Search

CN-122001627-A - Data processing method, device, equipment, storage medium and product

CN122001627ACN 122001627 ACN122001627 ACN 122001627ACN-122001627-A

Abstract

The application discloses a data processing method, a device, equipment, a storage medium and a product. The method comprises the steps of responding to an encryption request sent by a client and used for obtaining a target file, generating a first random code and sending the first random code to the client, receiving transmission information which is generated by the client and used for encrypting data based on the first random code, carrying an encryption public key, a second random code corresponding to the encryption public key and the first random code, determining that the first random code carried in the transmission information is consistent with the first random code on a server side, encrypting the target file based on the encryption public key, generating an encryption file and sending the encryption file to the client, wherein metadata of the encryption file carries the first random code and the second random code, and enabling the client to support determining a decryption private key used for decrypting the encryption file based on the first random code and the second random code. The traditional management of a decryption private key is omitted, and the operability and the security of the system are enhanced.

Inventors

  • DING SHUN

Assignees

  • 中移(苏州)软件技术有限公司
  • 中国移动通信集团有限公司

Dates

Publication Date
20260508
Application Date
20260114

Claims (13)

  1. 1. A data processing method, applied to a server, comprising: Generating a first random code in response to an encryption request sent by a client for acquiring a target file, and sending the first random code to the client; Receiving transfer information for data encryption generated by the client based on the first random code, wherein the transfer information carries an encryption public key, a second random code corresponding to the encryption public key and the first random code; And if the first random code carried in the transfer information is consistent with the first random code of the server side, encrypting the target file based on the encryption public key, generating an encryption file and sending the encryption file to the client, wherein metadata of the encryption file carries the first random code and the second random code, so that the client supports to determine a decryption private key for decrypting the encryption file based on the first random code and the second random code.
  2. 2. The method of claim 1, wherein the number of encrypted public keys carried by the transfer information is plural, and the second random code corresponds to the encrypted public keys one to one, and wherein encrypting the target file based on the encrypted public keys to generate the encrypted file comprises: Dividing the target file into a plurality of data blocks corresponding to the number of the encryption public keys in a blocking manner; And carrying out block encryption on the plurality of data blocks based on a plurality of encryption public keys carried in the transmission information to obtain an encryption file, wherein each data block corresponds to a different encryption public key, metadata of the encryption file comprises sub-metadata corresponding to each encrypted data block, and the sub-metadata carries a second random code corresponding to the corresponding encryption public key and parameter information indicating the offset of the encrypted data block in the encryption file.
  3. 3. The method according to claim 1, wherein the method further comprises: and if the first random code carried in the transfer information is inconsistent with the first random code at the server side, generating error prompt information.
  4. 4. A data processing method, applied to a client, comprising: sending an encryption request for acquiring a target file to a server; Receiving a first random code sent by the server; Generating at least one encrypted public key based on the input cryptographic information, the at least one second random code generated by the client, and the first random code; Generating transfer information based on the at least one encrypted public key, the at least one second random code, and the first random code; the transfer information is used for data encryption by the server, and carries an encryption public key, a second random code corresponding to the encryption public key and the first random code; And receiving the encrypted file sent by the server, wherein metadata of the encrypted file carries the first random code and the second random code.
  5. 5. The method of claim 4, wherein the generating at least one encrypted public key based on the entered cryptographic information, the client-generated at least one second random code, and the first random code comprises: generating at least one first authentication code based on the input password information and at least one second random code generated by the client; Generating at least one second authentication code based on the first random code and the at least one first authentication code; and generating at least one public-private key pair based on a pseudo-random number algorithm and the at least one second authentication code to obtain the at least one encrypted public key.
  6. 6. The method of claim 5, wherein the generating at least one first authentication code based on the entered cryptographic information and the at least one second random code generated by the client comprises: Generating a hash abstract by adopting a hash algorithm based on the input password information and each second random code generated by the client to obtain a corresponding first authentication code; the generating at least one second authentication code based on the first random code and the at least one first authentication code includes: Based on the first random code and each first authentication code, generating corresponding authentication data by adopting a hash message authentication code HMAC algorithm; and generating a hash abstract for the authentication data by adopting a hash algorithm to obtain a corresponding second authentication code.
  7. 7. The method according to claim 4, wherein the method further comprises: generating a decryption private key based on the first random code and the second random code carried by the cryptographic information and metadata of the encrypted file; and decrypting the encrypted file based on the decryption private key to obtain the target file.
  8. 8. The method of claim 7, wherein the generating a decryption private key based on the cryptographic information and the first and second random codes carried by metadata of the encrypted file comprises: generating a corresponding first authentication code based on the cryptographic information and each of the second random codes; generating a corresponding second authentication code based on the first random code and each of the first authentication codes; And generating a corresponding public-private key pair based on a pseudo-random number algorithm and each second authentication code to obtain a decryption private key.
  9. 9. The method of claim 7, wherein the encrypted file includes a plurality of encrypted data blocks, the metadata of the encrypted file including sub-metadata corresponding to each encrypted data block, the sub-metadata carrying a second random code corresponding to a respective encrypted public key and parameter information indicating an offset of the encrypted data block in the encrypted file, the generating a decryption private key based on the cryptographic information and the first random code and the second random code carried by the metadata of the encrypted file, comprising: Generating a decryption private key corresponding to each encrypted data block based on the password information, the first random code and the second random code carried by each sub-metadata; the decrypting the encrypted file based on the decrypting private key to obtain the target file comprises the following steps: decrypting each encrypted data block by adopting a parallel thread based on a corresponding decryption private key and the parameter information carried by the sub-metadata to obtain a decrypted data block; and generating the target file based on each decrypted data block.
  10. 10. A server comprising a processor and a memory for storing a computer program capable of running on the processor, wherein, The processor being adapted to perform the steps of the method of any of claims 1 to 3 when the computer program is run.
  11. 11. A client comprising a processor and a memory for storing a computer program capable of running on the processor, wherein, The processor being adapted to perform the steps of the method of any of claims 4 to 9 when the computer program is run.
  12. 12. A computer storage medium having a computer program stored thereon, which, when executed by a processor, implements the steps of the method according to any of claims 1 to 9.
  13. 13. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, realizes the steps of the method according to any one of claims 1 to 9.

