Search

CN-122020692-A - Data encryption and decryption methods, electronic equipment and computer program product

CN122020692ACN 122020692 ACN122020692 ACN 122020692ACN-122020692-A

Abstract

The embodiment of the application is suitable for the technical field of data security, and provides a data encryption and decryption method, electronic equipment and a computer program product, wherein the method comprises the steps of determining a target encryption task unit; the method comprises the steps of receiving an initial write request of data to be encrypted, receiving the initial write request of the data to be encrypted, sending the data to be encrypted corresponding to the target encryption task unit to external encryption equipment, updating the initial write request based on the encrypted data to trigger a preset data driving component to store the encrypted data under the condition that the encrypted data corresponding to the target encryption task unit is received.

Inventors

  • LI KAI
  • REN KUI
  • ZHANG CONG
  • SUN JUN
  • QIAN YUZHONG
  • FAN LIMING
  • YAN ZIYUE

Assignees

  • 杭州高新区(滨江)区块链与数据安全研究院

Dates

Publication Date
20260512
Application Date
20260408

Claims (10)

  1. 1. A data encryption method, comprising: determining a target encryption task unit, wherein the target encryption task unit corresponds to an initial write request of data to be encrypted; transmitting the data to be encrypted corresponding to the target encryption task unit to external encryption equipment; and under the condition that the encrypted data corresponding to the target encryption task unit is received, updating the initial write request based on the encrypted data so as to trigger a preset data driving component to store the encrypted data.
  2. 2. The method of claim 1, wherein prior to said determining the target encryption task unit, the method comprises: acquiring an initial write request for a preset storage medium; determining an initial write request corresponding to data to be encrypted based on preset encryption strategy information; And generating an encryption task unit to be processed according to the initial write request corresponding to the data to be encrypted.
  3. 3. The method of claim 2, wherein generating the pending encrypted task unit for the initial write request corresponding to the data to be encrypted comprises: extracting an idle encryption task unit from a preset first object pool; determining first characteristic information of the initial write request; And associating the idle encryption task unit and the first characteristic information to generate an encryption task unit to be processed.
  4. 4. The method of claim 2, wherein after the updating the write request based on the encrypted data, the method further comprises: determining a first reference count value of the target encryption task unit; And resetting the target encryption task unit as an idle encryption task unit when the first reference count value is a preset threshold value, and adding the idle encryption task unit to the first object pool.
  5. 5. A method according to claim 3, characterized in that the method further comprises: determining a current writing position of a preset first lock-free annular queue; storing the encryption task unit to be processed to the current writing position based on an atomization operation under the condition that the first non-lock ring-shaped queue is not fully loaded; And executing queue overflow processing aiming at the encryption task unit to be processed under the condition that the first non-lock annular queue is fully loaded, wherein the queue overflow processing comprises the steps of dynamically expanding the first non-lock annular queue or caching the encryption task unit to be processed.
  6. 6. The method according to any of claims 1-4, wherein said determining a target encryption task unit comprises: determining a current readable position of a preset first lock-free annular queue; Determining the task state of an encryption task unit to be processed, which is positioned at the current readable position; and under the condition that the task state is in a queue, determining the to-be-processed encryption task unit positioned at the current readable position as a target encryption task unit, and updating the task state of the target encryption task unit as processing.
  7. 7. The method of any of claims 1-4, wherein the updating the write request based on the encrypted data comprises: updating data vector information in the initial write request based on the encrypted data to obtain a target write request; Storing the target write request to a preset write request queue to trigger a data driving component to read and respond to the target write request in the write request queue.
  8. 8. A data decryption method, comprising: Determining a target decryption task unit, wherein the target decryption task unit corresponds to an initial read request of data to be decrypted; Transmitting the data to be decrypted corresponding to the target decryption task unit to external decryption equipment; And under the condition that decrypted data corresponding to the target decryption task unit is received, updating the initial read request based on the decrypted data so as to trigger a preset data application component to read the decrypted data.
  9. 9. An electronic device comprising a processor, a memory, and a computer program stored in the memory and executable on the processor, which when executed by the processor causes the electronic device to implement the method of any one of claims 1-8.
  10. 10. A computer program product comprising a computer program which, when run, causes the method of any one of claims 1-8 to be performed.

Description

Data encryption and decryption methods, electronic equipment and computer program product Technical Field The embodiment of the application belongs to the technical field of data security, and particularly relates to a data encryption and decryption method, electronic equipment and a computer program product. Background In the field of data encryption, particularly in the scene of using external password service to meet compliance requirements, a long-standing core technical problem is that encryption/decryption calculation is strongly coupled with disk I/O operation, and the delay of calling the external password service is large, so that the I/O performance is seriously reduced. In the conventional synchronous encryption model, when an I/O thread of an operating system kernel initiates a write request, the I/O thread needs to wait for data to be encrypted by an external cryptographic service synchronously before submitting the encrypted data to a disk drive. During the waiting process, the I/O thread is completely blocked and cannot process other requests, resulting in a significant increase in I/O latency. Since the I/O thread is in an idle waiting state during encryption of data, the request processing pipeline of the entire memory stack cannot realize pipelining. This limits the overall throughput of the system to the latency of a single encryption operation, limiting the performance of the storage medium. When the I/O thread is blocked and waiting, the CPU core is in an idle or low-efficiency running state, and the encryption calculation task cannot be processed in parallel by other cores. Meanwhile, the encryption calculation depends on the network to remotely call the external password service, and the network round trip delay RTT can be directly overlapped on the I/O delay, so that the performance problem is more serious. Accordingly, there is a need for a data processing method that eliminates the problem of blocking of I/O threads during data processing. Disclosure of Invention In view of the above, the embodiments of the present application provide a data encryption and decryption method, an electronic device, and a computer program product, so as to improve the processing blocking problem of a write request/read request caused by the need to wait for an external encryption device to encrypt/decrypt data to be decrypted, and improve the data encryption/decryption efficiency. A first aspect of the embodiment of the application provides a data encryption method, which comprises the steps of determining a target encryption task unit, enabling the target encryption task unit to correspond to an initial write request of data to be encrypted, sending the data to be encrypted corresponding to the target encryption task unit to external encryption equipment, and updating the initial write request based on the encrypted data under the condition that the encrypted data corresponding to the target encryption task unit is received, so as to trigger a preset data driving assembly to store the encrypted data. In some implementations of the first aspect, before the determining the target encryption task unit, the method includes obtaining an initial write request for a preset storage medium, determining an initial write request corresponding to data to be encrypted based on preset encryption policy information, and generating a task unit to be processed for the initial write request corresponding to the data to be encrypted. In some implementations of the first aspect, the generating the encryption task unit to be processed for the initial write request corresponding to the data to be encrypted includes extracting an idle encryption task unit from a preset first object pool, determining first feature information of the initial write request, and associating the idle encryption task unit and the first feature information to generate the encryption task unit to be processed. In some implementations of the first aspect, after the updating of the write request based on the encrypted data, the method further includes determining a first reference count value for the target encryption task unit, resetting the target encryption task unit to a free encryption task unit when the first reference count value is a preset threshold, and adding the free encryption task unit to the first object pool. In some implementations of the first aspect, the method further includes determining a current writing location of a preset first lock-free annular queue, storing the to-be-processed encrypted task unit to the current writing location based on an atomization operation if the first lock-free annular queue is not fully loaded, performing queue overflow processing for the to-be-processed encrypted task unit if the first lock-free annular queue is fully loaded, and the queue overflow processing includes dynamically expanding the first lock-free annular queue or caching the to-be-processed encrypted task unit. In some implementations