
  8. 8. The method of claim 7, wherein the preset distributed file system is a Hadoop distributed file system HDFS and the preset distributed non-relational database is a Hadoop database HBase.
  9. 9. The method of claim 8, wherein the method further comprises: Responding to a received file reading request, and acquiring a target encrypted byte stream corresponding to the file reading request; acquiring target encryption information corresponding to the target encrypted byte stream based on the preset splicing position; decrypting the target encrypted byte stream according to the target encryption information to obtain a decrypted byte stream; And generating a target file based on the decrypted byte stream, and returning the target file as a file corresponding to the file reading request.
  10. 10. A data encryption apparatus comprising: a first acquisition unit configured to acquire a byte stream to be encrypted; A determining unit configured to determine an encryption information generation rule corresponding to the byte stream to be encrypted, wherein the determining of the encryption information generation rule corresponding to the byte stream to be encrypted includes determining the encryption information generation rule corresponding to the file type corresponding to the byte stream to be encrypted according to a correspondence between a preset file type and the encryption information generation rule; a first generation unit configured to generate encryption information corresponding to the byte stream to be encrypted according to the encryption information generation rule including a data determination rule to be encrypted and an encryption algorithm identification, and Generating data to be encrypted by using at least one of the following byte streams to be encrypted, wherein the at least one item specifically comprises file types, file sizes and file header data corresponding to the byte streams to be encrypted; the generating encryption information corresponding to the byte stream to be encrypted according to the encryption information generation rule comprises the following steps: determining data to be encrypted corresponding to the byte stream to be encrypted according to the data to be encrypted determining rule; Encrypting the data to be encrypted by utilizing the encryption algorithm indicated by the encryption algorithm identification to obtain encrypted data corresponding to the byte stream to be encrypted; generating encryption information corresponding to the byte stream to be encrypted based on encryption information generation rules corresponding to the byte stream to be encrypted and the encrypted data; And the second generation unit is configured to splice the encryption information at a preset splicing position of the byte stream to be encrypted to form an encrypted byte stream.
  11. 11. An electronic device, comprising: One or more processors; a storage device having one or more programs stored thereon, The one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-9.
  12. 12. A computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by one or more processors implements the method of any of claims 1-9.

Description

Data encryption method, device, electronic equipment and storage medium Technical Field The embodiment of the disclosure relates to the technical field of network security, in particular to a data encryption method, a data encryption device, electronic equipment and a storage medium. Background Currently, in order to ensure data security, a fixed encryption mode is generally adopted to encrypt the whole byte stream. However, there may be a hash collision in this way of encrypting the byte stream as a whole, and when the hash collision occurs, the byte stream may still be decrypted by using the wrong decryption way and the key, thereby destroying the original byte stream. In addition, encryption in a fixed manner may present a security risk that the encryption manner is broken. Disclosure of Invention The embodiment of the disclosure provides a data encryption method, a data encryption device, electronic equipment and a storage medium. In a first aspect, an embodiment of the present disclosure provides a data encryption method, which includes obtaining a byte stream to be encrypted, determining an encryption information generation rule corresponding to the byte stream to be encrypted, generating encryption information corresponding to the byte stream to be encrypted according to the encryption information generation rule, and splicing the encryption information at a preset splicing position of the byte stream to be encrypted to form an encrypted byte stream. In some alternative embodiments, the byte stream to be encrypted is a byte stream decoded from a byte stream encoded by Base 64. In some optional embodiments, the obtaining the byte stream to be encrypted includes, in response to receiving a file upload request, the file upload request including a first byte stream obtained after Base64 encoding of a file to be uploaded, and Base64 decoding the first byte stream to obtain the byte stream to be encrypted. In some optional embodiments, the encryption information generation rule comprises a data to be encrypted determination rule and an encryption algorithm identification, and the generation of the encryption information corresponding to the byte stream to be encrypted according to the encryption information generation rule comprises the steps of determining the data to be encrypted corresponding to the byte stream to be encrypted according to the data to be encrypted determination rule, encrypting the data to be encrypted by utilizing the encryption algorithm indicated by the encryption algorithm identification to obtain encrypted data corresponding to the byte stream to be encrypted, and generating the encryption information corresponding to the byte stream to be encrypted based on the encryption information generation rule and the encrypted data corresponding to the byte stream to be encrypted. In some alternative embodiments, the encryption information generation rule further comprises a byte stream related information generation rule, and before the encryption information corresponding to the byte stream to be encrypted is generated based on the encryption information generation rule corresponding to the byte stream to be encrypted and the encrypted data, the method further comprises generating related information corresponding to the byte stream to be encrypted according to the byte stream related information generation rule, and the encryption information corresponding to the byte stream to be encrypted is generated based on the encryption information generation rule corresponding to the byte stream to be encrypted and the encrypted data, including generating encryption information corresponding to the byte stream to be encrypted based on the encryption information generation rule corresponding to the byte stream to be encrypted, the encrypted data and the related information. In some alternative embodiments, the file to be uploaded is an unstructured file. In some alternative embodiments, the method further comprises storing the encrypted byte stream. In some alternative embodiments, the storing the encrypted byte stream includes determining whether a data size of the encrypted byte stream is greater than a preset data size threshold, storing the encrypted byte stream to a preset distributed non-relational database in response to determining whether it is, and storing the encrypted byte stream to a preset distributed file system in response to determining that it is. In some alternative embodiments, the preset distributed file system is a Hadoop distributed file system (HDFS, hadoop Distributed FILE SYSTEM), and the preset distributed non-relational database is a Hadoop database HBase. In some optional embodiments, the method further comprises the steps of responding to a received file reading request, obtaining a target encrypted byte stream corresponding to the file reading request, obtaining target encryption information corresponding to the target encrypted byte stream based on the preset splici