Description

Data processing method, device, equipment, storage medium and product Technical Field The present application relates to the field of data security technologies, and in particular, to a data processing method, apparatus, device, storage medium, and product. Background With the widespread use of cloud computing technology, users have increasingly demanded data security. Data encryption is used as an important means for guaranteeing information security, and is widely applied to data storage and transmission processes. In related practice, asymmetric encryption methods (such as RSA) are used to protect user data, and clients decrypt with private keys to access the original information. In the related art, a client downloads a file and then encrypts the file by using a locally generated public key, or a server directly encrypts the file after acquiring the public key provided by a user, and decrypts the file by using a private key when the client needs to view real data. Although the implementation of the method is more visual, in practical application, the private key management is complex, the risk of the private key being revealed exists, and the security of the data is affected. Disclosure of Invention In view of the above, the embodiments of the present application provide a data processing method, apparatus, device, storage medium, and product, which aim to reduce the potential safety hazard of data caused by private key leakage and improve the security of data. The technical scheme of the embodiment of the application is realized as follows: in a first aspect, an embodiment of the present application provides a data processing method, which is applied to a server, including: Generating a first random code in response to an encryption request sent by a client for acquiring a target file, and sending the first random code to the client; Receiving transfer information for data encryption generated by the client based on the first random code, wherein the transfer information carries an encryption public key, a second random code corresponding to the encryption public key and the first random code; And if the first random code carried in the transfer information is consistent with the first random code of the server side, encrypting the target file based on the encryption public key, generating an encryption file and sending the encryption file to the client, wherein metadata of the encryption file carries the first random code and the second random code, so that the client supports to determine a decryption private key for decrypting the encryption file based on the first random code and the second random code. In the above scheme, the number of the encrypted public keys carried by the transfer information is a plurality of, and the second random code corresponds to the encrypted public keys one by one, and the encrypting the target file based on the encrypted public keys generates an encrypted file, which includes: Dividing the target file into a plurality of data blocks corresponding to the number of the encryption public keys in a blocking manner; And carrying out block encryption on the plurality of data blocks based on a plurality of encryption public keys carried in the transmission information to obtain an encryption file, wherein each data block corresponds to a different encryption public key, metadata of the encryption file comprises sub-metadata corresponding to each encrypted data block, and the sub-metadata carries a second random code corresponding to the corresponding encryption public key and parameter information indicating the offset of the encrypted data block in the encryption file. In the above scheme, the method further comprises: and if the first random code carried in the transfer information is inconsistent with the first random code at the server side, generating error prompt information. In a second aspect, an embodiment of the present application provides a data processing method, applied to a client, including: sending an encryption request for acquiring a target file to a server; Receiving a first random code sent by the server; Generating at least one encrypted public key based on the input cryptographic information, the at least one second random code generated by the client, and the first random code; Generating transfer information based on the at least one encrypted public key, the at least one second random code, and the first random code; the transfer information is used for data encryption by the server, and carries an encryption public key, a second random code corresponding to the encryption public key and the first random code; And receiving the encrypted file sent by the server, wherein metadata of the encrypted file carries the first random code and the second random code. In the above solution, the generating at least one encryption public key based on the input cryptographic information, the at least one second random code generated by the client, and the first