CN-122027208-A - Encryption method of random IV and HEX codes based on AES

Abstract

The invention relates to an encryption method of random IV and HEX codes based on AES, which comprises the steps of obtaining original plaintext data, generating the random IV by adopting Web Crypto API, encrypting the original plaintext data by adopting an AES encryption algorithm through the random IV and a predetermined AES key to obtain ciphertext, and coding the ciphertext according to a dynamic HEX-Base64 hybrid coding method to obtain final coded data. According to the method, the WAF interception is effectively avoided, the false alarm rate is reduced, and the data transmission safety and the service continuity are ensured by combining the random IV encryption and the AES encryption with the dynamic HEX-Base64 mixed coding.

Inventors

• ZHANG QINGSUO

Assignees

• 北京思特奇信息技术股份有限公司

Dates

Publication Date

20260512

Application Date

20251231

Claims (10)

1. 1. An AES-based encryption method for random IV and HEX encoding, comprising: acquiring original plaintext data; generating a random IV by adopting a Web Crypto API, and encrypting the original plaintext data by adopting an AES encryption algorithm through the random IV and a predetermined AES key to obtain ciphertext; and coding the ciphertext according to a dynamic HEX-Base64 hybrid coding method to obtain final coded data.
2. 2. The method according to claim 1, wherein the method further comprises: Transmitting the final encoded data to a back-end server through an HTTP request, so that the back-end server decrypts the final encoded data by adopting the following processing procedures: Receiving the final encoded data; analyzing the final coded data, removing randomly inserted special characters, and separating an HEX coding part and a Base64 variant coding part; Converting the HEX coding part into binary data, reversely replacing and decoding the Base64 variety coding part into binary data, and splicing the binary data corresponding to the HEX coding part and the binary data corresponding to the Base64 variety coding part to obtain encrypted ciphertext; And extracting a random IV from the final coded data, and decrypting the encrypted ciphertext by using the same AES key and the random IV to recover the original plaintext data.
3. 3. The method of claim 1, wherein the generating a random IV using a Web Crypto API comprises: n bytes of random IV are generated using crypto. N is an even number.
4. 4. A method according to any one of claims 1 to 3, wherein said encoding said ciphertext according to a dynamic HEX-Base64 hybrid encoding method to obtain final encoded data comprises: The ciphertext is segmented according to each n bytes as a block, and a plurality of segments are obtained; For each segment, the first a byte adopts HEX coding, the second b byte adopts Base64 variant coding, and first coding data corresponding to the segment is obtained, wherein the sum of a and b is n; For each segment, randomly inserting x randomly selected special characters into first coded data corresponding to the segment to obtain second coded data corresponding to the segment; and obtaining final coded data according to the second coded data corresponding to all the segments.
5. 5. The method according to claim 4, wherein the method further comprises: obtaining data after original Base64 coding according to the first coding data corresponding to all the segments; And when the difference between the data length of the final encoded data and the data length of the data encoded by the original Base64 does not meet the set condition, randomly filling the final encoded data in a random filling mode, so that the difference between the data length of the filled encoded data and the data length of the data encoded by the original Base64 meets the set condition.
6. 6. An AES-based encryption apparatus for random IV and HEX encoding, comprising: The acquisition module is used for acquiring the original plaintext data; the encryption module is used for generating a random IV by adopting a Web Crypto API, and encrypting the original plaintext data by adopting an AES encryption algorithm through the random IV and a predetermined AES key to obtain ciphertext; And the hybrid coding module is used for coding the ciphertext according to a dynamic HEX-Base64 hybrid coding method to obtain final coded data.
7. 7. The apparatus of claim 6, wherein the apparatus further comprises: The decryption module is configured to send the final encoded data to a backend server through an HTTP request, so that the backend server decrypts the final encoded data by using the following processing procedure: Receiving the final encoded data; analyzing the final coded data, removing randomly inserted special characters, and separating an HEX coding part and a Base64 variant coding part; Converting the HEX coding part into binary data, reversely replacing and decoding the Base64 variety coding part into binary data, and splicing the binary data corresponding to the HEX coding part and the binary data corresponding to the Base64 variety coding part to obtain encrypted ciphertext; And extracting a random IV from the final coded data, and decrypting the encrypted ciphertext by using the same AES key and the random IV to recover the original plaintext data.
8. 8. The apparatus of claim 6, wherein the encryption module, when generating the random IV using the Web Crypto API, is specifically configured to: n bytes of random IV are generated using crypto. N is an even number.
9. 9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of any one of claims 1-5 when the computer program is executed.
10. 10. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the method of any of claims 1-5.

