Signing and Signature Verification with an ECC Key Pair (OnlySign and OnlyVerify Modes) (ArkTS)
Signature verification supports the OnlySign and OnlyVerify mode since API version 26.0.0. For details about the algorithm specifications, see ECDSA.
Signing
-
Call cryptoFramework.createMd with the digest algorithm SHA1 to create a message digest (Md) instance.
-
Call Md.update to pass a custom message to perform digest update calculation. There is not limit on the size of data to be passed in a single update.
-
Call Md.digest to obtain the digest calcuation result.
-
Call cryptoFramework.createAsyKeyGenerator and AsyKeyGenerator.generateKeyPair to generate an asymmetric key object (KeyPair), which includes a public key (PubKey) and a private key (PriKey). The key algorithm is ECC and curve type is ECC224.
In addition to the example in this topic, ECC and Randomly Generating an Asymmetric Key Pair may help you better understand how to generate an ECC asymmetric key pair. Note that the input parameters in the reference documents may be different from those in the example below.
-
Call cryptoFramework.createSign with the string parameter 'ECC|SHA1|OnlySign' to create a Sign instance. The asymmetric key type is ECC, digest algorithm is SHA1, and signature mode is OnlySign.
-
Call Sign.init to initialize the Sign instance with the private key (PriKey).
-
Call Sign.sign to generate a digest signature.
Signature Verification
-
Call cryptoFramework.createVerify with the string parameter 'ECC|SHA1|OnlyVerify' to create a Verify instance. The asymmetric key type is ECC, digest algorithm is SHA1, and signature verification mode is OnlyVerify.
-
Call Verify.init to initialize the Verify instance using the public key (PubKey).
-
Call Verify.verify to verify the digest signature.
-
Example (using asynchronous APIs):
import { cryptoFramework } from '@kit.CryptoArchitectureKit'; import { buffer } from '@kit.ArkTS'; async function signMessagePromise(priKey: cryptoFramework.PriKey, digestBlob: cryptoFramework.DataBlob) { let signAlg = 'ECC|SHA1|OnlySign'; let signer = cryptoFramework.createSign(signAlg); await signer.init(priKey); let signData = await signer.sign(digestBlob); return signData; } async function verifyMessagePromise(digestBlob: cryptoFramework.DataBlob, signMessageBlob: cryptoFramework.DataBlob, pubKey: cryptoFramework.PubKey) { let verifyAlg = 'ECC|SHA1|OnlyVerify'; let verifier = cryptoFramework.createVerify(verifyAlg); await verifier.init(pubKey); let res = await verifier.verify(digestBlob, signMessageBlob); console.info('verify result: ' + res); return res; } async function main() { let messageData: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from('This is ecc onlySign test', 'utf-8').buffer) }; // Use MD to calculate the SHA-256 digest (32 bytes) first. let md = cryptoFramework.createMd('SHA1'); await md.update(messageData); let digestBlob = await md.digest(); let keyGenAlg = 'ECC224'; let generator = cryptoFramework.createAsyKeyGenerator(keyGenAlg); let keyPair = await generator.generateKeyPair(); let signData = await signMessagePromise(keyPair.priKey, digestBlob); let verifyResult = await verifyMessagePromise(digestBlob, signData, keyPair.pubKey); if (verifyResult === true) { console.info('verify result: success.'); } else { console.error('verify result: failed.'); } }ecc_onlysign_onlyverify_signature_verification_asynchronous.ets
-
Example (using synchronous APIs):
import { cryptoFramework } from '@kit.CryptoArchitectureKit'; import { buffer } from '@kit.ArkTS'; function signMessagePromise(priKey: cryptoFramework.PriKey, digestBlob: cryptoFramework.DataBlob) { let signAlg = 'ECC|SHA1|OnlySign'; let signer = cryptoFramework.createSign(signAlg); signer.initSync(priKey); let signData = signer.signSync(digestBlob); return signData; } function verifyMessagePromise(digestBlob: cryptoFramework.DataBlob, signMessageBlob: cryptoFramework.DataBlob, pubKey: cryptoFramework.PubKey) { let verifyAlg = 'ECC|SHA1|OnlyVerify'; let verifier = cryptoFramework.createVerify(verifyAlg); verifier.initSync(pubKey); let res = verifier.verifySync(digestBlob, signMessageBlob); console.info('verify result: ' + res); return res; } function main() { let messageData: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from('This is ecc onlySign test', 'utf-8').buffer) }; let md = cryptoFramework.createMd('SHA1'); md.updateSync(messageData); let digestBlob = md.digestSync(); let keyGenAlg = 'ECC224'; let generator = cryptoFramework.createAsyKeyGenerator(keyGenAlg); let keyPair = generator.generateKeyPairSync(); let signData = signMessagePromise(keyPair.priKey, digestBlob); let verifyResult = verifyMessagePromise(digestBlob, signData, keyPair.pubKey); if (verifyResult === true) { console.info('verify result: success.'); } else { console.error('verify result: failed.'); } }ecc_onlysign_onlyverify_signature_verification_synchronous.ets