1. A cross-internet file secure sharing method based on an HTML5 technology is characterized by comprising the following steps:

s1, encrypting the file;

s2, encrypting the file element;

and S3, starting a file downloading verification process.

2. The method for safely sharing files across the internet based on the HTML5 technology of claim 1, wherein the specific method for encrypting the files in S1 includes the following steps:

s101, converting each file in the sharing file list into a binary data stream;

s102, connecting a plurality of binary data streams into one binary data stream in an end-to-end stream mode;

s103, partitioning the combined binary data stream into blocks according to a fixed size, where the size of each block is 65519 (namely 65519 is 1024 × 64-17);

s104, filling data for the tail of each data block, wherein the tail filling (1, 0, …, 0) of the complete block is 17 bytes in total, and the tail filling (2) of the last block is only 1 byte;

s105, generating a random Salt value and adding the Salt value to the encrypted file download URL;

s106, deriving an original encryption key rawSecretKey from the download password and the random Salt, and sequentially intercepting 16 bytes from the rawSecretKey as a file pool metadata encryption key metaKey, 16 bytes as a download authentication key authKey and 16 bytes as an encryption key blockKey of a data block;

s107, generating a 16-byte random number Nonce;

s108, generating a baseIV with the length of 12 bytes by the blockKey and the Nonce through an HKDF function, and carrying out XOR operation on the last 4 bytes of the baseIV and the serial number n of each block to obtain xorN;

s109, generating a data encryption key dataKey by the blockKey and the Nonce through the HKDF function, wherein the calculation process of the encryption key dataKey in the S109 is as follows: dataKey ═ HKDF (blockKey, Nonce, "prime-data-key");

s110, obtaining an IV with the length of 16 bytes by respectively using the xorN of each block to be added to a base IV, carrying out symmetric encryption operation on the data blocks by using the IV, dataKey and GCM working modes to respectively obtain ciphertext of each block, and then sequentially linking the ciphertext back and forth to form a binary ciphertext stream;

and S111, adding the Nonce as a large number to 65536, putting the addition result to the header of the ciphertext stream, and ending the encryption process.

3. The method of claim 2, wherein the xor operation in S108 to obtain xorN is calculated by: the baseIV is HKDF (blockKey, Nonce, "prime-Nonce"), wherein the HKDF function is a standard derivative function, and the method supports common international cryptographic algorithms and national cryptographic algorithms.

4. The HTML5 technology-based cross-Internet file secure sharing method as claimed in claim 2, wherein the derivation method in 106 is a general PBKDF2 function, and the calculation process is as follows: the scheme takes a value of 3, and PBKDF2 supports common international and national cryptographic algorithms, wherein Pwd is a download password, n is a natural number, and pwkdf 2(Pwd, Salt, n, 48).

5. The method for safely sharing files across the internet based on the HTML5 technology, as claimed in claim 1, wherein the step of encrypting the file elements in S2 specifically includes:

s201, randomly generating an integer and taking a 16-system character of the integer as a file id;

s202, forming an encrypted file linked list by the name, size and type of a plaintext file, wherein the file linked list is called manifest;

s203, forming encrypted file metadata by the name (id) of the encrypted file, the size (size) of the encrypted file, the type (type) of the encrypted file and the manifest, wherein the encrypted file metadata is named metaFile;

s204, carrying out ECB mode encryption on the metaFile by using the metaKey;

s205, forming ciphertext file description information by limiting the download times, limiting the download time, downloading the authentication code and metaFile;

s205, uploading the description information of the ciphertext file and the ciphertext file to a preset storage position of the Web server, and generating a secure sharing download link.

6. The method of claim 5, wherein the specific format of the encrypted file chain table in S202 comprises: { (name: fileName, size: fileSize, type: fileType), … … … … … … … … …, (name: fileName, size: fileSize, type: fileType) }.

7. The method of claim 5, wherein the encrypting the source data format of the file in S203 specifically comprises: (name: id, size: length, type: default, data: manifest).

8. The method of claim 5, wherein the ciphertext file description information format in the S205 specifically includes: (Down Times: m, limitedTime: n, auth: authCode, file: metaFile).

9. The method of claim 1, wherein the file download verification process specifically comprises the following steps:

s301, the server program firstly checks the download time and download times of the file, if the download time is overtime or the download allowed times is 0, the download is prohibited, the encrypted file is deleted, and the deletion of the file is prompted at the browser end;

s302, if the encrypted file is in the downloading validity period, the browser prompts a downloader to input a downloading password, the system calculates the authKey according to a preset format according to the downloading password, calculates the newAuthcode according to related information, compares the newAuthcode with the authCode stored at the server side, if the two are consistent, proves that the downloading password is correct, the server side pushes the encrypted file to the downloading browser, the downloading browser decrypts the file according to a reverse flow of symmetric encryption, firstly decrypts file metadata, acquires original file list information, and then sequentially puts the decrypted data into different original files;

s303, after the downloading is successful, the downloading frequency is reduced by one, and if the downloading frequency is reduced to 0, the related file of the server terminal is deleted.

