Key storage method

Abstract

The invention relates to a key storage method. The method comprises the following steps: generating a true random number by using a hardware random number generator, wherein the true random number isused as an encryption factor of the present storage; generating a seed by using the true random number, and substituting the seed into a linear feedback shift register to obtain a pseudo random number; performing an xor operation on a master key and the pseudo random number to obtain a random master key, and then encoding the random master key by using an error correcting code algorithm to obtainencoded data; performing private algorithm transformation on the true random number to obtain intermediate data, wherein the intermediate data are used as error locations of data to be stored to tamper the encoded data to obtain error code data; and performing encrypted storage on the error code data. According to the key storage method provided by the invention, the generated random number is hidden in the data to be protected, thereby improving the intensity of data randomization. In the case of limited storage resources, in order to prevent brute force attacks after ciphertext leakage, thedata are mixed with error codes, and the data are encrypted by using a private algorithm, so that the key storage is more secure.

Description

technical field [0001] The invention relates to the field of information security, in particular to a key storage method. Background technique [0002] Key management is a key link in the security of cryptographic devices. Generally, cryptographic devices support at least three layers of key structures: master key, user key, and session key. [0003] Master key: The user protects the security of other keys and sensitive information in the cryptographic device, including the management, backup, recovery of other keys, and administrator authentication of the cryptographic device. Different cryptographic devices have different master keys. The master key must be stored securely. [0004] User key: including signature encryption key pair and key encryption key. The signature encryption key pair is used to implement user signature, verification, identity authentication and session key protection negotiation, etc., representing the identity of the user or application. The key e...

AI Technical Summary

Problems solved by technology

The encryption factor is used to encrypt, and the encryption factor cannot be changed at any time. If the encryption factor is leaked during the period when the encryption factor is not changed, the entire key data may have a security risk

Using the method of decentralized storage, in the process of key data storage and extraction, it is possible to store or extract a large amount of data from the storage medium at one time, or to complete the storage and extraction operations through multiple interactions with the storage medium, modifying the storage medium in large numbers, It will reduce the life of the storage medium, increase the error probability of reading data and the time to read data

Images