Implementation method for supporting SM4 national cryptographic algorithm by storage encryption function in OpenGauss database

A technology of national secret algorithm and encryption function, applied in the field of relational database management and operating system, it can solve the problems of complex logic, high maintenance cost, and the storage encryption function cannot be used normally, so as to ensure data security and increase the effect of packaging.

Pending Publication Date: 2022-03-15
MASSIVE CLOUD BEIJING DATA TECH
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] OpenGauss is an open-source relational database management system whose core is derived from PostgreSQL. Because its source code does not contain codes related to the key management system, the storage encryption function cannot be used normally, and customer data is still stored on the disk in plain text. security cannot be guaranteed
[0004] With the rapid development of the domestic credit and innovation industry, the information management department clearly requires that the basic software including database software must be fully autonomous and controllable. However, the use of international encryption algorithms such as AES-128 or AES-256 cannot meet the requirements of independent control Therefore, it is very necessary to implement the database storage encryption function to support the national secret algorithm SM4
[0005] On the other hand, although there are many types of PCI encryption cards on the market, they provide a very rich encryption and decryption interfaces and encryption algorithms. The encryption algorithms include international algorithms such as RSA, AES, and DES, as well as SM2, SM3, and SM4. , SM9 and other national secret algorithms, however, as a pure software system, the database product has complex logic and high maintenance costs. If the storage encryption function uses the encryption and decryption interface in the hardware PCI encryption card, it is necessary to install the hardware PCI encryption card in advance when deploying the product. For the driver, the PCI encryption and decryption dynamic library needs to be added when the product is packaged, which adds new costs to the packaging, deployment and maintenance of the database product, and at the same time has a negative impact on the convenience and user experience of the database system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Implementation method for supporting SM4 national cryptographic algorithm by storage encryption function in OpenGauss database
  • Implementation method for supporting SM4 national cryptographic algorithm by storage encryption function in OpenGauss database
  • Implementation method for supporting SM4 national cryptographic algorithm by storage encryption function in OpenGauss database

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0048] Embodiment 1: store encryption function in a kind of OpenGauss database and support the implementation method of SM4 national secret algorithm, this method comprises the following steps:

[0049] (1) Generation of encryption key before initializing the instance

[0050] Before initializing the instance, the database administrator (DBA) randomly inputs a 16-byte string as the encryption key, and uses Base64 encoding (Base64 encoding uses 64 printable ASCII characters (A-Z, a-z, 0-9, +, / ) encodes arbitrary byte sequence data into an ASCII string) conversion tool to convert it.

[0051] (2) Checksum storage of the encryption key when initializing the instance (see figure 2 )

[0052] When initializing the instance, firstly decode and check the length of the encryption key converted by Base64 encoding. If the key length is 128 bits, store the encryption key in the file under the instance through the K parameter. If the encryption key is If the key length is not 128 bit...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of relational database management and operating systems, and particularly relates to an implementation method for supporting an SM4 cryptographic algorithm by a storage encryption function in an OpenGauss database. The method comprises the steps of generation, verification and storage of an encryption key, assignment and storage of an encryption algorithm, security detection of the encryption key, data encryption and decryption processing and storage, key destruction and the like. According to the method, data security can be effectively guaranteed, illegal users are prevented from stealing privacy and core data, and the national information management requirement that completely autonomous and controllable basic software must be achieved is well met. Besides, the method does not use an external hardware PCI encryption card, does not increase the packaging, deployment and maintenance cost of a database product, does not affect the use convenience and user experience of a database system, and has the potential of continuous improvement and long-term application.

Description

technical field [0001] The invention belongs to the technical field of relational database management and operating system, and in particular relates to a method for realizing the storage encryption function supporting the SM4 national secret algorithm in an OpenGauss database. Background technique [0002] Most of the data in the database is stored on the disk in the form of physical files, and all data is in plain text. From the perspective of data security, there is a very high risk of being stolen. Therefore, it is necessary to encrypt and store the customer's business data files. [0003] OpenGauss is an open-source relational database management system whose core is derived from PostgreSQL. Because its source code does not contain codes related to the key management system, the storage encryption function cannot be used normally, and customer data is still stored on the disk in plain text. Safety cannot be guaranteed. [0004] With the rapid development of the domesti...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/60G06F21/62
CPCG06F21/602G06F21/6218
Inventor 石青何小栋
Owner MASSIVE CLOUD BEIJING DATA TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products