10. The cross-internet file secure sharing system based on the HTML5 technology is characterized by comprising a plurality of file secure sharing browser ends and a file secure sharing server end, wherein the file secure sharing browser ends are connected to the file secure sharing server end through HTTP communication, and the cross-internet file secure sharing system is built according to any one of claims 1 to 9 based on the HTML5 technology.

Background

With the development of the internet communication technology, the problem of network security of internet communication is gradually highlighted, the size of files transmitted through the internet is gradually increased, but the file transmission security is not well controlled, and the file encryption condition is not well controlled.

Electronic files under the internet environment are formed in a network constructed by digital equipment, are stored in media such as hard disks, optical disks and the like in a digital form, rely on electronic equipment such as computers for reading and processing, and can be transmitted and utilized on the internet.

In daily work, when a user shares files with other users through the Internet, in order to prevent the files from being obtained by unauthorized persons in the network transmission process, the files are generally encrypted files sent to a receiver by the user through instant messaging software, a common file encryption method is provided by a compression tool comprising RAR or custom encryption software, and encrypted passwords of the files are input by the user; after receiving the encrypted file, the receiver needs to use the same compression or encryption software for decryption, and multiple users working on the internet need to have the same compression or encryption software, which is obviously difficult, so that the security processing capability of the cross-internet file is affected, and the processing and sharing requirements cannot be well met.

Disclosure of Invention

The invention aims to: in order to solve the problem that the common file encryption method is provided by a compression tool comprising RAR or custom encryption software, a password for encrypting the file is input by a user; after receiving the encrypted file, the receiver needs to use the same compression or encryption software for decryption, and needs to have the same compression or encryption software among a plurality of users working on the internet, which obviously has some difficult problems, and the method and the system for safely sharing the file across the internet based on the HTML5 technology are provided.

In order to achieve the purpose, the invention adopts the following technical scheme:

a cross-internet file secure sharing method based on an HTML5 technology specifically comprises the following steps:

s1, encrypting the file;

s2, encrypting the file element;

and S3, starting a file downloading verification process.

As a further description of the above technical solution:

the specific method for encrypting the file by the S1 includes the following steps:

s101, converting each file in the sharing file list into a binary data stream (Readablestream object in Java Script);

s102, connecting a plurality of binary data streams into one binary data stream in an end-to-end stream mode;

s103, partitioning the combined binary data stream into blocks according to a fixed size, where the size of each block is 65519 (namely 65519 is 1024 × 64-17);

s104, filling data for the tail of each data block, wherein the tail filling (1, 0, …, 0) of the complete block is 17 bytes in total, and the tail filling (2) of the last block is only 1 byte;

s105, generating a random Salt value and adding the Salt value to the encrypted file download URL;

s106, deriving an original encryption key rawSecretKey from the download password and the random Salt, and sequentially intercepting 16 bytes from the rawSecretKey as a file pool metadata encryption key metaKey, 16 bytes as a download authentication key authKey and 16 bytes as an encryption key blockKey of a data block;

s107, generating a 16-byte random number Nonce;

s108, generating a baseIV with the length of 12 bytes by the blockKey and the Nonce through an HKDF function, and carrying out XOR operation on the last 4 bytes of the baseIV and the serial number n of each block to obtain xorN;

s109, generating a data encryption key dataKey by the blockKey and the Nonce through the HKDF function, wherein the calculation process of the encryption key dataKey in the S109 is as follows: dataKey ═ HKDF (blockKey, Nonce, "prime-data-key");

s110, obtaining an IV with the length of 16 bytes by respectively using the xorN of each block to be added to a base IV, carrying out symmetric encryption operation on the data blocks by using the IV, dataKey and GCM working modes to respectively obtain ciphertext of each block, and then sequentially linking the ciphertext back and forth to form a binary ciphertext stream;

and S111, adding the Nonce as a large number to 65536, putting the addition result to the header of the ciphertext stream, and ending the encryption process.

As a further description of the above technical solution:

the specific calculation process of obtaining xorN by the xor operation in S108 is as follows: the baseIV is HKDF (blockKey, Nonce, "prime-Nonce"), wherein the HKDF function is a standard derivative function, and the method supports common international cryptographic algorithms and national cryptographic algorithms.

