[go: up one dir, main page]

CN111526016B - Parameter configuration method and device for cryptographic algorithm - Google Patents

Parameter configuration method and device for cryptographic algorithm Download PDF

Info

Publication number
CN111526016B
CN111526016B CN202010337531.5A CN202010337531A CN111526016B CN 111526016 B CN111526016 B CN 111526016B CN 202010337531 A CN202010337531 A CN 202010337531A CN 111526016 B CN111526016 B CN 111526016B
Authority
CN
China
Prior art keywords
parameter
factor
configuration
parameters
password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010337531.5A
Other languages
Chinese (zh)
Other versions
CN111526016A (en
Inventor
崔超
肖勇
赵云
林伟斌
蔡梓文
徐迪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China South Power Grid International Co ltd
China Southern Power Grid Co Ltd
Original Assignee
China South Power Grid International Co ltd
China Southern Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China South Power Grid International Co ltd, China Southern Power Grid Co Ltd filed Critical China South Power Grid International Co ltd
Priority to CN202010337531.5A priority Critical patent/CN111526016B/en
Publication of CN111526016A publication Critical patent/CN111526016A/en
Application granted granted Critical
Publication of CN111526016B publication Critical patent/CN111526016B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)

Abstract

本申请公开了一种密码算法的参数配置方法及装置,方法包括:获取密码算法的参数配置指令;响应于参数配置指令,根据配置指令中携带的参数类型,生成对应的参数因子;判断参数因子是否为默认参数因子;当判断到参数因子为默认参数因子时,将默认参数因子对应的参数作为密码算法的配置参数;当判断到参数因子非默认参数因子时,根据参数因子对应的参数集索引号,获取参数因子对应的目标密码参数集,并将目标密码参数集中的参数作为密码算法的配置参数,解决了现有采用默认的算法参数,无法实现算法参数的灵活配置,不能满足同一密钥体系下多对象、多业务场景中加解密运算结果的灵活控制的技术问题。

Figure 202010337531

The present application discloses a parameter configuration method and device for a cryptographic algorithm. The method includes: obtaining a parameter configuration instruction of a cryptographic algorithm; responding to the parameter configuration instruction, generating a corresponding parameter factor according to the parameter type carried in the configuration instruction; judging the parameter factor Whether it is the default parameter factor; when it is judged that the parameter factor is the default parameter factor, use the parameter corresponding to the default parameter factor as the configuration parameter of the encryption algorithm; when it is judged that the parameter factor is not the default parameter factor, according to the parameter set index corresponding to the parameter factor Number, obtain the target password parameter set corresponding to the parameter factor, and use the parameters in the target password parameter set as the configuration parameters of the password algorithm, which solves the problem that the existing default algorithm parameters cannot realize the flexible configuration of the algorithm parameters, and cannot satisfy the same key Technical issues of flexible control of encryption and decryption results in multi-object and multi-business scenarios under the system.

Figure 202010337531

Description

一种密码算法的参数配置方法及装置Parameter configuration method and device for a cryptographic algorithm

技术领域technical field

本申请涉及信息安全技术领域,尤其涉及一种密码算法的参数配置方法及装置。The present application relates to the technical field of information security, and in particular to a parameter configuration method and device for a cryptographic algorithm.

背景技术Background technique

随着信息技术的发展,信息安全受到了广泛关注。其中,加解密技术为信息安全中使用普遍的安全措施。With the development of information technology, information security has received extensive attention. Among them, the encryption and decryption technology is a common security measure used in information security.

目前,支持国产SM系列密码算法的加解密设备已全面应用于电力、金融、交通等领域,以实现数据加解密、身份认证、合法性与完整性校验等安全功能。传统的加解密设备在使用SM系列密码算法进行数据加解密运算时,大多采用默认的算法参数,在数据明文/密文、密钥确定的情况下,加密/解密结果是恒定的,无法实现算法参数的灵活配置,不能满足同一密钥体系下多对象、多业务场景中加解密运算结果的灵活控制。At present, the encryption and decryption equipment supporting the domestic SM series encryption algorithm has been fully used in the fields of electric power, finance, transportation, etc., to realize security functions such as data encryption and decryption, identity authentication, legality and integrity verification. When traditional encryption and decryption devices use SM series cryptographic algorithms for data encryption and decryption operations, most of them use default algorithm parameters. When the data plaintext/ciphertext and key are determined, the encryption/decryption results are constant and the algorithm cannot be implemented. The flexible configuration of parameters cannot satisfy the flexible control of encryption and decryption results in multi-object and multi-service scenarios under the same key system.

发明内容Contents of the invention

本申请提供了一种密码算法的参数配置方法及装置,解决了现有采用默认的算法参数,在数据明文/密文、密钥确定的情况下,加密/解密结果是恒定的,无法实现算法参数的灵活配置,不能满足同一密钥体系下多对象、多业务场景中加解密运算结果的灵活控制的技术问题。This application provides a parameter configuration method and device for a cryptographic algorithm, which solves the problem that the existing default algorithm parameters are used. In the case of data plaintext/ciphertext and key determination, the encryption/decryption results are constant and the algorithm cannot be implemented. The flexible configuration of parameters cannot meet the technical problem of flexible control of encryption and decryption results in multi-object and multi-service scenarios under the same key system.

