Abstract: Cloud storage is a new form of network storage. With the widespread use of cloud storage, data security in cloud storage, such as data leakage, data tampering, has become widespread concern. Cloud storage can be divided into the access layer (AL), the application interface layer (APIL), the infrastructure management layer (IML) and the storage layer (SL). Security of cloud storage can be divided into security of the access layer (SAL), security of the application interface layer (SAPIL), security of the infrastructure management layer (SIML) and security of the storage layer (SoSL). A data storage encryption mechanism is designed to deal with the conifdentiality of the data in cloud storage in this paper. The mechanism is implemented in an application environment of the ofifce system based on cloud desktop. The infrastructure management layer is implemented based on JAVA and JSP. The interface between the infrastructure management layer and the storage layer is implemented based on Bash Script. The data encryption on the sever is implemented based on open source projects TGT.