As a further description of the above technical solution:

the derivation method in 106 is a general PBKDF2 function, and the calculation process is as follows: the scheme takes a value of 3, and PBKDF2 supports common international and national cryptographic algorithms, wherein Pwd is a download password, n is a natural number, and pwkdf 2(Pwd, Salt, n, 48).

As a further description of the above technical solution:

the step of encrypting the file element in S2 specifically includes:

s201, randomly generating an integer and taking a 16-system character of the integer as a file id;

s202, forming an encrypted file linked list by the name, size and type of a plaintext file, wherein the file linked list is called manifest;

s203, forming encrypted file metadata by the name (id) of the encrypted file, the size (size) of the encrypted file, the type (type) of the encrypted file and the manifest, wherein the encrypted file metadata is named metaFile;

s204, carrying out ECB mode encryption on the metaFile by using the metaKey;

s205, forming ciphertext file description information by limiting the download times, limiting the download time, downloading the authentication code and metaFile;

s205, uploading the description information of the ciphertext file and the ciphertext file to a preset storage position of the Web server, and generating a secure sharing download link.

As a further description of the above technical solution:

the specific format of the encrypted file linked list in S202 includes: { (name: fileName, size: fileSize, type: fileType), … … … … … … … … …, (name: fileName, size: fileSize, type: fileType) }.

As a further description of the above technical solution:

the encrypted file source data format in S203 specifically includes: (name: id, size: length, type: default, data: manifest).

As a further description of the above technical solution:

the ciphertext file description information format in S205 specifically includes: (Down Times: m, limitedTime: n, auth: authCode, file: metaFile).

As a further description of the above technical solution:

the enabling file downloading verification process specifically comprises the following steps:

s301, the server program firstly checks the download time and download times of the file, if the download time is overtime or the download allowed times is 0, the download is prohibited, the encrypted file is deleted, and the deletion of the file is prompted at the browser end;

s302, if the encrypted file is in the downloading validity period, the browser prompts a downloader to input a downloading password, the system calculates the authKey according to a preset format according to the downloading password, calculates the newAuthcode according to related information, compares the newAuthcode with the authCode stored at the server side, if the two are consistent, proves that the downloading password is correct, the server side pushes the encrypted file to the downloading browser, the downloading browser decrypts the file according to a reverse flow of symmetric encryption, firstly decrypts file metadata, acquires original file list information, and then sequentially puts the decrypted data into different original files;

s303, after the downloading is successful, the downloading frequency is reduced by one, and if the downloading frequency is reduced to 0, the related file of the server terminal is deleted.

A cross-internet file secure sharing system based on an HTML5 technology specifically comprises a plurality of file secure sharing browser ends and a file secure sharing server end, wherein the plurality of file secure sharing browser ends are connected to the file secure sharing server end through HTTP communication.

In summary, due to the adoption of the technical scheme, the invention has the beneficial effects that:

1. according to the invention, through the matching of the cloud storage device and the webpage end password verification, any file processing method supporting HTML5 webpage browser can be used for realizing file encryption and safe sharing functions and increasing the file time limit and time limit downloading, the instant use capability of cross-internet file safe sharing can be increased, multiple application system attributes can be adapted, and the adaptability requirement of encryption control software is lowered.

2. According to the processing method, after the corresponding key is memorized, the requirement on user operation can be obviously reduced by simplifying the user operation sequence, the requirement on universality regulation control of encrypted file transmission can be further realized, and the actual control on file encryption safety analysis can be realized by reducing the interactive control difficulty of the encrypted file.

3. According to the invention, the dependence on third-party software is eliminated through a system matched with the processing method, the sharing processing capacity of the file safety is realized, the interactive processing capacity of the internet files through the webpage is favorably realized, the negative influence of the third-party software on the network safety is avoided, and the corresponding time efficiency of a hardware end and the file interactive analysis efficiency are improved.

4. According to the invention, through the processing of independent encryption link of data, the binary processing of a security analysis file and the encoding encryption processing of a file link layer, the corresponding control of a double key is effectively realized, the security encryption strength of the file is obviously improved, the confidential storage of file pool information is realized through the encryption setting of a file element, the corresponding file content protection capability is maintained to the maximum extent while the tracing processing capability is favorably realized, after the link file is stored, the encryption metadata can be stored at the position of a preset server, the restriction capability of the file size can be further removed, the requirement capability of the encryption system hardware is reduced, and the control requirements under different conditions are effectively met.