有鉴于此,本申请第一方面提供了一种密码算法的参数配置方法,包括:In view of this, the first aspect of the present application provides a parameter configuration method of a cryptographic algorithm, including:

获取密码算法的参数配置指令;Obtain the parameter configuration instruction of the cryptographic algorithm;

响应于所述参数配置指令,根据所述配置指令中携带的参数类型,生成对应的参数因子;In response to the parameter configuration instruction, generate a corresponding parameter factor according to the parameter type carried in the configuration instruction;

判断所述参数因子是否为默认参数因子;judging whether the parameter factor is a default parameter factor;

当判断到所述参数因子为默认参数因子时,将所述默认参数因子对应的参数作为所述密码算法的配置参数;When it is determined that the parameter factor is a default parameter factor, the parameter corresponding to the default parameter factor is used as a configuration parameter of the encryption algorithm;

当判断到所述参数因子非默认参数因子时,根据所述参数因子对应的参数集索引号,获取所述参数因子对应的目标密码参数集,并将所述目标密码参数集中的参数作为所述密码算法的配置参数。When it is determined that the parameter factor is not a default parameter factor, according to the parameter set index number corresponding to the parameter factor, obtain the target password parameter set corresponding to the parameter factor, and use the parameters in the target password parameter set as the Configuration parameters for the cryptographic algorithm.

可选地,所述根据所述参数因子对应的参数集索引号,获取所述参数因子对应的目标参数集,并将所述目标参数集中的参数作为所述密码算法的配置参数具体包括:Optionally, the acquiring the target parameter set corresponding to the parameter factor according to the parameter set index number corresponding to the parameter factor, and using the parameters in the target parameter set as configuration parameters of the encryption algorithm specifically includes:

根据参数因子和参数集索引号的对应关系,获取所述参数因子对应的参数集索引号;Acquiring the parameter set index number corresponding to the parameter factor according to the corresponding relationship between the parameter factor and the parameter set index number;

在本地存储的密码参数集中,索引所述参数集索引号对应的目标密码参数集,并将所述目标密码参数集中的参数作为所述密码算法的配置参数。In the cryptographic parameter set stored locally, index the target cryptographic parameter set corresponding to the index number of the parameter set, and use the parameters in the target cryptographic parameter set as configuration parameters of the cryptographic algorithm.

可选地,还包括:Optionally, also include:

获取所述密码参数集,并将所述密码参数集加密存储于本地。Obtain the password parameter set, and encrypt and store the password parameter set locally.

可选地,还包括:Optionally, also include:

根据所述配置参数,进行所述密码算法的密码运算。Perform cryptographic operations of the cryptographic algorithm according to the configuration parameters.

可选地,所述密码参数集包括:固化参数集和设备参数集。Optionally, the password parameter set includes: a hardening parameter set and a device parameter set.

本申请第二方面提供了一种密码算法的参数配置装置,包括:指令获取单元,用于获取密码算法的参数配置指令;The second aspect of the present application provides a parameter configuration device for a cryptographic algorithm, including: an instruction acquisition unit, configured to obtain a parameter configuration instruction for a cryptographic algorithm;

参数因子生成单元,用于响应于所述参数配置指令,根据所述配置指令中携带的参数类型,生成对应的参数因子;A parameter factor generating unit, configured to generate a corresponding parameter factor in response to the parameter configuration instruction according to the parameter type carried in the configuration instruction;

判断单元,用于判断所述参数因子是否为默认参数因子;A judging unit, configured to judge whether the parameter factor is a default parameter factor;

第一参数获取单元,用于当判断到所述参数因子为默认参数因子时,将所述默认参数因子对应的参数作为所述密码算法的配置参数;The first parameter acquisition unit is configured to use the parameter corresponding to the default parameter factor as a configuration parameter of the encryption algorithm when it is determined that the parameter factor is a default parameter factor;

第二参数获取单元,用于当判断到所述参数因子非默认参数因子时,根据所述参数因子对应的参数集索引号,获取所述参数因子对应的目标密码参数集,并将所述目标密码参数集中的参数作为所述密码算法的配置参数。The second parameter acquisition unit is configured to acquire the target password parameter set corresponding to the parameter factor according to the parameter set index number corresponding to the parameter factor when it is determined that the parameter factor is not a default parameter factor, and store the target The parameters in the password parameter set are used as the configuration parameters of the password algorithm.

可选地,所述根据所述参数因子对应的参数集索引号,获取所述参数因子对应的目标参数集,并将所述目标参数集中的参数作为所述密码算法的配置参数具体包括:Optionally, the acquiring the target parameter set corresponding to the parameter factor according to the parameter set index number corresponding to the parameter factor, and using the parameters in the target parameter set as configuration parameters of the encryption algorithm specifically includes:

根据参数因子和参数集索引号的对应关系,获取所述参数因子对应的参数集索引号;Acquiring the parameter set index number corresponding to the parameter factor according to the corresponding relationship between the parameter factor and the parameter set index number;

在本地存储的密码参数集中,索引所述参数集索引号对应的目标密码参数集,并将所述目标密码参数集中的参数作为所述密码算法的配置参数。In the cryptographic parameter set stored locally, index the target cryptographic parameter set corresponding to the index number of the parameter set, and use the parameters in the target cryptographic parameter set as configuration parameters of the cryptographic algorithm.

可选地,还包括:Optionally, also include:

存储单元,用于获取所述密码参数集,并将所述密码参数集加密存储于本地。A storage unit, configured to acquire the password parameter set, and encrypt and store the password parameter set locally.

