The invention relates to the technical field of communication, in particular to a software encryption and decryption method and system based on a virtual environment, and the method comprises the following steps: S1, completing the preliminary classification and recombination of data on all external interfaces in a user mode through DPDK according to the protocol type of an IP message, and separating the signaling data from the service data according to an analysis result; s2, sending the signaling data to a user state through an inner core so as to complete signaling interaction of IPSec and SA negotiation and link establishment of IPSec; s3, in a user mode, extracting Sa/Sp/Route information of a link through a Netlink interface and a PF_KEY interface mirror image, and performing link information configuration; and S4, finally, performing encryption and decryption processing and routing forwarding on the service data according to the data flow direction in the user mode. According to the invention, the system processing capability of IPSec is greatly improved, high-performance IPSec data processing is realized, and the cloud virtualization trend of IPSec processing is satisfied.