0
代码
代码
Issues
Pull Requests
讨论
Wiki
分析
0
GGitee修改标点符号
cc9e2bba创建于 2025年3月13日历史提交

使用RSA密钥对(PKCS1模式)签名及签名恢复(ArkTS)

对应的算法规格请查看签名验签算法规格:RSA

签名

  1. 调用cryptoFramework.createAsyKeyGeneratorAsyKeyGenerator.generateKeyPair,生成密钥算法为RSA、密钥长度为1024位、素数个数为2的非对称密钥对象(KeyPair),包括公钥(PubKey)和私钥(PriKey)。

    如何生成RSA非对称密钥,开发者可参考下文示例,并结合非对称密钥生成和转换规格:RSA随机生成非对称密钥对理解,参考文档与当前示例可能存在入参差异,请在阅读时注意区分。

  2. 调用cryptoFramework.createSign,指定字符串参数'RSA1024|PKCS1|SHA256|SignOnly',创建非对称密钥类型为RSA1024、填充模式为PKCS1、摘要算法为SHA256的Sign实例,用于完成仅签名操作。

  3. 调用Sign.init,使用私钥(PriKey)初始化Sign实例。

  4. 调用Sign.sign,生成数据签名。

验签

  1. 调用cryptoFramework.createVerify,指定字符串参数'RSA1024|PKCS1|SHA256|Recover',与签名的Sign实例保持一致。创建Verify实例,用于完成验签操作。

  2. 调用Verify.init,使用公钥(PubKey)初始化Verify实例。

  3. 调用Verify.recover,对数据进行签名恢复。

  • 异步方法示例:

    import { cryptoFramework } from '@kit.CryptoArchitectureKit';
import { buffer } from '@kit.ArkTS';
// 完整的明文被拆分为input1和input2。
let input1: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from("This is Sign test plan1", 'utf-8').buffer) };
async function signMessagePromise(priKey: cryptoFramework.PriKey) {
  let signAlg = "RSA1024|PKCS1|NoHash|OnlySign";
  let signer = cryptoFramework.createSign(signAlg);
  await signer.init(priKey);
  let signData = await signer.sign(input1);
  return signData;
}
async function verifyMessagePromise(signMessageBlob: cryptoFramework.DataBlob, pubKey: cryptoFramework.PubKey) {
  let verifyAlg = "RSA1024|PKCS1|NoHash|Recover";
  let verifier = cryptoFramework.createVerify(verifyAlg);
  await verifier.init(pubKey);
  let rawSignData = await verifier.recover(signMessageBlob);
  return rawSignData;
}
async function main() {
  let keyGenAlg = "RSA1024";
  let generator = cryptoFramework.createAsyKeyGenerator(keyGenAlg);
  let keyPair = await generator.generateKeyPair();
  let signData = await signMessagePromise(keyPair.priKey);
  let rawSignData = await verifyMessagePromise(signData, keyPair.pubKey);
  if (rawSignData !== null) {
    console.info('recover result: ' + rawSignData.data);
  } else {
    console.error("get verify recover result fail!");
  }
}

  • 同步方法示例:

    import { cryptoFramework } from '@kit.CryptoArchitectureKit';
import { buffer } from '@kit.ArkTS';
// 完整的明文被拆分为input1和input2。
let input1: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from("This is Sign test plan1", 'utf-8').buffer) };
function signMessagePromise(priKey: cryptoFramework.PriKey) {
  let signAlg = "RSA1024|PKCS1|NoHash|OnlySign";
  let signer = cryptoFramework.createSign(signAlg);
  signer.initSync(priKey);
  let signData = signer.signSync(input1);
  return signData;
}
function verifyMessagePromise(signMessageBlob: cryptoFramework.DataBlob, pubKey: cryptoFramework.PubKey) {
  let verifyAlg = "RSA1024|PKCS1|NoHash|Recover";
  let verifier = cryptoFramework.createVerify(verifyAlg);
  verifier.initSync(pubKey);
  let rawSignData = verifier.recoverSync(signMessageBlob);
  return rawSignData;
}
function main() {
  let keyGenAlg = "RSA1024";
  let generator = cryptoFramework.createAsyKeyGenerator(keyGenAlg);
  let keyPair = generator.generateKeyPairSync();
  let signData = signMessagePromise(keyPair.priKey);
  let rawSignData = verifyMessagePromise(signData, keyPair.pubKey);
  if (rawSignData !== null) {
    console.info('recover result: ' + rawSignData.data);
  } else {
    console.error("get verify recover result fail!");
  }
}