[go: up one dir, main page]

CN116155489B - Key replacement method and device and electronic equipment - Google Patents

Key replacement method and device and electronic equipment

Info

Publication number
CN116155489B
CN116155489B CN202211657498.XA CN202211657498A CN116155489B CN 116155489 B CN116155489 B CN 116155489B CN 202211657498 A CN202211657498 A CN 202211657498A CN 116155489 B CN116155489 B CN 116155489B
Authority
CN
China
Prior art keywords
key data
initial
data
buried point
image file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211657498.XA
Other languages
Chinese (zh)
Other versions
CN116155489A (en
Inventor
贺宇航
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Eswin Computing Technology Co Ltd
Original Assignee
Beijing Eswin Computing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Eswin Computing Technology Co Ltd filed Critical Beijing Eswin Computing Technology Co Ltd
Priority to CN202211657498.XA priority Critical patent/CN116155489B/en
Publication of CN116155489A publication Critical patent/CN116155489A/en
Application granted granted Critical
Publication of CN116155489B publication Critical patent/CN116155489B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)

Abstract

本申请涉及计算机技术领域,尤其涉及一种密钥替换的方法、装置和电子设备,用以提高安全操作系统的安全性能。其中,应用于编译服务器,方法包括:获取初始密钥数据对应的密钥数据结构,并基于至少一个初始埋点数据对密钥数据结构进行标记;基于标记结果,编译生成包含至少一个初始埋点数据和初始密钥数据的镜像文件;将镜像文件反馈给客户端。应用于客户端,方法包括:获取镜像文件;获取参考埋点数据,并将参考埋点数据与至少一个初始埋点数据分别进行匹配;根据匹配结果,确定初始密钥数据在镜像文件中的第一位置,并基于第一位置,将初始密钥数据替换为目标密钥数据。本申请客户端直接在镜像文件中替换密钥,从而提高安全操作系统的安全性能。

The present application relates to the field of computer technology, and in particular to a method, device and electronic device for key replacement, for improving the security performance of a secure operating system. Wherein, when applied to a compilation server, the method includes: obtaining a key data structure corresponding to the initial key data, and marking the key data structure based on at least one initial buried point data; based on the marking result, compiling and generating a mirror file containing at least one initial buried point data and initial key data; and feeding back the mirror file to the client. When applied to a client, the method includes: obtaining a mirror file; obtaining reference buried point data, and matching the reference buried point data with at least one initial buried point data respectively; according to the matching result, determining the first position of the initial key data in the mirror file, and based on the first position, replacing the initial key data with the target key data. The client of the present application directly replaces the key in the mirror file, thereby improving the security performance of the secure operating system.

