阅读说明：本技术 加密密钥生成及其加密方法、解密密钥生成及其解密方法 (Encryption key generation method, decryption key generation method, encryption key generation program, decryption key generation program, and decryption program ) 是由 白建 马星星 齐振华 范琳琳 于 2019-09-20 设计创作，主要内容包括：本发明公开了一种加密密钥生成及其加密方法、解密密钥生成及其解密方法,加密密钥生成方法包括：获取第一密钥因子；设置第一固定密钥,第一固定密钥预先设置并存储于加密设备中；协商第一动态密钥,根据第一配置参数、第一密钥协商方法在加密设备与解密设备间协商得到第一动态密钥；对第一密钥因子、第一固定密钥、第一动态密钥进行第一逻辑运算得到第一加密密钥；对第一加密密钥进行哈希运算得到第二加密密钥,第二加密密钥用于数据的加密。本发明提供的加密密钥生成方法实现了一包一密,加密密钥的复杂度高,增加了数据传输的安全性,提高了破解难度,而且生成的加密密钥,不需要在数据传输中重复设置,保证了网络数据传输性能。(The invention discloses an encryption key generation method, an encryption method, a decryption key generation method and a decryption method, wherein the encryption key generation method comprises the following steps: obtaining a first key factor; setting a first fixed key, wherein the first fixed key is preset and stored in encryption equipment; negotiating a first dynamic key, and negotiating between the encryption equipment and the decryption equipment according to the first configuration parameter and a first key negotiation method to obtain the first dynamic key; performing first logic operation on the first key factor, the first fixed key and the first dynamic key to obtain a first encryption key; and carrying out Hash operation on the first encryption key to obtain a second encryption key, wherein the second encryption key is used for encrypting data. The encryption key generation method provided by the invention realizes one packet and one cipher, has high complexity of the encryption key, increases the security of data transmission, improves the cracking difficulty, and ensures the network data transmission performance because the generated encryption key does not need to be repeatedly set in the data transmission.)

1. An encryption key generation method, characterized by comprising:

obtaining a first key factor;

setting a first fixed key, wherein the first fixed key is preset and stored in encryption equipment;

negotiating a first dynamic key, and negotiating between the encryption equipment and the decryption equipment according to a first configuration parameter and a first key negotiation method to obtain the first dynamic key;

performing a first logic operation on the first key factor, the first fixed key and the first dynamic key to obtain a first encryption key;

and carrying out Hash operation on the first encryption key to obtain a second encryption key, wherein the second encryption key is used for encrypting data.

2. The encryption key generation method of claim 1, wherein obtaining the first key factor comprises:

acquiring a first network data frame, wherein the first network data frame comprises an IPv4 header;

and acquiring identification information from the IPv4 header, and using the identification information as the first key factor.

3. The encryption key generation method of claim 1, wherein obtaining the first key factor comprises:

acquiring a second network data frame, wherein the second network data frame comprises an IPv6 header;

and acquiring flow label information from the IPv6 header, and taking the flow label information as the first key factor.

4. A decryption key generation method, comprising:

acquiring a second key factor;

setting a second fixed key, wherein the second fixed key is preset and stored in decryption equipment;

negotiating a second dynamic key, and negotiating between the encryption equipment and the decryption according to a second configuration parameter and a second key negotiation method to obtain the second dynamic key;

performing a second logic operation on the second key factor, the second fixed key and the second dynamic key to obtain a first decryption key;

and carrying out Hash operation on the first decryption key to obtain a second decryption key, wherein the second decryption key is used for decrypting data.

5. The decryption key generation method of claim 4, wherein obtaining the second key factor comprises:

acquiring a third network data frame, wherein the third network data frame comprises an IPv4 header;

and acquiring identification information from the IPv4 header, and using the identification information as the second key factor.

6. The decryption key generation method of claim 4, wherein obtaining the second key factor comprises:

acquiring a fourth network data frame, wherein the fourth network data frame comprises an IPv6 header;

and acquiring flow label information from the IPv6 header, and taking the flow label information as the second key factor.

7. A data encryption method is characterized by comprising a first network device and an encryption device which are connected in sequence, wherein the encryption device comprises the following steps of:

receiving a fifth network data frame, the fifth network data frame being sent by the first network device;

encrypting the fifth network data frame according to a preset encryption key to obtain ciphertext data;

and transmitting a sixth network data frame, wherein the sixth network data frame comprises ciphertext data.

8. The data encryption method according to claim 7, wherein the predetermined encryption key is generated by the encryption key generation method according to any of claims 1 to 3.

9. A data decryption method, comprising a decryption device and a second network device connected, wherein the data decryption method executed on the decryption device comprises:

receiving a seventh network data frame;

decrypting the seventh network data frame according to a preset decryption key to obtain plaintext data;

transmitting an eighth network data frame to the second network device, the eighth network data frame including plaintext data.

10. The data decryption method of claim 9, wherein the predetermined decryption key is generated by the decryption key generation method of any of claims 4 to 6.

Technical Field

The invention belongs to the technical field of communication, and particularly relates to an encryption key generation method, an encryption method, a decryption key generation method and a decryption method.

Background

Data encryption is seen everywhere, common symmetric encryption or asymmetric encryption uses a fixed key or a timing updating key, and whether the fixed key or the timing updating key is used, a large number of data packets use the same key. A hacker can obtain the passwords of a large number of data packets by breaking one packet of data by an attack. To increase data security, the complexity of the encryption algorithm can only be continuously increased, and the cracking difficulty is increased. However, any algorithm has the possibility of being cracked, so that the data security is improved, the complexity of the algorithm is improved, the time cost and the economic cost of cracking are also improved, and when the cracking cost is far greater than the benefit after cracking, the significance of data cracking is lost.

The traditional implementation of one packet and one cipher is to negotiate a key with each other before transmitting data each time, which can be used in the case of low-speed and small-amount data transmission, but for a large number of high-speed data packets, negotiating a key each time seriously affects the transmission performance.

Disclosure of Invention

In order to solve the above problems in the prior art, the present invention provides an encryption key generation method, an encryption method, a decryption key generation method, and a decryption method.

The embodiment of the invention provides an encryption key generation method, which comprises the following steps:

obtaining a first key factor;

setting a first fixed key, wherein the first fixed key is preset and stored in encryption equipment;

negotiating a first dynamic key, and negotiating between the encryption equipment and the decryption equipment according to a first configuration parameter and a first key negotiation method to obtain the first dynamic key;

performing a first logic operation on the first key factor, the first fixed key and the first dynamic key to obtain a first encryption key;

and carrying out Hash operation on the first encryption key to obtain a second encryption key, wherein the second encryption key is used for encrypting data.

In one embodiment of the invention, obtaining the first key factor comprises:

acquiring a first network data frame, wherein the first network data frame comprises an IPv4 header;

and acquiring identification information from the IPv4 header, and using the identification information as the first key factor.

In one embodiment of the invention, obtaining the first key factor comprises:

acquiring a second network data frame, wherein the second network data frame comprises an IPv6 header;

and acquiring flow label information from the IPv6 header, and taking the flow label information as the first key factor.

Another embodiment of the present invention provides a decryption key generation method, including:

acquiring a second key factor;

setting a second fixed key, wherein the second fixed key is preset and stored in decryption equipment;

negotiating a second dynamic key, and negotiating between the encryption equipment and the decryption according to a second configuration parameter and a second key negotiation method to obtain the second dynamic key;

performing a second logic operation on the second key factor, the second fixed key and the second dynamic key to obtain a first decryption key;

and carrying out Hash operation on the first decryption key to obtain a second decryption key, wherein the second decryption key is used for decrypting data.

In one embodiment of the invention, obtaining the second key factor comprises:

acquiring a third network data frame, wherein the third network data frame comprises an IPv4 header;

and acquiring identification information from the IPv4 header, and using the identification information as the second key factor.

In one embodiment of the invention, obtaining the second key factor comprises:

acquiring a fourth network data frame, wherein the fourth network data frame comprises an IPv6 header;

and acquiring flow label information from the IPv6 header, and taking the flow label information as the second key factor.

Another embodiment of the present invention provides a data encryption method, including a first network device and an encryption device connected to each other, where the encryption device, when executing the data encryption method, includes:

receiving a fifth network data frame, the fifth network data frame being sent by the first network device;

encrypting the fifth network data frame according to a preset encryption key to obtain ciphertext data;

and transmitting a sixth network data frame, wherein the sixth network data frame comprises ciphertext data.

In an embodiment of the present invention, the preset encryption key is generated by any of the encryption key generation methods described above.

Another embodiment of the present invention provides a data decryption method, including a decryption device and a second network device connected to each other, where the data decryption method executed on the decryption device includes:

receiving a seventh network data frame;

decrypting the seventh network data frame according to a preset decryption key to obtain plaintext data;

transmitting an eighth network data frame to the second network device, the eighth network data frame including plaintext data.

In an embodiment of the present invention, the preset decryption key is generated by any of the decryption key generation methods described above.

Compared with the prior art, the invention has the beneficial effects that:

the encryption key generation method provided by the invention has the advantages that each packet of network data frame is encrypted by using different keys, one packet is one secret, the complexity of the encryption key is high, the security of data transmission is increased, the cracking difficulty is improved, the cracking cost is always far more than the obtained benefit, the motivation and the power for cracking are lost, the generated encryption key does not need to be repeatedly arranged in data transmission, and the network data transmission performance is ensured.

The present invention will be described in further detail with reference to the accompanying drawings and examples.

Drawings

Fig. 1 is a schematic flowchart of an encryption key generation method according to an embodiment of the present invention;

fig. 2 is a schematic flowchart of a decryption key generation method according to an embodiment of the present invention;

fig. 3 is a schematic flow chart of a data encryption method according to an embodiment of the present invention;

fig. 4 is a schematic diagram illustrating a connection relationship between devices in a data encryption method and a data decryption method according to an embodiment of the present invention;

FIG. 5 is a flow chart of a data decryption method according to an embodiment of the present invention;

fig. 6 is a schematic diagram of a connection relationship between devices in another data encryption method and data decryption method according to an embodiment of the present invention.

Detailed Description

The present invention will be described in further detail with reference to specific examples, but the embodiments of the present invention are not limited thereto.