Drawings

Fig. 1 is a framework of a cross-internet file secure sharing system based on HTML5 technology according to the present invention;

fig. 2 is a file uploading flowchart of a cross-internet file secure sharing method based on HTML5 technology according to the present invention;

fig. 3 is a file downloading processing flow chart of a cross-internet file secure sharing method based on HTML5 technology according to the present invention;

FIG. 4 is a flowchart of a file encryption process of a cross-Internet file secure sharing method based on HTML5 technology according to the present invention;

FIG. 5 is a file encryption flowchart of a cross-Internet file secure sharing method based on HTML5 technology according to the present invention;

fig. 6 is a file metadata encryption processing flow diagram of a cross-internet file secure sharing method based on HTML5 technology according to the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Referring to fig. 1-6, the present invention provides a technical solution: a cross-internet file secure sharing method based on an HTML5 technology specifically comprises the following steps:

s1, encrypting the file;

the specific method for encrypting the file in S1 includes the following steps: s101, converting each file in the sharing file list into a binary data stream (Readablestream object in Java Script);

s102, connecting a plurality of binary data streams into one binary data stream in an end-to-end stream mode;

s103, partitioning the combined binary data stream into blocks according to a fixed size, where the size of each block is 65519 (namely 65519 is 1024 × 64-17);

s104, filling data for the tail of each data block, wherein the tail filling (1, 0, …, 0) of the complete block is 17 bytes in total, and the tail filling (2) of the last block is only 1 byte;

s105, generating a random Salt value and adding the Salt value to the encrypted file download URL;

s106, deriving an original encryption key rawSecretKey from the download password and the random Salt, sequentially intercepting 16 bytes from the rawSecretKey as a file pool metadata encryption key metaKey, 16 bytes as a download authentication key authKey and 16 bytes as an encryption key blockKey of a data block, wherein the derivation method in 106 is a general PBKDF2 function, and the calculation process is as follows: the method is characterized in that the method comprises the following steps that (1) rawSecretKey is PBKDF2(Pwd, Salt, n, 48), wherein Pwd is a downloading password, n is a natural number, the scheme takes a value of 3, and PBKDF2 supports common international cryptographic algorithms and national cryptographic algorithms;

specifically, the function for deriving the key is often used for generating the encrypted password, and the basic principle is that a pseudo-random function HMAC function is used, a plaintext and a salt value are used as input parameters, then the operation is repeated, and finally the key is generated, and if the repeated times are large enough, the cracking cost becomes high. The addition of salt also increases the difficulty of table ghost attacks.

S107, generating a 16-byte random number Nonce;

s108, generating a baseIV with the length of 12 bytes by the blockKey and Nonce through an HKDF function, and performing XOR operation on the last 4 bytes of the baseIV and the serial number n of each block to obtain xorN, wherein the specific calculation process of obtaining the xorN through the XOR operation in the S108 is as follows: the method comprises the following steps that (1) baseIV is HKDF (blockKey, Nonce, 'prime-Nonce'), wherein the HKDF function is a standard derivative function, and the method supports common international cryptographic algorithms and national cryptographic algorithms;

specifically, the HKDF algorithm is an important basic algorithm related to key generation, is closely related to key derivation, provides a mechanism for message integrity confirmation between two opposite ends based on a common key, hashes a message, attaches an obtained hash value to the message, sends the hash value together with the message, and after receiving the hash value by the opposite ends, performs the hash to verify whether the message is tampered — the hash value obtained by a key point on different data is different, where the obtained hash value is the MAC (also called a message digest in other contexts). In addition, in order to avoid using the same hash function to operate the same data to always obtain the same digest, a key is additionally added, so that different MACs can be obtained by using different keys, certainly, the key is known by two opposite ends, and the serial number production processing is realized by calculating the derivative function of the HKDF.

S109, generating a data encryption key dataKey by the blockKey and the Nonce through the HKDF function, wherein the calculation process of the encryption key dataKey in the S109 is as follows: dataKey ═ HKDF (blockKey, Nonce, "prime-data-key");

s110, obtaining an IV with the length of 16 bytes by respectively using the xorN of each block to be added to a base IV, carrying out symmetric encryption operation on the data blocks by using the IV, dataKey and GCM working modes to respectively obtain ciphertext of each block, and then sequentially linking the ciphertext back and forth to form a binary ciphertext stream;

s111, adding the Nonce as a large number to 65536, putting the addition result to the head of the ciphertext stream, and ending the encryption process

S2, encrypting the file element;

wherein, the step of encrypting the file element in S2 specifically includes:

s201, randomly generating an integer and taking a 16-system character of the integer as a file id;

s202, forming an encrypted file linked list by the name (name), the size (size) and the type (type) of a plaintext file, wherein the file linked list is called manifest, and the specific format of the encrypted file linked list in the S202 comprises the following steps: { (name: fileName, size: fileSize, type: fileType), … … … … … … … … …, (name: fileName, size: fileSize, type: fileType) };

s203, forming encrypted file metadata by using the encrypted file name (id), the encrypted file size (size), the file type (type), and the manifest, where the encrypted file metadata is referred to as metaFile, and the format of the encrypted file source data in S203 specifically includes: (name: id, size: length, type: default, data: manifest);

s204, carrying out ECB mode encryption on the metaFile by using the metaKey;

s205, forming ciphertext file description information by limiting the download times, limiting the download time, downloading the authentication code and metaFile, wherein the format of the ciphertext file description information in the S205 specifically comprises: (Down Times: m, limitedTime: n, auth: authCode, file: metaFile);

s205, uploading the description information of the ciphertext file and the ciphertext file to a preset storage position of a Web server, and generating a secure sharing download link;

and S3, starting a file downloading verification process.

The process for downloading and verifying the enabled file specifically comprises the following steps:

s301, the server program firstly checks the download time and download times of the file, if the download time is overtime or the download allowed times is 0, the download is prohibited, the encrypted file is deleted, and the deletion of the file is prompted at the browser end;

s302, if the encrypted file is in the downloading validity period, the browser prompts a downloader to input a downloading password, the system calculates the authKey according to a preset format according to the downloading password, calculates the newAuthcode according to related information, compares the newAuthcode with the authCode stored at the server side, if the two are consistent, proves that the downloading password is correct, the server side pushes the encrypted file to the downloading browser, the downloading browser decrypts the file according to a reverse flow of symmetric encryption, firstly decrypts file metadata, acquires original file list information, and then sequentially puts the decrypted data into different original files;

s303, after the downloading is successful, the downloading frequency is reduced by one, and if the downloading frequency is reduced to 0, the related file of the server terminal is deleted.

A cross-internet file secure sharing system based on an HTML5 technology specifically comprises a plurality of file secure sharing browser ends and a file secure sharing server end, wherein the plurality of file secure sharing browser ends are connected to the file secure sharing server end through HTTP communication.

The working principle is that a file to be encrypted is pre-uploaded before network encryption is carried out, a file sender requests a first page resource file from a Web server through Web server website input in a terminal server and a personal computer browser window, after a file security analysis page is displayed, the file sender selects a file to be shared in a terminal, acquires corresponding file attributes, and then adds the file to a file pool in a classified manner, a user selects corresponding times for downloading the corresponding file after selecting expiration time through a Web browser, and after a file encryption password is input, the Web browser carries out cyclic judgment on the file, when the length of the file stream is greater than a set value, the file stream can be read, the Web browser submits ciphertext data and file pool information to the Web server, the server stores enabling encryption and then links to a file uploading webpage end through a returned file URL, and at the moment, a URL link copy prompt box of the security file is popped up by the webpage end, and at the moment, the uploading of the file to be encrypted is finished after the user selects corresponding operation.

Encrypting file data, namely reading a selected file into a binary data stream, merging a plurality of binary data streams into one binary data stream, blocking the binary data stream into blocks with fixed size, filling tail parts of the block data, deriving a file encryption key according to a download password and random SALT, generating blocks at corresponding positions, continuously encrypting in a GCM mode, connecting ciphertext blocks into the binary data stream, writing the ciphertext blocks into a file to finish the encryption processing of a single file, simultaneously forming an encrypted file linked list according to the name, size and type of a security file, and then realizing the authentication code corresponding to the encryption stroke of the metadata by encrypting the metadata of the encrypted file main body, the size, the file type and the file linked list stroke of the metadata to finish the encryption processing of encrypted information.

The file downloading process includes that a server program firstly checks the downloading time and the downloading frequency of a file, if the downloading time and the downloading frequency are overtime or the downloading frequency is allowed to be 0, downloading is prohibited, the encrypted file is deleted, the browser prompts a downloader to input a downloading password if the encrypted file is within the downloading validity period, a system calculates an authkey according to a preset format according to the downloading password, calculates a newAuthcode according to related information, compares the newAuthcode with the authCode stored in the server, if the downloaded password is consistent, proves that the downloading password is correct, the server pushes the encrypted file to a downloading browser, the downloading browser decrypts according to a reverse flow of symmetric encryption, firstly decrypts file metadata, acquires original file list information, and then sequentially puts the decrypted data into different original files. And after the downloading is successful, reducing the downloading frequency by one, and if the downloading frequency is reduced to 0, deleting the related file at the server end.

The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.