Description

Key replacement method and device and electronic equipment
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for replacing a key, and an electronic device.
Background
With the rapid development of computer technology, network information is easy to be tampered by a third party in the transmission process, data risks exist, and corresponding security technical measures are adopted, so that the provision of proper security services is important. A hardware-based trusted execution environment (Trusted Execution Environment, TEE) may be used to protect the data being processed, creating a flexible and secure environment by ensuring the integrity and confidentiality of the data and the integrity of the code.
In the related art, in order to ensure that a complete trust chain is established, a trusted execution environment needs to add a digital signature to an executable file of a secure application, and complete signature verification in a starting stage of the secure application. Signature verification requires the use of a key that is hard-coded and packaged into the image file of the secure operating system to which the secure application corresponds.
When a key replacement is desired, it is necessary to reconstruct the image file of the secure operating system from the source code phase. But the developer does not want to release the source code to the customer. It is necessary for the client to master the key, which requires the developer to release the source code to the client, but is not beneficial to guaranteeing the security performance of the secure operating system.
Therefore, how to eliminate the contradiction between the fact that the developer does not release the source code and the fact that the client must master the secret key, and improve the safety performance of the safety operation system, is a problem to be solved urgently.
Disclosure of Invention
The embodiment of the application provides a method, a device and electronic equipment for replacing a secret key, which are used for improving the safety performance of a safety operation system.
The method for replacing the secret key provided by the embodiment of the application is applied to a compiling server and comprises the following steps:
Acquiring a key data structure corresponding to initial key data, and marking the key data structure based on at least one initial buried point data;
Compiling and generating an image file containing the at least one initial buried point data and the initial key data based on the marking result;
and feeding the image file back to the client so that the client locates the initial key data in the image file based on a matching result of the reference embedded point data and the at least one initial embedded point data and replaces the initial key data with target key data.
Optionally, the marking the key data structure based on at least one initial buried point data includes:
generating the at least one initial buried point data based on preset identification information and attribute information of the initial key data, wherein the attribute information comprises at least one of a key data type and a key data length;
A target key segment is declared and the key data structure is marked in the target key segment based on the at least one initial buried point data.
Optionally, the method further comprises:
in the initial key data, a field generated based on a target key rule is inserted.
Optionally, the obtaining the key data structure corresponding to the initial key data includes:
Respectively abstracting attribute information of the initial key data and the initial key data into at least one variable;
And determining the key data structure based on the obtained variables so as to compile by calling the corresponding variables in the compiling process of the image file.
Optionally, the compiling generates an image file containing the at least one initial buried point data and the initial key data, and further includes:
The initial key data in the image file is scrambled by the following method:
Performing reversible encryption operation on the initial key data to obtain encrypted initial key data, and generating at least one piece of pseudo key data aiming at the initial key data;
And each key data is placed into the image file through a target key segment, wherein the key data is encrypted initial key data or pseudo key data, and a preset byte offset interval is arranged between each two target key segments.
The method for replacing the secret key provided by the embodiment of the application is applied to the client and comprises the following steps:
Acquiring an image file compiled in advance by a compiling server, wherein the image file contains at least one initial buried point data and initial key data, and the initial buried point data is a key data structure for marking the corresponding initial key data;
Acquiring reference buried point data, and respectively matching the reference buried point data with the at least one initial buried point data;
And according to a matching result, determining a first position of the initial key data in the image file, and replacing the initial key data in the image file with target key data based on the first position.
Optionally, the acquiring the reference buried point data includes:
Obtaining locally stored reference buried point data, which is pre-stored locally by hard coding, or
And linking the storage servers, and acquiring reference buried point data from the storage servers, wherein the reference buried point data is shared by the compiling servers to the storage servers.
Optionally, the method further comprises:
Determining a second position of the initial buried data in the image file according to the matching result;
and replacing the initial buried point data in the image file with target buried point data based on the second position.
Optionally, the initial buried data is generated based on a combination of preset identification information and attribute information of the initial key data, wherein the attribute information comprises at least one of a key data type and a key data length.
The device for replacing the secret key provided by the embodiment of the application is applied to a compiling server and comprises the following components:
the marking unit is used for acquiring a key data structure corresponding to the initial key data and marking the key data structure based on at least one initial buried point data;
A compiling unit for compiling and generating an image file containing the at least one initial buried point data and the initial key data based on the marking result;
And the feedback unit is used for feeding back the image file to the client so that the client locates the initial key data in the image file based on a matching result of the reference embedded point data and the at least one initial embedded point data and replaces the initial key data with the target key data.
Optionally, the marking unit is further configured to:
generating the at least one initial buried point data based on preset identification information and attribute information of the initial key data, wherein the attribute information comprises at least one of a key data type and a key data length;
A target key segment is declared and the key data structure is marked in the target key segment based on the at least one initial buried point data.
Optionally, the apparatus further includes:
And the inserting unit is used for inserting a field generated based on the target key rule into the initial key data.
Optionally, the marking unit is further configured to:
Respectively abstracting attribute information of the initial key data and the initial key data into at least one variable;
And determining the key data structure based on the obtained variables so as to compile by calling the corresponding variables in the compiling process of the image file.
Optionally, the compiling unit is further configured to:
The initial key data in the image file is scrambled by the following method:
Performing reversible encryption operation on the initial key data to obtain encrypted initial key data, and generating at least one piece of pseudo key data aiming at the initial key data;
And each key data is placed into the image file through a target key segment, wherein the key data is encrypted initial key data or pseudo key data, and a preset byte offset interval is arranged between each two target key segments.
The device for replacing the secret key provided by the embodiment of the application is applied to the client and comprises the following components:
the system comprises an acquisition unit, a compiling server and a compiling unit, wherein the acquisition unit is used for acquiring an image file compiled in advance by the compiling server, and the image file contains at least one initial buried point data and initial key data;
The matching unit is used for acquiring reference buried point data and respectively matching the reference buried point data with the at least one initial buried point data;
And the first replacing unit is used for determining a first position of the initial key data in the image file according to the matching result and replacing the initial key data in the image file with target key data based on the first position.
Optionally, the matching unit is further configured to:
Obtaining locally stored reference buried point data, which is pre-stored locally by hard coding, or
And linking the storage servers, and acquiring reference buried point data from the storage servers, wherein the reference buried point data is shared by the compiling servers to the storage servers.
Optionally, the apparatus further includes:
A second replacing unit, configured to determine a second position of the initial embedded data in the image file according to a matching result;
and replacing the initial buried point data in the image file with target buried point data based on the second position.