可选地,还包括:Optionally, also include:

密码运算单元,用于根据所述配置参数,进行所述密码算法的密码运算。A cryptographic operation unit, configured to perform cryptographic operations of the cryptographic algorithm according to the configuration parameters.

可选地,所述密码参数集包括:固化参数集和设备参数集。Optionally, the password parameter set includes: a hardening parameter set and a device parameter set.

从以上技术方案可以看出,本申请实施例具有以下优点:It can be seen from the above technical solutions that the embodiments of the present application have the following advantages:

本申请提供了一种密码算法的参数配置方法,包括:获取密码算法的参数配置指令;响应于参数配置指令,根据配置指令中携带的参数类型,生成对应的参数因子;判断参数因子是否为默认参数因子;当判断到参数因子为默认参数因子时,将默认参数因子对应的参数作为密码算法的配置参数;当判断到参数因子非默认参数因子时,根据参数因子对应的参数集索引号,获取参数因子对应的目标密码参数集,并将目标密码参数集中的参数作为密码算法的配置参数。The present application provides a parameter configuration method of a cryptographic algorithm, including: obtaining a parameter configuration instruction of a cryptographic algorithm; in response to the parameter configuration instruction, generating a corresponding parameter factor according to the parameter type carried in the configuration instruction; judging whether the parameter factor is the default Parameter factor; when it is judged that the parameter factor is the default parameter factor, the parameter corresponding to the default parameter factor is used as the configuration parameter of the encryption algorithm; when it is judged that the parameter factor is not the default parameter factor, according to the parameter set index number corresponding to the parameter factor, obtain The target cryptographic parameter set corresponding to the parameter factor, and the parameters in the target cryptographic parameter set are used as the configuration parameters of the cryptographic algorithm.

本申请中,在获取到密码算法的参数配置指令后,根据配置指令中携带的参数类型,生成参数配置指令对应的参数因子,接着判断该参数因子是否为默认参数因子,若是,则将默认参数因子对应的参数作为密码算法的配置参数,若否,则根据参数因子对应的参数集索引号,获取参数因子对应的目标密码参数集,并将目标密码参数集中的参数作为密码算法的配置参数,可以根据配置指令灵活的进行配置参数的配置,能够在同一密钥体系下对多对象、多业务场景进行加解密运算,从而解决了现有采用默认的算法参数,在数据明文/密文、密钥确定的情况下,加密/解密结果是恒定的,无法实现算法参数的灵活配置,不能满足同一密钥体系下多对象、多业务场景中加解密运算结果的灵活控制的技术问题。In this application, after obtaining the parameter configuration instruction of the cryptographic algorithm, the parameter factor corresponding to the parameter configuration instruction is generated according to the parameter type carried in the configuration instruction, and then it is judged whether the parameter factor is the default parameter factor, and if so, the default parameter The parameter corresponding to the factor is used as the configuration parameter of the cryptographic algorithm, if not, according to the parameter set index number corresponding to the parameter factor, the target cryptographic parameter set corresponding to the parameter factor is obtained, and the parameters in the target cryptographic parameter set are used as the configuration parameters of the cryptographic algorithm, Configuration parameters can be flexibly configured according to configuration instructions, and multi-object and multi-service scenarios can be encrypted and decrypted under the same key system, thus solving the problem of using default algorithm parameters in data plaintext/ciphertext, encrypted When the encryption key is determined, the encryption/decryption result is constant, and the flexible configuration of algorithm parameters cannot be realized, and the technical problem of flexible control of the encryption and decryption operation results in multi-object and multi-service scenarios under the same key system cannot be satisfied.

附图说明Description of drawings

图1为本申请实施例中一种密码算法的参数配置方法的第一实施例的流程示意图;FIG. 1 is a schematic flowchart of a first embodiment of a method for configuring parameters of a cryptographic algorithm in an embodiment of the present application;

图2为本申请实施例中一种密码算法的参数配置方法的第二实施例的流程示意图;FIG. 2 is a schematic flowchart of a second embodiment of a method for configuring parameters of a cryptographic algorithm in an embodiment of the present application;

图3为本申请实施例中一种密码算法的参数配置装置的结构示意图。FIG. 3 is a schematic structural diagram of a device for configuring parameters of a cryptographic algorithm in an embodiment of the present application.

具体实施方式detailed description

本申请实施例提供了一种密码算法的参数配置方法及装置,解决了现有采用默认的算法参数,在数据明文/密文、密钥确定的情况下,加密/解密结果是恒定的,无法实现算法参数的灵活配置,不能满足同一密钥体系下多对象、多业务场景中加解密运算结果的灵活控制的技术问题。The embodiment of the present application provides a parameter configuration method and device for a cryptographic algorithm, which solves the problem that the existing default algorithm parameters are used. When the data plaintext/ciphertext and key are determined, the encryption/decryption result is constant and cannot The flexible configuration of algorithm parameters cannot meet the technical problem of flexible control of encryption and decryption results in multi-object and multi-service scenarios under the same key system.

为了使本技术领域的人员更好地理解本申请方案,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to enable those skilled in the art to better understand the solution of the present application, the technical solution in the embodiment of the application will be clearly and completely described below in conjunction with the accompanying drawings in the embodiment of the application. Obviously, the described embodiment is only It is a part of the embodiments of this application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

请参阅图1,本申请实施例中一种密码算法的参数配置方法的第一实施例的流程示意图,包括:Please refer to FIG. 1, a schematic flow chart of a first embodiment of a method for configuring parameters of a cryptographic algorithm in the embodiment of the present application, including:

步骤101、获取密码算法的参数配置指令。Step 101, acquiring a parameter configuration instruction of a cryptographic algorithm.

