Search

CN-122027198-A - Data encryption method and device, storage medium and electronic equipment

CN122027198ACN 122027198 ACN122027198 ACN 122027198ACN-122027198-A

Abstract

The application discloses a data encryption method, a device, a storage medium and electronic equipment, which relate to the technical field of data processing and comprise the steps of receiving a first public key sent by a data receiving end and first signature information of the data receiving end; the method comprises the steps of carrying out identity verification on first signature information based on a first public key and a first private key, generating a first transmission key according to the first signature information and the first private key in response to the passing of the identity verification, carrying out encryption processing on target transmission data according to the first transmission key to obtain encrypted data, and sending the encrypted data to a data receiving end, wherein the receiving end is used for carrying out decryption processing on the encrypted data. The method and the device generate the first transmission key through the first signature information and the first private key, improve the security of the key, obtain the encrypted data through encrypting the target transmission data and send the encrypted data to the data receiving end, realize the transmission of the encrypted data between the data sending end and the data receiving end, and improve the confidentiality of the transmission data.

Inventors

  • DONG YICONG
  • HUANG RUIQI
  • Pan Xiaogu
  • Tang Chaoyi
  • QIU JUNYANG

Assignees

  • 中移互联网有限公司
  • 中国移动通信集团有限公司

Dates

Publication Date
20260512
Application Date
20251225

Claims (15)

  1. 1. The data encryption method is characterized by being applied to a data transmitting end and comprising the following steps: receiving a first public key sent by a data receiving end and first signature information of the data receiving end; Authenticating the first signature information based on the first public key and a first private key; responding to the passing of the identity verification, generating a first transmission key according to the first signature information and the first private key, and encrypting the target transmission data according to the first transmission key to obtain encrypted data; And sending the encrypted data to the data receiving end, wherein the receiving end is used for decrypting the encrypted data so as to complete the transmission of the encrypted data between the data sending end and the data receiving end.
  2. 2. The method of claim 1, wherein prior to receiving the first public key sent by the data receiving end and the first signature information of the data receiving end, the method further comprises: determining a candidate parameter range of a target elliptic curve based on the order of the target elliptic curve; And selecting a first parameter from a plurality of curve parameters of the target elliptic curve as the first private key based on the candidate parameter range.
  3. 3. The method of claim 2, wherein prior to said authenticating said first signature information based on said first public key and first private key, said method further comprises: Selecting a second parameter and a third parameter from the plurality of curve parameters based on the candidate parameter range; Generating second signature information of a data transmitting end according to the second parameter, the third parameter and the base point of the target elliptic curve; and sending the second signature information to the data receiving end, wherein the second signature information is used for the data receiving end to carry out identity verification on the data sending end by combining a second private key.
  4. 4. The method of claim 3, wherein generating the second signature information of the data transmitting end according to the second parameter, the third parameter and the base point of the target elliptic curve includes: determining a first point location in the target ellipse according to the second parameter and a base point of the target ellipse curve, and determining a second point location in the target ellipse according to the third parameter and the base point; and generating the second signature information based on the first point location, the second point location and the second parameter.
  5. 5. A method according to claim 3, wherein said generating a first transmission key from said first signature information and said first private key in response to authentication passing, and encrypting the target transmission data in accordance with said first transmission key to obtain encrypted data, comprises: generating the first transmission key according to the second parameter, the first signature information and the first private key in response to the authentication passing; And encrypting the target transmission data according to the first transmission key to obtain encrypted data.
  6. 6. The method of claim 1, wherein prior to encrypting the target transmission data in accordance with the first transmission key to obtain encrypted data, the method further comprises: determining a first hash value of the target transmission data in a target hash function; Carrying out signature processing on the first hash value based on the first private key to obtain first signature information corresponding to the target transmission data; Generating a blockchain object corresponding to the target transmission data according to the first hash value, the first signature information and the transmission operation information corresponding to the target transmission data, wherein the blockchain object is used for executing an intelligent contract in a blockchain, and the intelligent contract is used for carrying out signature verification on the blockchain object.
  7. 7. The method of claim 6, wherein encrypting the target transmission data according to the first transmission key results in encrypted data, comprising: And in response to the signature verification passing, encrypting the target transmission data according to the first transmission key to obtain the encrypted data.
  8. 8. The method of claim 2, wherein after the selecting a first parameter from a plurality of curve parameters of the target elliptic curve based on the candidate parameter range as the first private key, the method further comprises: Generating a second public key according to the first private key; and sending the second public key to the data receiving end, and storing the second public key in a blockchain.
  9. 9. A data encryption method, applied to a data receiving end, comprising: Receiving a second public key sent by a data sending end and second signature information of the data sending end; Authenticating the second signature information based on the second public key and a second private key; generating a second transmission key according to the second signature information and the second private key in response to the authentication passing; And decrypting the encrypted data sent by the data sending end according to the second transmission key to obtain target transmission data so as to complete encrypted data transmission between the data sending end and the data receiving end.
  10. 10. The method according to claim 9, wherein after decrypting the encrypted data sent by the data sending end according to the second transmission key to obtain the target transmission data, the method further comprises: determining a second hash value of the target transmission data in a target hash function, wherein the second hash value is used for executing an intelligent contract in a block chain, and the intelligent contract is used for carrying out consistency verification on the second hash value and a first hash value of the data transmitting end.
  11. 11. A data encryption system comprising a data transmitting end configured to implement the data encryption method of any one of claims 1 to 8 and a data receiving end configured to implement the data encryption methods of claim 9 and claim 10.
  12. 12. A data encryption apparatus, comprising: the receiving module is configured to receive a first public key sent by a data receiving end and first signature information of the data receiving end; a verification module configured to verify the first signature information based on the first public key and a first private key; The encryption module is configured to respond to the passing of the identity verification, generate a first transmission key according to the first signature information and the first private key, and encrypt target transmission data according to the first transmission key to obtain encrypted data; the sending module is configured to send encrypted data to the data receiving end, and the receiving end is used for decrypting the encrypted data so as to complete encrypted data transmission between the data sending end and the data receiving end.
  13. 13. A data encryption apparatus, comprising: The receiving module is configured to receive a second public key sent by the data sending end and second signature information of the data sending end; a verification module configured to verify the second signature information based on the second public key and a second private key; A generation module configured to generate a second transmission key from the second signature information and the second secret key in response to authentication passing; And the decryption module is configured to decrypt the encrypted data sent by the data sending end according to the second transmission key to obtain target transmission data so as to complete encrypted data transmission between the data sending end and the data receiving end.
  14. 14. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the method of any one of claims 1 to 10.
  15. 15. An electronic device comprising a storage medium, a processor and a computer program stored on the storage medium and executable on the processor, characterized in that the processor implements the method of any one of claims 1 to 10 when executing the computer program.