Optionally, the initial buried data is generated based on a combination of preset identification information and attribute information of the initial key data, wherein the attribute information comprises at least one of a key data type and a key data length.
An electronic device provided in an embodiment of the present application includes a processor and a memory, where the memory stores a computer program that, when executed by the processor, causes the processor to perform the steps of any one of the above-described methods for key replacement.
The embodiment of the application provides a computer readable storage medium, which comprises a computer program, wherein when the computer program runs on electronic equipment, the computer program is used for enabling the electronic equipment to execute the steps of any one of the key replacement methods.
The embodiment of the application provides a computer program product, which comprises a computer program, wherein the computer program is stored in a computer readable storage medium, and when a processor of an electronic device reads the computer program from the computer readable storage medium, the processor executes the computer program to enable the electronic device to execute the steps of any one of the key replacement methods.
The application has the following beneficial effects:
The embodiment of the application provides a method, a device and electronic equipment for replacing a secret key. In the application, the key data structure is marked based on the initial buried point data, and then the image file containing the initial buried point data and the initial key data is compiled and generated, so that the client can directly match the initial buried point data by referring to the buried point data in the acquired image file, locate the position of the initial key data in the image file, and according to the located position, the client can directly perform key replacement in the image file without recompilation from a source code stage to generate the image file.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the application. The objectives and other advantages of the application will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application.
Fig. 1 is a schematic diagram of an application scenario in an embodiment of the present application;
FIG. 2 is a flowchart of a method for replacing a key applied to a compiling server according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a key data structure in an embodiment of the present application;
FIG. 4A is a schematic diagram of a target key segment in an embodiment of the present application;
FIG. 4B is a schematic diagram of another target key segment in an embodiment of the application;
FIG. 5 is a flowchart of an embodiment of a method for replacing a key applied to a client;
FIG. 6 is a schematic flow chart of interaction between a compiling server and a client according to an embodiment of the application;
FIG. 7 is a flowchart of a specific implementation of a client replacing initial key data according to an embodiment of the present application;
fig. 8 is a schematic diagram of the composition and structure of a device 800 for replacing a key according to an embodiment of the present application;
fig. 9 is a schematic diagram of the composition and structure of a device 900 for replacing a key in an embodiment of the present application;
Fig. 10 is a schematic diagram of a composition structure of an electronic device according to an embodiment of the present application;
Fig. 11 is a schematic diagram of a hardware composition of a computing device to which embodiments of the present application are applied.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the technical solutions of the present application, but not all embodiments. All other embodiments, based on the embodiments described in the present document, which can be obtained by a person skilled in the art without any inventive effort, are within the scope of protection of the technical solution of the present application.
Some of the concepts involved in the embodiments of the present application are described below.
TEE is a secure area located in the host processor. Loading the running code and data in the TEE may be protected for privacy and integrity. The TEE may run in parallel with the user-oriented operating system, but with better privacy and security than the latter.
Buried point and buried point data, wherein the buried point refers to that a section of code is added in front of or behind the data to be monitored and used for marking the monitored data, and the specific content of the code is the buried point data. The embodiment of the application relates to initial buried point data and reference buried point data. The initial buried point data is used for marking the key data structure, and the reference buried point data is stored in a local or storage server and used for matching the initial buried point data so as to locate the initial key data.
Key data refers to cipher data used in the encryption and decryption process, and includes private key data (abbreviated as private key data) and public key data (abbreviated as public key data). The embodiment of the application relates to initial key data and target key data, and the two key data are aimed at public key data, and in order to distinguish the public key data simply, different limiting modes are adopted. The initial key data refers to public key data packed into an image file of the secure operating system in a hard-coded mode, and the target key data refers to public key data used for replacing the initial key data.
The target key section is characterized by the declared program section and is stored in an image file of the safe operating system. In the embodiment of the application, the target key segment comprises at least one initial buried point data and initial key data.
The preferred embodiments of the present application will be described below with reference to the accompanying drawings of the specification, it being understood that the preferred embodiments described herein are for illustration and explanation only, and not for limitation of the present application, and embodiments of the present application and features of the embodiments may be combined with each other without conflict.
Fig. 1 is a schematic diagram of an application scenario according to an embodiment of the present application. The application scenario diagram includes a client 110 and a compiling server 120.
It should be noted that the method of key replacement in the embodiments of the present application may be performed by the client 110, which is installed on the terminal device.
In the embodiment of the application, the terminal equipment comprises, but is not limited to, mobile phones, tablet computers, notebook computers, desktop computers and other equipment, and a client related to key replacement can be installed on the terminal equipment, wherein the client can be software, web pages, applets and the like. A storage server may also be included in the scenario for storing data required by the client. The storage server and the compiling server may be independent physical servers, or may be a server cluster or a distributed system formed by a plurality of physical servers, or may be a cloud server providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, content delivery networks (Content Delivery Network, CDNs), basic cloud computing services such as big data and artificial intelligence platforms, and the like.
In an alternative embodiment, the communication between the terminal device and the server may be via a communication network.
In an alternative embodiment, the communication network is a wired network or a wireless network.
It should be noted that, the number of terminal devices, storage servers and compiling servers shown in fig. 1 is merely illustrative, and the number of terminal devices, storage servers and compiling servers is not limited in practice, and is not particularly limited in the embodiment of the present application.
The method of key replacement provided by the exemplary embodiments of the present application will be described below with reference to the accompanying drawings in conjunction with the above-described application scenario, it being noted that the above-described application scenario is merely illustrated for the convenience of understanding the spirit and principle of the present application, and embodiments of the present application are not limited in any way in this respect.
Referring to fig. 2, a flowchart of an implementation of a method for replacing a key in a compiling server according to an embodiment of the present application is shown, wherein the compiling server is used as an execution body, and the specific implementation flow of the method includes steps S201 to S203 as follows:
S201, acquiring a key data structure corresponding to the initial key data, and marking the key data structure based on at least one initial buried point data.
The initial key data refers to public key data used in the decryption process, and the public key data can be packaged into an image file of the secure operating system in a hard coding mode.
Initial buried data refers to a piece of code for marking a key data structure, which may be placed in front of or behind the key data structure.
The key data structure refers to a key data structure formed by respectively abstracting the type of the initial key data, the length of the initial key data, and other optional data into variables based on the obtained variables.
An alternative implementation manner is to obtain a key data structure corresponding to the initial key data by the following manner:
Firstly, respectively abstracting attribute information of initial key data and the initial key data into at least one variable;