在通过密码算法进行加解密的密码运算时,密码算法的运行是基于密码算法对应的配置参数实现的,因此在进行密码算法时,首先获取密码算法的参数配置指令,进行密码算法对应的配置参数的配置。When cryptographic algorithms are used to encrypt and decrypt cryptographic operations, the operation of cryptographic algorithms is realized based on the configuration parameters corresponding to cryptographic algorithms. Therefore, when performing cryptographic algorithms, first obtain the parameter configuration instructions of cryptographic algorithms, and configure the corresponding configuration parameters of cryptographic algorithms. Configuration.

可以理解的是,参数配置指令的获取可以是人员通过密码算法对应运行软件提供的可视化界面输入的,也可以是其他的方式,本领域技术人员可以根据需要选择,在此不再赘述。It can be understood that the acquisition of the parameter configuration instructions can be input by personnel through the visual interface provided by the corresponding operating software of the cryptographic algorithm, or in other ways, which can be selected by those skilled in the art according to needs, and will not be repeated here.

步骤102、响应于参数配置指令,根据配置指令中携带的参数类型,生成对应的参数因子。Step 102: In response to the parameter configuration instruction, generate a corresponding parameter factor according to the parameter type carried in the configuration instruction.

在获取到参数配置指令后,根据该配置指令中携带的参数类型,生成参数配置指令对应的参数因子。After the parameter configuration instruction is obtained, the parameter factor corresponding to the parameter configuration instruction is generated according to the parameter type carried in the configuration instruction.

步骤103、判断参数因子是否为默认参数因子。Step 103, judging whether the parameter factor is a default parameter factor.

当获取到参数因子后,判断该参数因子是否为默认参数因子,后续根据该判断结果灵活的进行密码算法对应的配置参数的确定。After the parameter factor is obtained, it is judged whether the parameter factor is a default parameter factor, and then the configuration parameter corresponding to the encryption algorithm is flexibly determined according to the judgment result.

步骤104、当判断到参数因子为默认参数因子时,将默认参数因子对应的参数作为密码算法的配置参数。Step 104, when it is determined that the parameter factor is a default parameter factor, use the parameter corresponding to the default parameter factor as a configuration parameter of the encryption algorithm.

当参数因子为默认参数因子时,将默认参数因子对应的参数作为密码算法的配置参数,实现了当参数因子为默认参数因子时,密码算法的配置参数的配置。When the parameter factor is the default parameter factor, the parameter corresponding to the default parameter factor is used as the configuration parameter of the cryptographic algorithm, realizing the configuration of the configuration parameter of the cryptographic algorithm when the parameter factor is the default parameter factor.

步骤105、当判断到参数因子非默认参数因子时,根据参数因子对应的参数集索引号,获取参数因子对应的目标密码参数集,并将目标密码参数集中的参数作为密码算法的配置参数。Step 105. When it is determined that the parameter factor is not the default parameter factor, according to the parameter set index number corresponding to the parameter factor, obtain the target cryptographic parameter set corresponding to the parameter factor, and use the parameters in the target cryptographic parameter set as configuration parameters of the cryptographic algorithm.

当参数因子为非默认参数因子时,根据参数因子对应的参数集索引号,获取参数因子对应的目标密码参数集,并将目标密码参数集中的参数作为密码算法的配置参数,如此,实现当参数因子非默认参数因子时,密码算法的配置参数的配置。When the parameter factor is a non-default parameter factor, according to the parameter set index number corresponding to the parameter factor, obtain the target cryptographic parameter set corresponding to the parameter factor, and use the parameters in the target cryptographic parameter set as the configuration parameters of the cryptographic algorithm. In this way, when the parameter When the factor is not the default parameter factor, the configuration of the configuration parameters of the encryption algorithm.

本实施例中,在获取到密码算法的参数配置指令后,根据配置指令中携带的参数类型,生成参数配置指令对应的参数因子,接着判断该参数因子是否为默认参数因子,若是,则将默认参数因子对应的参数作为密码算法的配置参数,若否,则根据参数因子对应的参数集索引号,获取参数因子对应的目标密码参数集,并将目标密码参数集中的参数作为密码算法的配置参数,可以根据配置指令灵活的进行配置参数的配置,能够在同一密钥体系下对多对象、多业务场景进行加解密运算,从而解决了现有采用默认的算法参数,在数据明文/密文、密钥确定的情况下,加密/解密结果是恒定的,无法实现算法参数的灵活配置,不能满足同一密钥体系下多对象、多业务场景中加解密运算结果的灵活控制的技术问题。In this embodiment, after obtaining the parameter configuration instruction of the cryptographic algorithm, according to the parameter type carried in the configuration instruction, the parameter factor corresponding to the parameter configuration instruction is generated, and then it is judged whether the parameter factor is the default parameter factor, and if so, the default The parameter corresponding to the parameter factor is used as the configuration parameter of the cryptographic algorithm, if not, according to the parameter set index number corresponding to the parameter factor, the target cryptographic parameter set corresponding to the parameter factor is obtained, and the parameters in the target cryptographic parameter set are used as the configuration parameters of the cryptographic algorithm , the configuration parameters can be flexibly configured according to the configuration instructions, and the encryption and decryption operations can be performed on multiple objects and multiple business scenarios under the same key system, thus solving the problem of using default algorithm parameters in the data plaintext/ciphertext, When the key is determined, the encryption/decryption results are constant, and the flexible configuration of algorithm parameters cannot be realized, and the technical problem of flexible control of encryption and decryption results in multi-object and multi-business scenarios under the same key system cannot be satisfied.

以上为本申请实施例提供的一种密码算法的参数配置方法的第一实施例,以下为本申请实施例提供的一种密码算法的参数配置方法的第二实施例。The foregoing is the first embodiment of a method for configuring a parameter of a cryptographic algorithm provided by the embodiment of the present application, and the following is the second embodiment of the method for configuring a parameter of a cryptographic algorithm provided by the embodiment of the present application.

请参阅图2,本申请实施例中一种密码算法的参数配置方法的第二实施例的流程示意图,包括:Please refer to FIG. 2, a schematic flowchart of a second embodiment of a method for configuring parameters of a cryptographic algorithm in the embodiment of the present application, including:

步骤200、获取密码参数集,并将密码参数集加密存储于本地。Step 200: Obtain a password parameter set, and encrypt and store the password parameter set locally.

需要说明的是,将密码参数集中的进行加密存储,防止密码参数集被窃取或非法盗用。It should be noted that the set of password parameters is encrypted and stored to prevent the set of password parameters from being stolen or illegally embezzled.

本实施例中的密码参数集包括:固化参数集和设备参数集。The password parameter set in this embodiment includes: a hardening parameter set and a device parameter set.

需要说明的是,固化参数集对应的参数因子为固化参数因子,固化参数因子,可由专用参数强制切换指令中的参数域标识,也可由设备指令参数域中定制的信息标识实现。It should be noted that the parameter factor corresponding to the fixed parameter set is the fixed parameter factor, and the fixed parameter factor can be identified by the parameter field in the special parameter forced switching instruction, or can be realized by the customized information identification in the parameter field of the device instruction.

对应的设备参数集对应的参数因子为设备参数因子,设备参数因子通过在参数配置装置原有的指令参数域中定制参数标识信息实现,参数标识信息内包含需切换参数集的索引号。The parameter factor corresponding to the corresponding equipment parameter set is the equipment parameter factor, and the equipment parameter factor is realized by customizing the parameter identification information in the original instruction parameter field of the parameter configuration device, and the parameter identification information includes the index number of the parameter set to be switched.

步骤201、获取密码算法的参数配置指令。Step 201 , acquiring a parameter configuration instruction of a cryptographic algorithm.

需要说明的是,步骤201与第一实施例的步骤101相似,具体可以参见上述步骤101的描述,在此不再赘述。It should be noted that step 201 is similar to step 101 in the first embodiment, for details, refer to the description of step 101 above, and details are not repeated here.

步骤202、响应于参数配置指令,根据配置指令中携带的参数类型,生成对应的参数因子。Step 202: In response to the parameter configuration instruction, generate a corresponding parameter factor according to the parameter type carried in the configuration instruction.

需要说明的是,步骤202与第一实施例的步骤102相似,具体可以参见上述步骤102的描述,在此不再赘述。It should be noted that step 202 is similar to step 102 in the first embodiment, for details, refer to the description of step 102 above, and details are not repeated here.

步骤203、判断参数因子是否为默认参数因子。Step 203, judging whether the parameter factor is a default parameter factor.

需要说明的是,步骤203与第一实施例的步骤103相似,具体可以参见上述步骤103的描述,在此不再赘述。It should be noted that step 203 is similar to step 103 in the first embodiment, for details, refer to the description of step 103 above, and details are not repeated here.

步骤204、当判断到参数因子为默认参数因子时,将默认参数因子对应的参数作为密码算法的配置参数。Step 204, when it is determined that the parameter factor is a default parameter factor, use the parameter corresponding to the default parameter factor as a configuration parameter of the encryption algorithm.

需要说明的是,步骤204与第一实施例的步骤104相似,具体可以参见上述步骤104的描述,在此不再赘述。It should be noted that step 204 is similar to step 104 in the first embodiment, for details, reference may be made to the description of step 104 above, and details are not repeated here.

步骤205、当判断到参数因子非默认参数因子时,根据参数因子和参数集索引号的对应关系,获取参数因子对应的参数集索引号。Step 205, when it is determined that the parameter factor is not the default parameter factor, according to the correspondence between the parameter factor and the parameter set index number, obtain the parameter set index number corresponding to the parameter factor.

步骤206、在本地存储的密码参数集中,索引参数集索引号对应的目标密码参数集,并将目标密码参数集中的参数作为密码算法的配置参数。Step 206: Index the target cryptographic parameter set corresponding to the index number of the parameter set in the cryptographic parameter set stored locally, and use the parameters in the target cryptographic parameter set as configuration parameters of the cryptographic algorithm.

需要说明的是,本实施例中参数因子为默认参数因子时,无需从本地存储的密码参数集中进行参数集的索引,直接将默认参数因子对应的参数作为密码的配置参数,而当非默认参数因子时,密码算法对应的参数因子需要从参数配置装置本地存储的密码参数集中确定出对应的目标密码参数集。It should be noted that, in this embodiment, when the parameter factor is the default parameter factor, there is no need to index the parameter set from the password parameter set stored locally, and directly use the parameter corresponding to the default parameter factor as the password configuration parameter, and when the non-default parameter For the parameter factor corresponding to the cryptographic algorithm, the corresponding target cryptographic parameter set needs to be determined from the cryptographic parameter set locally stored in the parameter configuration device.

步骤207、根据配置参数,进行密码算法的密码运算。Step 207, perform cryptographic operations of cryptographic algorithms according to configuration parameters.

需要说明的是,在获取到配置参数后,便可以根据配置算法,进行密码算法的密码运算。It should be noted that, after obtaining the configuration parameters, the cryptographic operation of the cryptographic algorithm can be performed according to the configured algorithm.

本实施例中,在获取到密码算法的参数配置指令后,根据配置指令中携带的参数类型,生成参数配置指令对应的参数因子,接着判断该参数因子是否为默认参数因子,若是,则将默认参数因子对应的参数作为密码算法的配置参数,若否,则根据参数因子对应的参数集索引号,获取参数因子对应的目标密码参数集,并将目标密码参数集中的参数作为密码算法的配置参数,可以根据配置指令灵活的进行配置参数的配置,能够在同一密钥体系下对多对象、多业务场景进行加解密运算,从而解决了现有采用默认的算法参数,在数据明文/密文、密钥确定的情况下,加密/解密结果是恒定的,无法实现算法参数的灵活配置,不能满足同一密钥体系下多对象、多业务场景中加解密运算结果的灵活控制的技术问题。In this embodiment, after obtaining the parameter configuration instruction of the cryptographic algorithm, according to the parameter type carried in the configuration instruction, the parameter factor corresponding to the parameter configuration instruction is generated, and then it is judged whether the parameter factor is the default parameter factor, and if so, the default The parameter corresponding to the parameter factor is used as the configuration parameter of the cryptographic algorithm, if not, according to the parameter set index number corresponding to the parameter factor, the target cryptographic parameter set corresponding to the parameter factor is obtained, and the parameters in the target cryptographic parameter set are used as the configuration parameters of the cryptographic algorithm , the configuration parameters can be flexibly configured according to the configuration instructions, and the encryption and decryption operations can be performed on multiple objects and multiple business scenarios under the same key system, thus solving the problem of using default algorithm parameters in the data plaintext/ciphertext, When the key is determined, the encryption/decryption results are constant, and the flexible configuration of algorithm parameters cannot be realized, and the technical problem of flexible control of encryption and decryption results in multi-object and multi-business scenarios under the same key system cannot be satisfied.

以上为本申请实施例提供的一种密码算法的参数配置方法的第二实施例,以下为本申请实施例提供的一种密码算法的参数配置装置的实施例,请参阅图3。The above is the second embodiment of a method for configuring parameters of a cryptographic algorithm provided by the embodiment of the present application, and the following is an embodiment of the device for configuring parameters of a cryptographic algorithm provided by the embodiment of the present application, please refer to FIG. 3 .

本申请实施例中提供的一种密码算法的参数配置装置,包括:A device for configuring parameters of a cryptographic algorithm provided in an embodiment of the present application includes:

指令获取单元301,用于获取密码算法的参数配置指令;An instruction acquisition unit 301, configured to acquire a parameter configuration instruction of a cryptographic algorithm;

参数因子生成单元302,用于响应于参数配置指令,根据配置指令中携带的参数类型,生成对应的参数因子;The parameter factor generation unit 302 is configured to generate a corresponding parameter factor according to the parameter type carried in the configuration instruction in response to the parameter configuration instruction;

判断单元303,用于判断参数因子是否为默认参数因子;Judging unit 303, configured to judge whether the parameter factor is a default parameter factor;

第一参数获取单元304,用于当判断到参数因子为默认参数因子时,将默认参数因子对应的参数作为密码算法的配置参数;The first parameter acquisition unit 304 is configured to use the parameter corresponding to the default parameter factor as a configuration parameter of the cryptographic algorithm when it is determined that the parameter factor is a default parameter factor;

第二参数获取单元305,用于当判断到参数因子非默认参数因子时,根据参数因子对应的参数集索引号,获取参数因子对应的目标密码参数集,并将目标密码参数集中的参数作为密码算法的配置参数。The second parameter acquisition unit 305 is used to obtain the target password parameter set corresponding to the parameter factor according to the parameter set index number corresponding to the parameter factor when it is determined that the parameter factor is not the default parameter factor, and use the parameters in the target password parameter set as the password Algorithm configuration parameters.

进一步地,根据参数因子对应的参数集索引号,获取参数因子对应的目标参数集,并将目标参数集中的参数作为密码算法的配置参数具体包括:Further, according to the parameter set index number corresponding to the parameter factor, the target parameter set corresponding to the parameter factor is obtained, and the parameters in the target parameter set are used as the configuration parameters of the cryptographic algorithm, specifically including:

根据参数因子和参数集索引号的对应关系,获取参数因子对应的参数集索引号;Obtain the parameter set index number corresponding to the parameter factor according to the corresponding relationship between the parameter factor and the parameter set index number;

在本地存储的密码参数集中,索引参数集索引号对应的目标密码参数集,并将目标密码参数集中的参数作为密码算法的配置参数。In the cryptographic parameter set stored locally, index the target cryptographic parameter set corresponding to the index number of the parameter set, and use the parameters in the target cryptographic parameter set as configuration parameters of the cryptographic algorithm.

进一步地,还包括:Further, it also includes:

存储单元,用于获取密码参数集,并将密码参数集加密存储于本地。The storage unit is used to obtain the password parameter set, and encrypt and store the password parameter set locally.

进一步地,还包括:Further, it also includes:

密码运算单元,用于根据配置参数,进行密码算法的密码运算。The cryptographic operation unit is configured to perform cryptographic operations of cryptographic algorithms according to configuration parameters.

进一步地,密码参数集包括:固化参数集和设备参数集。Further, the password parameter set includes: a hardening parameter set and a device parameter set.

本实施例提供的一种密码算法的参数配置装置,在获取到密码算法的参数配置指令后,根据配置指令中携带的参数类型,生成参数配置指令对应的参数因子,接着判断该参数因子是否为默认参数因子,若是,则将默认参数因子对应的参数作为密码算法的配置参数,若否,则根据参数因子对应的参数集索引号,获取参数因子对应的目标密码参数集,并将目标密码参数集中的参数作为密码算法的配置参数,可以根据配置指令灵活的进行配置参数的配置,能够在同一密钥体系下对多对象、多业务场景进行加解密运算,从而解决了现有采用默认的算法参数,在数据明文/密文、密钥确定的情况下,加密/解密结果是恒定的,无法实现算法参数的灵活配置,不能满足同一密钥体系下多对象、多业务场景中加解密运算结果的灵活控制的技术问题。The parameter configuration device of a cryptographic algorithm provided in this embodiment, after obtaining the parameter configuration instruction of the cryptographic algorithm, generates a parameter factor corresponding to the parameter configuration instruction according to the parameter type carried in the configuration instruction, and then judges whether the parameter factor is Default parameter factor, if yes, use the parameter corresponding to the default parameter factor as the configuration parameter of the cryptographic algorithm, if not, obtain the target password parameter set corresponding to the parameter factor according to the parameter set index number corresponding to the parameter factor, and set the target password parameter The centralized parameters are used as the configuration parameters of the cryptographic algorithm, which can be flexibly configured according to the configuration instructions, and can perform encryption and decryption operations on multiple objects and multiple business scenarios under the same key system, thereby solving the problem of using the default algorithm Parameters, when the data plaintext/ciphertext and key are determined, the encryption/decryption result is constant, and the flexible configuration of algorithm parameters cannot be realized, and the encryption and decryption operation results in multi-object and multi-business scenarios under the same key system cannot be satisfied. technical issues of flexible control.

所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that for the convenience and brevity of description, the specific working process of the above-described devices and units can refer to the corresponding process in the foregoing method embodiments, and details are not repeated here.

在本申请所提供的几个实施例中,应该理解到,所揭露的装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed devices and methods may be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined or integrated. to another system, or some features may be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.

作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。A unit described as a separate component may or may not be physically separated, and a component shown as a unit may or may not be a physical unit, that is, it may be located in one place, or may also be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit. The above-mentioned integrated units can be implemented in the form of hardware or in the form of software functional units.

集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is realized in the form of a software function unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application is essentially or part of the contribution to the prior art or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , including several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods in various embodiments of the present application. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes. .

以上所述,以上实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围。As mentioned above, the above embodiments are only used to illustrate the technical solutions of the present application, and are not intended to limit them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still understand the foregoing The technical solutions described in each embodiment are modified, or some of the technical features are equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the various embodiments of the application.

Claims (4)

1. A parameter configuration method of a cryptographic algorithm is characterized by comprising the following steps:
acquiring a parameter configuration instruction of a cryptographic algorithm;
responding to the parameter configuration instruction, and generating a corresponding parameter factor according to the parameter type carried in the configuration instruction;
judging whether the parameter factor is a default parameter factor;
when the parameter factor is judged to be a default parameter factor, taking a parameter corresponding to the default parameter factor as a configuration parameter of the cryptographic algorithm;
when the parameter factor is judged to be a non-default parameter factor, acquiring a target password parameter set corresponding to the parameter factor according to a parameter set index number corresponding to the parameter factor, and taking parameters in the target password parameter set as configuration parameters of the password algorithm;
the obtaining of the target parameter set corresponding to the parameter factor according to the parameter set index number corresponding to the parameter factor, and using the parameters in the target parameter set as configuration parameters of the cryptographic algorithm specifically includes:
acquiring a parameter set index number corresponding to the parameter factor according to the corresponding relation between the parameter factor and the parameter set index number;
in a locally stored password parameter set, indexing a target password parameter set corresponding to the parameter set index number, and taking parameters in the target password parameter set as configuration parameters of the password algorithm;
acquiring the password parameter set, and encrypting and storing the password parameter set locally;
and carrying out the cryptographic operation of the cryptographic algorithm according to the configuration parameters.
2. The method of claim 1, wherein the set of cryptographic parameters comprises: a set of curing parameters and a set of device parameters.
3. A parameter configuration apparatus for a cryptographic algorithm, comprising:
the instruction acquisition unit is used for acquiring a parameter configuration instruction of a cryptographic algorithm;
the parameter factor generating unit is used for responding to the parameter configuration instruction and generating a corresponding parameter factor according to the parameter type carried in the configuration instruction;
the judging unit is used for judging whether the parameter factor is a default parameter factor;
the first parameter obtaining unit is used for taking the parameter corresponding to the default parameter factor as the configuration parameter of the cryptographic algorithm when the parameter factor is judged to be the default parameter factor;
the second parameter obtaining unit is used for obtaining a target password parameter set corresponding to the parameter factor according to the parameter set index number corresponding to the parameter factor when the parameter factor is judged to be not the default parameter factor, and taking the parameters in the target password parameter set as the configuration parameters of the password algorithm;
the obtaining a target parameter set corresponding to the parameter factor according to the parameter set index number corresponding to the parameter factor, and using the parameters in the target parameter set as configuration parameters of the cryptographic algorithm specifically includes:
acquiring a parameter set index number corresponding to the parameter factor according to the corresponding relation between the parameter factor and the parameter set index number;
in a locally stored password parameter set, indexing a target password parameter set corresponding to the parameter set index number, and taking parameters in the target password parameter set as configuration parameters of the password algorithm;
the storage unit is used for acquiring the password parameter set and encrypting and storing the password parameter set locally;
and the password operation unit is used for performing password operation of the password algorithm according to the configuration parameters.
4. The parameter configuration apparatus of a cryptographic algorithm according to claim 3, wherein the set of cryptographic parameters comprises: a set of curing parameters and a set of device parameters.
CN202010337531.5A 2020-04-26 2020-04-26 Parameter configuration method and device for cryptographic algorithm Active CN111526016B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010337531.5A CN111526016B (en) 2020-04-26 2020-04-26 Parameter configuration method and device for cryptographic algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010337531.5A CN111526016B (en) 2020-04-26 2020-04-26 Parameter configuration method and device for cryptographic algorithm

Publications (2)

Publication Number Publication Date
CN111526016A CN111526016A (en) 2020-08-11
CN111526016B true CN111526016B (en) 2022-12-23

Family

ID=71904324

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010337531.5A Active CN111526016B (en) 2020-04-26 2020-04-26 Parameter configuration method and device for cryptographic algorithm

Country Status (1)

Country Link
CN (1) CN111526016B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104618093A (en) * 2015-01-16 2015-05-13 深圳市中兴物联科技有限公司 Data encrypting method and device
CN106027235A (en) * 2016-05-13 2016-10-12 北京三未信安科技发展有限公司 PCI password card, and password operation method and system for massive keys
CN108141353A (en) * 2015-07-09 2018-06-08 华为技术有限公司 Method and device for upgrading cryptographic algorithm
CN109672519A (en) * 2018-10-17 2019-04-23 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) A kind of encryption apparatus and its data encryption/decryption method
CN110011794A (en) * 2019-04-11 2019-07-12 北京智芯微电子科技有限公司 Test Methods for Cipher Key Properties
CN110545176A (en) * 2019-08-23 2019-12-06 深圳和而泰家居在线网络科技有限公司 Encryption and decryption method and device and Internet of things system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7016494B2 (en) * 2001-03-26 2006-03-21 Hewlett-Packard Development Company, L.P. Multiple cryptographic key precompute and store
EP2846509B1 (en) * 2013-09-09 2019-08-28 Alcatel Lucent Tls protocol extension

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104618093A (en) * 2015-01-16 2015-05-13 深圳市中兴物联科技有限公司 Data encrypting method and device
CN108141353A (en) * 2015-07-09 2018-06-08 华为技术有限公司 Method and device for upgrading cryptographic algorithm
CN106027235A (en) * 2016-05-13 2016-10-12 北京三未信安科技发展有限公司 PCI password card, and password operation method and system for massive keys
CN109672519A (en) * 2018-10-17 2019-04-23 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) A kind of encryption apparatus and its data encryption/decryption method
CN110011794A (en) * 2019-04-11 2019-07-12 北京智芯微电子科技有限公司 Test Methods for Cipher Key Properties
CN110545176A (en) * 2019-08-23 2019-12-06 深圳和而泰家居在线网络科技有限公司 Encryption and decryption method and device and Internet of things system

Also Published As

Publication number Publication date
CN111526016A (en) 2020-08-11

Similar Documents

Publication Publication Date Title
US12170723B2 (en) Methods for splitting and recovering key, program product, storage medium, and system
CN106664202B (en) Methods, systems, and computer-readable media for providing encryption on multiple devices
US8495383B2 (en) Method for the secure storing of program state data in an electronic device
CN111401901B (en) Authentication method and device of biological payment device, computer device and storage medium
KR101809974B1 (en) A system for security certification generating authentication key combinating multi-user element and a method thereof
CN106452770B (en) Data encryption method, data decryption method, device and system
CN107113286A (en) The roaming content erasing operation of striding equipment
WO2013002833A2 (en) Binding of cryptographic content using unique device characteristics with server heuristics
CN112311536B (en) Key hierarchical management method and system
CN111131416A (en) Business service providing method and device, storage medium and electronic device
CN114385987A (en) Dynamic multi-factor identity authentication and certification method and storage medium
CN114553557B (en) Key calling method, device, computer equipment and storage medium
CN108108632A (en) A kind of multifactor file watermark generation extracting method and system
KR101809976B1 (en) A method for security certification generating authentication key combinating multi-user element
CN117240625B (en) Tamper-resistant data processing method and device and electronic equipment
CN113722741A (en) Data encryption method and device and data decryption method and device
CN103370718B (en) Data protection method, device and system using distributed security keys
CN114245374A (en) Security authentication method, system and related equipment
CN113014387B (en) Method for improving multidimensional encryption interface based on hardware encryption machine and encryption device
CN114640445A (en) HSM key management system, method, device and storage medium
CN111526016B (en) Parameter configuration method and device for cryptographic algorithm
CN115412236B (en) Method for managing secret key and calculating password, encryption method and device
CN110830414B (en) Encryption method and device, decryption method and device
Köse et al. Design of a secure key management system for SIM Cards: SIM-GAYS
CN114329545A (en) Data encryption method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant