一种 AES 算法和 HASH 认证结合的文件加密方案-《计算机技术与发展》

文章信息/Info

Title:: A Solution of File Encryption Combined AES Algorithm with Hash Function

Author(s):: YE Xiao-yan; Department of Network Technology,South-China Institute of Software Engineering,Guangzhou 510990,China

Keywords:: file encryption; local decryption; remote decryption; AES algorithm; HASH authentication

摘要:: 针对传统文件加密软件采取的是基于单一模式加密算法的文件保护方案、无法同时满足认证性和保密性等要求的问题,提出了一种基于成熟的 AES 算法和 HASH 认证相结合的加密方案。在该方案中,加密软件用流读取的方式读取文件,使用 HASH 认证,并用 Rijndael 算法进行加密,密钥使用即时生成策略,以用户名、硬盘序列号和 SALT 生成的 SALT值作为参数进行保存。运用文件加密的逆过程策略实现本地解密,通过即时获取用户名矩阵的值以及读取文件加密过程中赋予加密文件的 SALT 值、X 值和 Y 值,并获取服务器数据 λ1 值和 λ2 值,形成临时密钥实现异地解密。经过验证,该加密方案将信息安全中保密和认证两个独立问题结合起来,不仅能防止明文信息的泄露,而且可防止第三方主动攻击,很好地保证了文件的机密性和完整性。

Abstract:: In view of the problem that traditional file encryption software adopts file protection scheme based on single mode encryptionalgorithm and cannot meet the requirements of authentication and confidentiality at the same time,we propose a encryption scheme basedon the combination of mature AES algorithm and HASH authentication. In this scheme,the encryption software reads the file in the wayof stream reading,with HASH authentication,and encrypts it with Rijndael algorithm. By instant generation strategy,the key takes theSALT value generated by the user name,hard disk serial number and the SALT as parameters to save. The local decryption is realized bythe inverse process strategy of file encryption. By obtaining the value of the username matrix and giving the SALT value,X value and Yvalue of the encrypted file in the process of reading the file encryption,and obtaining the λ1 and λ2 of the server data,the temporary key is decrypted in different places. According to verification,this encryption scheme combines the two independent issues of confidentiality and authentication in information security,which can not only prevent the disclosure of plaintext information,but also prevent the active attack from the third party,and well guarantee the confidentiality and integrity of the file