Then, a key data structure is determined based on the obtained variables, so that the corresponding variables are called for compiling in the compiling process of the image file.
The method comprises the steps of extracting initial key data from a secure operating system image file, wherein the initial key data represents public key data in the secure operating system image file and consists of an e value and a modulus value, abstracting the e value in the initial key data into a variable e, and abstracting the modulus value in the initial key data into a variable N. The attribute information of the initial key data includes a type of the initial key data and a length of the initial key data, and abstracts the type of the initial key data into a variable key type and abstracts the length of the initial key data into a variable key size.
Referring to fig. 3, a schematic diagram of a key data structure according to an embodiment of the application is shown. In this figure, header information in the key data structure may be composed of a variable key type and a variable key size, and public key data in the key data structure may be composed of a variable N and a variable e. In addition, other optional data structures may be included in the key data structure, such as a magic number and a salt, where the magic number refers to a fixed value that may be written directly in the code, such as a company name, a company established date. salt refers to the insertion of a specific string in the original key data, a process called salifying to prevent rainbow table attacks. For example, some hackers can calculate hash values to make a table, and can reverse out the original text content by looking up the existing hash values in the table, so that the problem can be effectively avoided by adding salt.
In addition, the key data structure requires a large enough space to be declared in order to be compatible with longer specification key data. In the practice of the present application, the declared space may be compatible with 2048 bits of key data length.
Based on the above mode, the key data structure corresponding to the initial key data can be obtained, and the operation is ensured not to be tampered.
Before compiling and generating an image file, the key data structure needs to be marked with buried points, so that the position of the initial key data can be accurately positioned through the initial buried point data, and the replacement of the initial key data is completed.
In marking the key data structure in conjunction with the initial buried point data, an alternative embodiment is as follows:
firstly, generating at least one initial buried point data based on preset identification information and attribute information of initial key data in a combined mode;
further, a target key segment is declared and the key data structure is marked in the target key segment based on the at least one initial buried point data.
The preset identification information may be a character string set at will, for example abcd0001, or a character string set according to a magic number, for example, an ASCII code (an information exchange standard code) of a company name.
In the present application, the attribute information of the key data includes at least one of a key data type and a key data length. The key data types include two types, namely a symmetric key and an asymmetric key, wherein the symmetric key refers to the same key used in the encryption/decryption process, and the asymmetric key refers to different keys used in the encryption/decryption process. For example, the key data type is an asymmetric key, and is set to ASYMMETRICKEYS correspondingly. The key data length includes 126 bits, 512 bits, 1024 bits, and 2048 bits.
Based on the above, an initial buried point data, such as abcd00011024, may be generated by combining the preset identification information and the initial key data length. Or the preset identification information, the initial key data type and the initial key data length can be combined to generate initial buried point data, such as abcd0001ASYMMETRICKEYS, or the preset identification information, the initial key data type and the initial key data length can be combined to generate initial buried point data, such as abcd0001ASYMMETRICKEYS1024.
It should be noted that the preset identification information, the key data type, the key data length and the initial embedded data listed above are only simple examples, and are not limited in particular herein.
In the above manner, by declaring the target key segment in which the key data structure is marked based on the initial buried point data, the client can be quickly located to the position of the initial key data.
In the embodiment of the present application, under the condition that the original key data in the image file is not scrambled, the target key segment is placed in the read-only data (rodata) segment in the image file, and includes at least one original buried point data and a key data structure, and referring to fig. 4A, a schematic diagram of a target key segment in the embodiment of the present application is shown. In this figure, the target key segment contains an initial buried point data by which the key data structure is marked.
Further, a field generated based on the target key rule may be inserted in the initial key data.
Specifically, the target key rule characterizes that one key algorithm in the key algorithm library is modified, and some fields can be inserted into the initial key data through the modified key algorithm. For example, the initial key data is 0110, and the initial key data after inserting the field is 00111100 through the modified key algorithm.
It should be noted that the above-mentioned initial key data and the initial key data after the field is inserted are only simple examples, and are not limited in detail herein.
Based on the mode, the real initial key data can be hidden, and the safety of the initial key data is ensured.
S202, compiling and generating an image file containing at least one initial buried point data and initial key data based on a marking result;
an alternative embodiment is to scramble the initial key data in the image file by:
performing reversible encryption operation on the initial key data to obtain encrypted initial key data, and generating at least one piece of pseudo key data aiming at the initial key data; and then, each key data is respectively put into the image file through one target key segment.
The key data is encrypted initial key data or pseudo key data, and a preset byte offset interval is arranged between each two target key segments.
For example, if the initial key data is 1234, and the initial key data is subjected to reversible encryption operation, the encrypted initial key data is abcd. For example, for the initial key data 1234, the dummy key data may be aacd, abbd, abcc or the like.
Based on this, four key data structures can be obtained, wherein the key data in one key data structure is abcd, and the key data in the other three key data structures are aacd, abbd, abcc respectively. Four target key segments are thus obtained, of which only the target key segment containing the initial key data is placed in the read-only data (rodata) segment in the image file, and other target key segments containing the dummy key data may be placed in the rodata segment in the image file, or in other segments in the image file. Each target key segment is placed in the image file at a preset byte offset interval, for example, 200 bytes.
The above-mentioned initial key data, encrypted initial key data, pseudo key data, and the like are merely examples, and are not particularly limited herein.
In the mode, the initial key data is scrambled, and a plurality of target key segments are regularly arranged in the image file, so that the initial key data can be hidden, and the safety of the initial key data is ensured.
Furthermore, the initial key data in the image file may be null, i.e., the initial key data is not specified in the image file.
And S203, feeding back the image file to the client so that the client locates initial key data in the image file based on the matching result of the reference buried point data and at least one initial buried point data, and replaces the initial key data with target key data.
Specifically, the reference buried data is used to match the initial buried data, and if the reference buried data is identical to the initial buried data, the initial key data in the target key segment can be located, so that the initial key data can be replaced by the target key data.
Based on the mode, the key data structure is marked by the initial buried point data, and the image file containing the initial buried point data and the key data structure is compiled and generated, so that the client can be quickly positioned at the position of the initial key data.
Referring to fig. 5, a flowchart of an implementation of a key replacement method applied to a client according to an embodiment of the present application is shown, and a terminal device is used as an execution body, where the implementation flow of the method includes steps S501-S503 as follows:
S501, obtaining an image file pre-compiled by a compiling server, wherein the image file contains at least one initial buried point data and initial key data, and the initial buried point data is a key data structure for marking the corresponding initial key data.
The initial buried point data is generated based on the combination of preset identification information and attribute information of initial key data, wherein the attribute information comprises at least one of a key data type and a key data length.