Description

Data encryption method and device, storage medium and electronic equipment Technical Field The present application relates to the field of data processing technologies, and in particular, to a data encryption method, a data encryption device, a storage medium, and an electronic device. Background End-to-End Encryption (E2 EE) is a communication Encryption technique that ensures that information is always kept encrypted when transmitted between a sender and a receiver, and only both ends of the communication (sender and receiver) can decrypt and read the content, any third party in the middle, including service providers, network interceptors, etc., cannot decrypt and view the information content. At present, the end-to-end encryption is mainly carried out through an asymmetric encryption algorithm, and particularly public keys and private keys can be distributed to users of both sides through negotiation of both sides, the public keys can be shared and used for encrypting information, the private keys are required to be kept secret for decrypting information, and then the users with the corresponding private keys can decrypt data encrypted by the public keys, and in the data transmission process, the data cannot be decrypted even if the private keys are intercepted, so that the safety of communication is improved. However, since the key trust mechanism and the encryption mechanism are two relatively independent processes, in this way, the encryption mechanism cannot confirm the identity information, so that the key sharing is performed, which results in reduced security of the key. Disclosure of Invention In view of this, the present application provides a data encryption method, device, storage medium and electronic apparatus, and aims to solve the technical problem that the security of the key is reduced when the key sharing is performed under the condition that the encryption mechanism cannot confirm the identity information in the prior art. In a first aspect, the present application provides a data encryption method, applied to a data sending end, including: receiving a first public key sent by a data receiving end and first signature information of the data receiving end; Authenticating the first signature information based on the first public key and a first private key; responding to the passing of the identity verification, generating a first transmission key according to the first signature information and the first private key, and encrypting the target transmission data according to the first transmission key to obtain encrypted data; And sending the encrypted data to the data receiving end, wherein the receiving end is used for decrypting the encrypted data so as to complete the transmission of the encrypted data between the data sending end and the data receiving end. Optionally, before the receiving the first public key sent by the data receiving end and the first signature information of the data receiving end, the method further includes: determining a candidate parameter range of a target elliptic curve based on the order of the target elliptic curve; And selecting a first parameter from a plurality of curve parameters of the target elliptic curve as the first private key based on the candidate parameter range. Optionally, before said authenticating said first signature information based on said first public key and first private key, said method further comprises: Selecting a second parameter and a third parameter from the plurality of curve parameters based on the candidate parameter range; Generating second signature information of a data transmitting end according to the second parameter, the third parameter and the base point of the target elliptic curve; and sending the second signature information to the data receiving end, wherein the second signature information is used for the data receiving end to carry out identity verification on the data sending end by combining a second private key. Optionally, the generating the second signature information of the data sending end according to the second parameter, the third parameter and the base point of the target elliptic curve includes: determining a first point location in the target ellipse according to the second parameter and a base point of the target ellipse curve, and determining a second point location in the target ellipse according to the third parameter and the base point; and generating the second signature information based on the first point location, the second point location and the second parameter. Optionally, the responding to the authentication passing generates a first transmission key according to the first signature information and the first private key, and encrypts the target transmission data according to the first transmission key to obtain encrypted data, which includes: generating the first transmission key according to the second parameter, the first signature information and the first private key in respo