Description

Encryption method of random IV and HEX codes based on AES Technical Field The invention relates to the technical field of encryption, in particular to an encryption method of random IV and HEX codes based on AES. Background AES, which is a symmetric encryption algorithm, is widely used in the field of data encryption because of its high efficiency and high security. In practical applications, to increase the security of encryption, a random Initialization Vector (IV) is typically used, and the encrypted data needs to be encoded for transmission or storage in the network. Common coding modes are HEX coding and Base64 coding. Base64 coding has the problems: 1. Features are obviously easy to identify, base64 encoding uses fixed character sets (A-Z, a-z, 0-9, +, ) And a pad character "=" may appear at the end of the encoded data. This feature allows the WAF to easily identify Base64 encoded data. For example, many WAF rule bases contain regular expression matching rules for Base64 features, which may trigger an intercept mechanism once a string is detected that meets the Base64 features. 2. The false alarm rate is high, and normal encrypted data can be misjudged as malicious attack by WAF due to character set and format characteristics of Base64 codes. For example, in some Web applications, the encrypted data may contain features like SQL injection or XSS attack, such as "contain"The "or" + "character may cause the WAF to misjudge it as malicious traffic and intercept it. 3. Length exposure problems the Base64 encoded data length will typically be increased by about 33% over the original data, and significant changes in this length may be detected by the WAF. Some WAFs set a length threshold that triggers an interception rule when the encoded data length is detected to exceed the threshold. Limitations of standard HEX coding: 1. standard HEX coding is to convert binary data into hexadecimal strings with relatively single patterns, WAF can be implemented by simple regular expressions (e.g [0 - 9a - f]{16,}I) To identify. If the encrypted data is transmitted in pure HEX encoded form, it is easily marked as suspicious by WAF. 2. Lack of confusion capability-HEX encoding cannot effectively hide the block characteristics of AES ciphertext, e.g., in CBC mode, the block length of the ciphertext is fixed, which may be exploited by an attacker for analysis. Meanwhile, the WAF may also identify and intercept encrypted data by detecting such block characteristics. Thus, the deficiencies of the prior art are: The prior encoding method has obvious defects in the aspect of coping with WAF interception, and cannot effectively avoid that normal encrypted data is misjudged as malicious traffic, so that the safety and reliability of data transmission are affected. In addition, in the prior art, the complete implementation scheme of encrypting by using JavaScript for the front end and decrypting by using Java for the back end is also lacking. Disclosure of Invention The invention aims to solve at least one technical problem by providing an encryption method of random IV and HEX codes based on AES. In a first aspect, the present invention provides a method for encrypting random IV and HEX codes based on AES, the method comprising: acquiring original plaintext data; Generating a random IV by adopting a Web Crypto API, encrypting original plaintext data by adopting an AES encryption algorithm through the random IV and a predetermined AES key to obtain ciphertext; ciphertext according to dynamic HEX And coding by a Base64 mixed coding method to obtain final coded data. The method has the advantages that the Web Crypto API is adopted to generate the high randomness IV and is combined with the AES encryption algorithm to encrypt the original plaintext data, so that the unpredictability and the safety of the encryption process are ensured, meanwhile, the ciphertext is encoded by the dynamic HEX-Base64 hybrid encoding method, the fixed character set characteristic and the filling mode of the traditional Base64 encoding are effectively destroyed, the regular expression-based rule matching interception of WAF is avoided, the defect that a single mode of standard HEX encoding is easy to identify is avoided, the false report rate that normal encrypted data is misjudged as malicious traffic is reduced, the encoded data has random confusion characteristic, the length anomaly detection is avoided through the length equalization processing, the WAF interception resisting capability in the encrypted data transmission process is remarkably improved, and the service continuity and the user experience are ensured. On the basis of the technical scheme, the invention can be improved as follows. Further, the method comprises the following steps: The final encoded data is sent to the back-end server through an HTTP request, so that the back-end server decrypts the final encoded data by adopting the following processing procedures: receiving final encode