Specifically, the image file is fed back to the client by the compiling server. The at least one initial buried point data is characterized in that the initial buried point data can be placed in front of the key data structure, and the initial buried point data can also be placed in front of and behind the key data structure. Referring to fig. 4B, a schematic diagram of another target key segment according to an embodiment of the present application is shown. In this figure, the target key segment contains two initial buried point data, and the key data structure is marked by the two initial buried point data.
If the initial key data in the key data structure in the obtained image file is null, that is, the initial key data is not specified in the image file, an initial key data can be generated by the client.
If the initial key data is specified in the key data structure in the obtained image file, the client can judge the validity of the initial key data.
If the initial key data is illegal, whether the client can regenerate the initial key data can be judged according to the type of the initial key data.
If the client can be compatible with the initial key data type, the client can regenerate the initial key data, and if the client can not be compatible with the initial key data type, the client can report the error to exit the process of key replacement.
S502, acquiring reference buried point data, and respectively matching the reference buried point data with at least one initial buried point data.
In an embodiment of the present application, the reference buried data may be acquired by:
In the first mode, locally stored reference buried point data is obtained, and the reference buried point data is prestored locally in a hard coding mode.
The feature value of the reference embedded point data is included in the feature value of at least one initial embedded point data, for example, the initial key data in the image file is not scrambled, the image file only contains one initial key data, if the initial embedded point data corresponding to the initial key data is abc2048, the reference embedded point data is abc2048, after the scrambling operation is performed on the initial key data, the initial embedded point data corresponding to the initial key data is abc2048, and the initial embedded point data corresponding to the pseudo key data is 110126, 100512 and abc1024, at this time, the reference embedded point data is abc2048.
And the second mode is to link the storage server, acquire reference buried point data from the storage server, and share the reference buried point data with the storage server for the compiling server.
For example, the reference embedded point data is abc2048, and the compiling server stores the characteristic value of the reference embedded point data, and shares the characteristic value to the storage server, so that the client can obtain the characteristic value from the storage server when networking.
The method comprises the steps of acquiring reference buried point data from local under the condition of not networking, and acquiring the reference buried point data from local or through a link storage server under the condition of networking.
Based on the above manner, the reference buried point data can be obtained, and then the reference buried point data is matched with at least one initial buried point data in the image file, and the initial buried point data which is the same as the reference buried point data is matched.
S503, according to the matching result, determining a first position of the initial key data in the image file, and replacing the initial key data in the image file with the target key data based on the first position.
Specifically, if the initial buried data identical to the reference buried data is matched, the initial key data can be located at the position of the initial key data, so that the initial key data in the image file is replaced by the target key data.
In addition, the initial buried data can be replaced, specifically as follows:
① Determining a second position of the initial buried point data in the mirror image file according to the matching result;
② And replacing the initial buried point data in the image file with target buried point data based on the second position.
The target embedded point data can be generated by combining preset identification information and attribute information of target key data, wherein the attribute information of the target key data comprises at least one of a target key data type and a target key data length. For example, if the preset identification information is aabb and the target key data length is 2048, the target buried data generated by combining is aabb2048.
In the mode, the initial embedded point data is replaced, so that the position rule of the embedded point data in the image file can be prevented from being found out from the image files before and after replacement, and the safety is improved.
Referring to fig. 6, a schematic flow chart of interaction between a compiling server and a client in an embodiment of the application is shown, and a specific interaction flow is as follows:
step S601, a compiling server acquires a key data structure corresponding to initial key data and marks the key data structure based on at least one initial buried point data;
Step S602, compiling server compiles and generates an image file containing at least one initial buried point data and initial key data based on the marking result;
Step S603, the compiling server feeds back the image file to the client;
step S604, the client acquires an image file pre-compiled by a compiling server;
Step S605, the client acquires reference buried point data and respectively matches the reference buried point data with at least one initial buried point data;
Step S606, the client determines a first position of the initial key data in the image file according to the matching result, and replaces the initial key data in the image file with the target key data based on the first position;
In the embodiment of the application, based on the steps, the client can replace the key data in the image file through the interaction between the compiling server and the client.
Referring to fig. 7, a schematic diagram of a specific implementation flow of replacing initial key data by a client in an embodiment of the present application is shown, where the specific implementation flow is as follows:
Step S701, the initial key data is not designated in the image file, namely, the initial key data in the image file is empty;
step S702, the client generates initial key data;
step S703, matching the initial buried point data in the mirror image file;
Step S704, positioning the position of the initial key data according to the matching result, and replacing the initial key data with target key data;
step S705, the initial key data is appointed in the mirror image file;
Step S706, judging whether the designated initial key data is legal or not, if the designated initial key data is legal, executing steps S703 and S704;
Step S707, if the designated initial key data is illegal, judging whether the initial key data can be regenerated, if so, exiting the process of replacing the initial key data;
Step S708, if the initial key data can be regenerated, the initial key data is regenerated, and then steps S703 and S704 are performed.
Based on the same inventive concept, the embodiment of the application also provides a device for replacing the key. Referring to fig. 8, a schematic diagram of a key replacement apparatus 800, which may be applied to a compiling server, may include:
a marking unit 801, configured to obtain a key data structure corresponding to the initial key data, and mark the key data structure based on at least one initial buried point data;
a compiling unit 802, configured to compile and generate an image file containing at least one initial buried point data and initial key data based on the marking result;
and a feedback unit 803, configured to feed back the image file to the client, so that the client locates the initial key data in the image file based on the matching result of the reference buried point data and the at least one initial buried point data, and replaces the initial key data with the target key data.
Optionally, the marking unit 801 is further configured to:
Generating at least one initial buried point data based on the preset identification information and attribute information of the initial key data, wherein the attribute information comprises at least one of a key data type and a key data length;
The target key segment is declared and the key data structure is marked in the target key segment based on at least one initial buried point data.
Optionally, the apparatus further comprises:
an inserting unit 804 is configured to insert, in the initial key data, a field generated based on the target key rule.
Wherein the insertion unit 804 is represented by a dashed box, which characterizes the unit as a newly added unit in performing the above-described corresponding optional steps. This is merely a simple example, and the new way may be adopted, or other ways may be adopted, which are not specifically limited herein.
Optionally, the marking unit 801 is further configured to:
respectively abstracting attribute information of the initial key data and the initial key data into at least one variable;
And determining a key data structure based on the obtained variables so as to compile by calling the corresponding variables in the compiling process of the image file.
Optionally, the compiling unit 802 is further configured to:
The initial key data in the image file is scrambled by:
Performing reversible encryption operation on the initial key data to obtain encrypted initial key data, and generating at least one piece of pseudo key data aiming at the initial key data;
and each key data is placed into the image file through one target key segment, wherein the key data is encrypted initial key data or pseudo key data, and a preset byte offset interval is reserved between each two target key segments.
Referring to fig. 9, which is a schematic diagram illustrating a composition structure of a key replacement device 900, the key replacement device may be applied to a client, and may include:
an obtaining unit 901, configured to obtain an image file compiled in advance by a compiling server, where the image file contains at least one initial buried point data and initial key data;
a matching unit 902, configured to obtain reference buried point data, and match the reference buried point data with at least one initial buried point data respectively;
The first replacing unit 903 is configured to determine a first location of the initial key data in the image file according to the matching result, and replace the initial key data in the image file with the target key data based on the first location.
Optionally, the matching unit 902 is further configured to:
acquiring locally stored reference buried point data, which is pre-stored locally by hard coding, or
And linking the storage servers, and acquiring reference embedded point data from the storage servers, wherein the reference embedded point data is shared by the compiling servers to the storage servers.
Optionally, the apparatus further comprises:
a second replacing unit 904, configured to determine a second position of the initial buried point data in the image file according to the matching result;
And replacing the initial buried point data in the image file with target buried point data based on the second position.
Wherein the second replacement unit 904 is represented by a dashed box, which characterizes the unit as a newly added unit in performing the corresponding optional steps described above. This is merely a simple example, and the new way may be adopted, or other ways may be adopted, which are not specifically limited herein.
Optionally, the initial buried data is generated based on a combination of preset identification information and attribute information of the initial key data, wherein the attribute information includes at least one of a key data type and a key data length.
For convenience of description, the above parts are described as being functionally divided into modules (or units) respectively. Of course, the functions of each module (or unit) may be implemented in the same piece or pieces of software or hardware when implementing the present application.
Having described the method and apparatus for key replacement according to an exemplary embodiment of the present application, next, an electronic device according to another exemplary embodiment of the present application is described.
Those skilled in the art will appreciate that the various aspects of the application may be implemented as a system, method, or program product. Accordingly, aspects of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects that may be referred to herein collectively as a "circuit," module "or" system.
The embodiment of the application also provides electronic equipment based on the same conception as the embodiment of the method. In one embodiment, the electronic device may be a server. In this embodiment, the electronic device may be configured as shown in fig. 10, including a memory 1001, a communication module 1003, and one or more processors 1002.
Memory 1001 for storing computer programs for execution by processor 1002. The memory 1001 may mainly include a storage program area which may store an operating system, programs required for running an instant messaging function, and the like, and a storage data area which may store various instant messaging information, an operation instruction set, and the like.
The memory 1001 may be a volatile memory (RAM) such as a random-access memory (RAM), a nonvolatile memory (non-volatile memory) such as a read-only memory (rom), a flash memory (flash memory), a hard disk (HARD DISK DRIVE, HDD) or a Solid State Disk (SSD), or any other medium that can be used to carry or store a desired computer program in the form of instructions or data structures and that can be accessed by a computer, the memory 1001 is not limited thereto. Memory 1001 may be a combination of the above.
The processor 1002 may include one or more central processing units (central processing unit, CPUs) or digital processing units, or the like. A processor 1002 for implementing the above-described key replacement method when calling a computer program stored in the memory 1001.
The communication module 1003 is used for communicating with a terminal device and other servers.
The specific connection medium between the memory 1001, the communication module 1003, and the processor 1002 is not limited in the embodiment of the present application. The embodiment of the present application is shown in fig. 10, where the memory 1001 and the processor 1002 are connected by a bus 1004, where the bus 1004 is shown in bold in fig. 10, and the connection between other components is merely illustrative, and not limiting. The bus 1004 may be divided into an address bus, a data bus, a control bus, and the like. For ease of description, only one thick line is depicted in fig. 10, but only one bus or one type of bus is not depicted.
The memory 1001 has stored therein a computer storage medium having stored therein computer executable instructions for implementing the method of key replacement of an embodiment of the present application. The processor 1002 is configured to perform the method of key replacement described above, as shown in fig. 5.
A computing device 1100 according to this embodiment of the application is described below with reference to fig. 11. The computing device 1100 of fig. 11 is merely an example and should not be taken as limiting the functionality and scope of use of embodiments of the present application.
As shown in fig. 11, computing device 1100 is in the form of a general purpose computing device. The components of computing device 1100 may include, but are not limited to, at least one processing unit 1101 described above, at least one memory unit 1102 described above, and a bus 1103 that connects the various system components, including the memory unit 1102 and the processing unit 1101.
The bus 1103 represents one or more of several types of bus structures, including a memory bus or memory controller, a peripheral bus, a processor, and a local bus using any of a variety of bus architectures.
The storage unit 1102 may include a readable medium in the form of volatile memory, such as Random Access Memory (RAM) 1121 and/or cache memory 1122, and may further include Read Only Memory (ROM) 1123.
The storage unit 1102 may also include a program/utility 1125 having a set (at least one) of program modules 1124, such program modules 1124 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
The computing device 1100 may also communicate with one or more external devices 1104 (e.g., keyboard, pointing device, etc.), one or more devices that enable a user to interact with the computing device 1100, and/or any devices (e.g., routers, modems, etc.) that enable the computing device 1100 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 1105. Moreover, computing device 1100 may also communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through a network adapter 1106. As shown in fig. 11, network adapter 1106 communicates with other modules for computing device 1100 over bus 1103. It should be appreciated that although not shown, other hardware and/or software modules may be utilized in connection with the computing apparatus 1100, including, but not limited to, microcode, device drivers, redundant processors, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
In some possible embodiments, aspects of the method of key replacement provided by the present application may also be implemented in the form of a program product comprising a computer program for causing an electronic device to perform the steps of the method of key replacement according to the various exemplary embodiments of the application described herein above when the program product is run on the electronic device, e.g. the electronic device may perform the steps as shown in fig. 5.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of a readable storage medium include an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The program product of embodiments of the present application may employ a portable compact disc read only memory (CD-ROM) and comprise a computer program and may run on a computing device. However, the program product of the present application is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with a command execution system, apparatus, or device.
The readable signal medium may comprise a data signal propagated in baseband or as part of a carrier wave in which a readable computer program is embodied. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with a command execution system, apparatus, or device.
A computer program embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer programs for performing the operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer program may execute entirely on the user's computing device, partly on the user's equipment, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
It should be noted that although several units or sub-units of the apparatus are mentioned in the above detailed description, such a division is merely exemplary and not mandatory. Indeed, the features and functions of two or more of the elements described above may be embodied in one element in accordance with embodiments of the present application. Conversely, the features and functions of one unit described above may be further divided into a plurality of units to be embodied.
Furthermore, although the operations of the methods of the present application are depicted in the drawings in a particular order, this is not required or suggested that these operations must be performed in this particular order or that all of the illustrated operations must be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the spirit or scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims (10)

1. A key replacement method, applied to a client, the method comprising:
The method comprises the steps of obtaining an image file pre-compiled by a compiling server, wherein the image file contains at least one initial buried point data and initial key data, the initial buried point data is generated based on the combination of preset identification information and attribute information of the initial key data, the initial buried point data is used for marking a key data structure corresponding to the initial key data in a declared target key section, the attribute information comprises at least one of a key data type and a key data length, and the initial key data refers to public key data used in a decryption process;
Acquiring reference buried point data, and respectively matching the reference buried point data with the at least one initial buried point data;
And according to a matching result, determining a first position of the initial key data in the image file, and replacing the initial key data in the image file with target key data based on the first position.
2. The method of claim 1, wherein the acquiring reference buried point data comprises:
Obtaining locally stored reference buried point data, which is pre-stored locally by hard coding, or
And linking the storage servers, and acquiring reference buried point data from the storage servers, wherein the reference buried point data is shared by the compiling servers to the storage servers.
3. The method of claim 1, wherein the method further comprises:
Determining a second position of the initial buried data in the image file according to the matching result;
and replacing the initial buried point data in the image file with target buried point data based on the second position.
4. A key replacement method, applied to a compiling server, comprising:
The method comprises the steps of obtaining a key data structure corresponding to initial key data, generating at least one initial buried point data based on preset identification information and attribute information of the initial key data, declaring a target key segment, and marking the key data structure based on the at least one initial buried point data in the target key segment, wherein the attribute information comprises at least one of a key data type and a key data length;
Compiling and generating an image file containing the at least one initial buried point data and the initial key data based on the marking result;
and feeding the image file back to the client so that the client locates the initial key data in the image file based on a matching result of the reference embedded point data and the at least one initial embedded point data and replaces the initial key data with target key data.
5. The method of claim 4, wherein the method further comprises:
in the initial key data, a field generated based on a target key rule is inserted.
6. The method of claim 4, wherein the obtaining the key data structure corresponding to the initial key data comprises:
Respectively abstracting attribute information of the initial key data and the initial key data into at least one variable;
And determining the key data structure based on the obtained variables so as to compile by calling the corresponding variables in the compiling process of the image file.
7. The method of claim 4, wherein the compiling generates an image file containing the at least one initial buried point data and the initial key data, further comprising:
The initial key data in the image file is scrambled by the following method:
Performing reversible encryption operation on the initial key data to obtain encrypted initial key data, and generating at least one piece of pseudo key data aiming at the initial key data;
And each key data is placed into the image file through a target key segment, wherein the key data is encrypted initial key data or pseudo key data, and a preset byte offset interval is arranged between each two target key segments.
8. A key replacement device for application to a client, the device comprising:
The system comprises an acquisition unit, a compiling server and a decryption unit, wherein the acquisition unit is used for acquiring an image file pre-compiled by the compiling server, the image file contains at least one initial buried point data and initial key data, the initial buried point data is generated based on the combination of preset identification information and attribute information of the initial key data, the initial buried point data is used for marking a key data structure corresponding to the initial key data in a declared target key section, the attribute information comprises at least one of a key data type and a key data length, and the initial key data refers to public key data used in a decryption process;
The matching unit is used for acquiring reference buried point data and respectively matching the reference buried point data with the at least one initial buried point data;
And the first replacing unit is used for determining a first position of the initial key data in the image file according to the matching result and replacing the initial key data in the image file with target key data based on the first position.
9. A key replacement device, for use with a compiling server, the device comprising:
The system comprises a marking unit, a target key section, a marking unit and a decryption unit, wherein the marking unit is used for acquiring a key data structure corresponding to initial key data and generating at least one initial buried point data based on preset identification information and attribute information of the initial key data;
A compiling unit for compiling and generating an image file containing the at least one initial buried point data and the initial key data based on the marking result;
And the feedback unit is used for feeding back the image file to the client so that the client locates the initial key data in the image file based on a matching result of the reference embedded point data and the at least one initial embedded point data and replaces the initial key data with the target key data.
10. An electronic device comprising a processor and a memory, wherein the memory stores a computer program which, when executed by the processor, causes the processor to perform the steps of the method of any of claims 1 to 7.
CN202211657498.XA 2022-12-22 2022-12-22 Key replacement method and device and electronic equipment Active CN116155489B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211657498.XA CN116155489B (en) 2022-12-22 2022-12-22 Key replacement method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211657498.XA CN116155489B (en) 2022-12-22 2022-12-22 Key replacement method and device and electronic equipment

Publications (2)

Publication Number Publication Date
CN116155489A CN116155489A (en) 2023-05-23
CN116155489B true CN116155489B (en) 2025-08-15

Family

ID=86372772

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211657498.XA Active CN116155489B (en) 2022-12-22 2022-12-22 Key replacement method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN116155489B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119249516A (en) * 2024-09-27 2025-01-03 苏州元脑智能科技有限公司 A mirror file generation method, refresh method, device, equipment and medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104809405A (en) * 2015-04-24 2015-07-29 广东电网有限责任公司信息中心 Structural data asset leakage prevention method based on hierarchical classification
CN111130760A (en) * 2019-10-25 2020-05-08 苏州浪潮智能科技有限公司 Method, equipment and storage medium for replacing BMC key

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10536268B2 (en) * 2017-08-31 2020-01-14 Cisco Technology, Inc. Passive decryption on encrypted traffic to generate more accurate machine learning training data
CN110009349B (en) * 2019-03-26 2020-05-29 阿里巴巴集团控股有限公司 Method and device for generating and verifying linkable ring signature in block chain
CN114430321B (en) * 2022-04-07 2022-07-12 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) DFA self-adaptive security-based black box traceable key attribute encryption method and device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104809405A (en) * 2015-04-24 2015-07-29 广东电网有限责任公司信息中心 Structural data asset leakage prevention method based on hierarchical classification
CN111130760A (en) * 2019-10-25 2020-05-08 苏州浪潮智能科技有限公司 Method, equipment and storage medium for replacing BMC key

Also Published As

Publication number Publication date
CN116155489A (en) 2023-05-23

Similar Documents

Publication Publication Date Title
EP1942431B1 (en) Software or other information integrity verification using variable block length and selection
US10284372B2 (en) Method and system for secure management of computer applications
CN109040090A (en) A kind of data ciphering method and device
Ronen et al. Pseudo constant time implementations of TLS are only pseudo secure
US9116765B2 (en) System and method for obfuscating data using instructions as a source of pseudorandom values
JP2020506597A (en) Data masking
CN112035860B (en) File encryption method, terminal, device, equipment and medium
CN111404682A (en) A kind of Android environment key segmentation processing method and device
US10572635B2 (en) Automatic correction of cryptographic application program interfaces
CN111723394A (en) A privacy-preserving distributed computing method and system for dynamically loading code bases
CN111400771A (en) Target partition checking method and device, storage medium and computer equipment
CN117313046A (en) Code reinforcement method, code loading method, device and medium
CN117009931A (en) Watermarking and watermarking application methods, devices, equipment and storage medium
CN116155489B (en) Key replacement method and device and electronic equipment
WO2017197869A1 (en) Version file checking method and apparatus, encryption method and apparatus, and storage medium
CN119227120B (en) A trusted data exchange method, device and storage medium based on trusted space
Shirey et al. Analysis of implementations to secure git for use as an encrypted distributed version control system
CN113221077B (en) Class file encryption method and equipment based on spring container
CN112257033A (en) Application packaging method, device and equipment
CN111949738A (en) Block chain-based data storage deduplication method, terminal device and storage medium
Li et al. End-to-End Encrypted Git Services
CN115795413B (en) Software Authentication Protection Method and System Based on National Secret Algorithm
CN116070219B (en) Method and system for writing patch, electronic device and storage medium
CN112860306B (en) File generation method and device, file operation method and device and electronic equipment
WO2023212838A1 (en) Fast signature generation and verification

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant