Encryption and Decryption (Cangjie)
Note:
Currently in the beta phase.
Using AES 128, RSA 2048, and SM2 as examples to demonstrate encryption and decryption operations. For specific usage scenarios and supported algorithm specifications, please refer to Supported Algorithms for Key Generation.
Development Steps
Generate Key
-
Specify a key alias.
-
Initialize the key property set.
-
Call generateKeyItem to generate the key. For details, see Key Generation.
Alternatively, developers can refer to Key Import to import existing keys.
Encryption
-
Obtain the key alias specified during key generation.
-
Obtain the data to be encrypted.
-
Configure the encryption algorithm parameters.
The documentation provides multiple examples. When using different algorithms, ensure the corresponding parameters are configured:
- For AES encryption with CBC mode and PKCS7 padding, the IV parameter is mandatory. See Development Example: AES/CBC/PKCS7.
- For AES encryption with GCM mode, the NONCE parameter is mandatory, and AAD is optional. See Development Example: AES/GCM/NoPadding.
- For RSA encryption, select the corresponding block mode, padding mode, and digest algorithm (DIGEST). See Development Example: RSA/ECB/PKCS1_V1_5 and Development Example: RSA/ECB/OAEP/SHA256.
- For SM2 encryption, the digest algorithm (DIGEST) must be set to SM3. See Development Example: SM2.
For detailed specifications, refer to Encryption/Decryption Introduction and Algorithm Specifications.
-
Call initSession to initialize the key session and obtain the session handle.
-
Call finishSession to complete the key session and obtain the encrypted ciphertext.
Decryption
-
Obtain the key alias specified during key generation.
-
Obtain the ciphertext to be decrypted.
-
Configure the decryption algorithm parameters.
The documentation provides multiple examples. When using different algorithms, ensure the corresponding parameters are configured:
- For AES decryption with GCM mode, the NONCE and AEAD parameters are mandatory, and AAD is optional. See Development Example: AES/GCM/NoPadding.
- Other examples follow the same parameter requirements as encryption.
For detailed specifications, refer to Encryption/Decryption Introduction and Algorithm Specifications.
-
Call initSession to initialize the key session and obtain the session handle.
-
Call finishSession to complete the key session and obtain the decrypted data.
Delete Key
When a key is no longer needed, call deleteKeyItem to delete it. For details, see Key Deletion.
Development Examples
AES/CBC/PKCS7
/*
* The following demonstrates the usage of AES/CBC/PKCS7 operations.
*/
import kit.PerformanceAnalysisKit.Hilog
import kit.BasicServicesKit.*
import kit.CoreFileKit.*
import kit.AbilityKit.*
import kit.UniversalKeystoreKit.*
let aesKeyAlias = 'test_aesKeyAlias' // Key alias, specified during key generation and used for encryption, decryption, and deletion
var handle: ?HuksHandleId = None
let plainText = 'PLAIN_TEXT' // Plaintext to be encrypted
let IV = 'TEST_IV' // Sample code; use random values in actual scenarios
var cipherData: ?Array<UInt8> = [] // Encrypted ciphertext data
func StringToUint8Array(str: String) {
return str.toArray()
}
func Uint8ArrayToString(fileData: Array<UInt8>) {
return String.fromUtf8(fileData)
}
func GetAesGenerateProperties() {
let properties: Array<HuksParam> = [
HuksParam(
HuksTag.HUKS_TAG_ALGORITHM,
HuksParamValue.Uint32Value(HuksKeyAlg.HUKS_ALG_AES)
),
HuksParam(
HuksTag.HUKS_TAG_KEY_SIZE,
HuksParamValue.Uint32Value(HuksKeySize.HUKS_AES_KEY_SIZE_128)
),
HuksParam(
HuksTag.HUKS_TAG_PURPOSE,
HuksParamValue.Uint32Value(1 | 2)
// HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
)
]
return properties
}
func GetAesEncryptProperties() {
let properties: Array<HuksParam> = [
HuksParam(
HuksTag.HUKS_TAG_ALGORITHM,
HuksParamValue.Uint32Value(HuksKeyAlg.HUKS_ALG_AES)
),
HuksParam(
HuksTag.HUKS_TAG_KEY_SIZE,
HuksParamValue.Uint32Value(HuksKeySize.HUKS_AES_KEY_SIZE_128)
),
HuksParam(
HuksTag.HUKS_TAG_PURPOSE,
HuksParamValue.Uint32Value(HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT)
),
HuksParam(
HuksTag.HUKS_TAG_PADDING,
HuksParamValue.Uint32Value(HuksKeyPadding.HUKS_PADDING_PKCS7)
),
HuksParam(
HuksTag.HUKS_TAG_BLOCK_MODE,
HuksParamValue.Uint32Value(HuksCipherMode.HUKS_MODE_CBC)
),
HuksParam(
HuksTag.HUKS_TAG_IV,
HuksParamValue.BytesValue(IV.toArray())
)
]
return properties
}
func GetAesDecryptProperties() {
let properties: Array<HuksParam> = [
HuksParam(
HuksTag.HUKS_TAG_ALGORITHM,
HuksParamValue.Uint32Value(HuksKeyAlg.HUKS_ALG_AES)
),
HuksParam(
HuksTag.HUKS_TAG_KEY_SIZE,
HuksParamValue.Uint32Value(HuksKeySize.HUKS_AES_KEY_SIZE_128)
),
HuksParam(
HuksTag.HUKS_TAG_PURPOSE,
HuksParamValue.Uint32Value(HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT)
),
HuksParam(
HuksTag.HUKS_TAG_PADDING,
HuksParamValue.Uint32Value(HuksKeyPadding.HUKS_PADDING_PKCS7)
),
HuksParam(
HuksTag.HUKS_TAG_BLOCK_MODE,
HuksParamValue.Uint32Value(HuksCipherMode.HUKS_MODE_CBC)
),
HuksParam(
HuksTag.HUKS_TAG_IV,
HuksParamValue.BytesValue(IV.toArray())
)
]
return properties
}
/*
* Simulate key generation scenario
*/
func GenerateAesKey() {
// Get key generation algorithm parameters
let genProperties = GetAesGenerateProperties()
let options: HuksOptions = HuksOptions(properties: genProperties, inData: Bytes())
// Call generateKeyItem with the specified key alias
generateKeyItem(aesKeyAlias, options)
}
/*
* Simulate encryption scenario
*/
func EncryptData() {
// Get encryption algorithm parameters
let encryptProperties = GetAesEncryptProperties()
let options: HuksOptions = HuksOptions(
properties: encryptProperties,
inData: StringToUint8Array(plainText) // Plaintext to be encrypted
)
// Call initSession to get the handle
handle = initSession(aesKeyAlias, options).handle
// Call finishSession to get the encrypted ciphertext
cipherData = finishSession(handle.getOrThrow(), options)
}
/*
* Simulate decryption scenario
*/
func DecryptData() {
// Get decryption algorithm parameters
let decryptOptions = GetAesDecryptProperties()
let options: HuksOptions = HuksOptions(
properties: decryptOptions,
inData: cipherData.getOrThrow()
)
// Call initSession to get the handle
handle = initSession(aesKeyAlias, options).handle
// Call finishSession to get the decrypted data
let result = finishSession(handle.getOrThrow(), options)
}
/*
* Simulate key deletion scenario
*/
func DeleteKey() {
let emptyOptions: HuksOptions = HuksOptions()
// Call deleteKeyItem to delete the key
deleteKeyItem(aesKeyAlias, emptyOptions)
}
AES/GCM/NoPadding
/*
* The following demonstrates the usage of AES/GCM/NoPadding operations.
*/
import kit.PerformanceAnalysisKit.Hilog
import kit.BasicServicesKit.*
import kit.CoreFileKit.*
import kit.AbilityKit.*
import kit.UniversalKeystoreKit.*
let aesKeyAlias = 'test_aesKeyAlias' // Key alias, specified during key generation and used for encryption, decryption, and deletion
var handle: ?HuksHandleId = None
let plainText = 'PLAIN_TEXT' // Plaintext to be encrypted
var cipherData: ?Array<UInt8> = [] // Encrypted ciphertext data
let AAD = 'TEST_AAD' // Sample code; use random values in actual scenarios
let NONCE = 'TEST_NONCE' // Sample code; use random values in actual scenarios
func StringToUint8Array(str: String) {
return str.toArray()
}
func Uint8ArrayToString(fileData: Array<UInt8>) {
return String.fromUtf8(fileData)
}
func GetAesGenerateProperties() {
let properties: Array<HuksParam> = [
HuksParam(
HuksTag.HUKS_TAG_ALGORITHM,
HuksParamValue.Uint32Value(HuksKeyAlg.HUKS_ALG_AES)
),
HuksParam(
HuksTag.HUKS_TAG_KEY_SIZE,
HuksParamValue.Uint32Value(HuksKeySize.HUKS_AES_KEY_SIZE_128)
),
HuksParam(
HuksTag.HUKS_TAG_PURPOSE,
HuksParamValue.Uint32Value(1 | 2)
)
]
return properties
}
func GetAesGcmEncryptProperties() {
let properties: Array<HuksParam> = [
HuksParam(
HuksTag.HUKS_TAG_ALGORITHM,
HuksParamValue.Uint32Value(HuksKeyAlg.HUKS_ALG_AES)
),
HuksParam(
HuksTag.HUKS_TAG_KEY_SIZE,
HuksParamValue.Uint32Value(HuksKeySize.HUKS_AES_KEY_SIZE_128)
),
HuksParam(
HuksTag.HUKS_TAG_PURPOSE,
HuksParamValue.Uint32Value(HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT)
),
HuksParam(
HuksTag.HUKS_TAG_PADDING,
HuksParamValue.Uint32Value(HuksKeyPadding.HUKS_PADDING_NONE)
),
HuksParam(
HuksTag.HUKS_TAG_BLOCK_MODE,
HuksParamValue.Uint32Value(HuksCipherMode.HUKS_MODE_GCM)
),
HuksParam(
HuksTag.HUKS_TAG_NONCE,
HuksParamValue.BytesValue(NONCE.toArray())
),
HuksParam(
HuksTag.HUKS_TAG_ASSOCIATED_DATA,
HuksParamValue.BytesValue(AAD.toArray())
)
]
return properties
}
func GetAesGcmDecryptProperties(cipherData: Array<UInt8>) {
let properties: Array<HuksParam> = [
HuksParam(
HuksTag.HUKS_TAG_ALGORITHM,
HuksParamValue.Uint32Value(HuksKeyAlg.HUKS_ALG_AES)
),
HuksParam(
HuksTag.HUKS_TAG_KEY_SIZE,
HuksParamValue.Uint32Value(HuksKeySize.HUKS_AES_KEY_SIZE_128)
),
HuksParam(
HuksTag.HUKS_TAG_PURPOSE,
HuksParamValue.Uint32Value(HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT)
),
HuksParam(
HuksTag.HUKS_TAG_PADDING,
HuksParamValue.Uint32Value(HuksKeyPadding.HUKS_PADDING_NONE)
),
HuksParam(
HuksTag.HUKS_TAG_BLOCK_MODE,
HuksParamValue.Uint32Value(HuksCipherMode.HUKS_MODE_GCM)
),
HuksParam(
HuksTag.HUKS_TAG_NONCE,
HuksParamValue.BytesValue(NONCE.toArray())
),
HuksParam(
HuksTag.HUKS_TAG_ASSOCIATED_DATA,
HuksParamValue.BytesValue(AAD.toArray())
),
HuksParam(
HuksTag.HUKS_TAG_AE_TAG,
HuksParamValue.BytesValue(cipherData.slice(cipherData.size - 16, 16).toArray())
)
]
return properties
}
/*
* Simulating AES key generation scenario
*/
func GenerateAesKey() {
// Get algorithm parameters for key generation
let genProperties = GetAesGenerateProperties()
let options: HuksOptions = HuksOptions(properties: genProperties, inData: Bytes())
// Call generateKeyItem, where aesKeyAlias is the key alias specified by user
generateKeyItem(aesKeyAlias, options)
}
/*
* Simulating encryption scenario
*/
func EncryptData() {
// Get algorithm parameters for encryption
let encryptProperties = GetAesGcmEncryptProperties()
let options: HuksOptions = HuksOptions(
properties: encryptProperties,
inData: StringToUint8Array(plainText)
)
// Call initSession to get handle, aesKeyAlias is the key alias specified during key generation
handle = initSession(aesKeyAlias, options).handle
// Call finishSession to get encrypted ciphertext
cipherData = finishSession(handle.getOrThrow(), options)
}
/*
* Simulating decryption scenario
*/
func DecryptData() {
// Get algorithm parameters for decryption
let decryptOptions = GetAesGcmDecryptProperties(cipherData.getOrThrow())
let options: HuksOptions = HuksOptions(
properties: decryptOptions,
inData: cipherData
.getOrThrow()
.slice(0, cipherData
.getOrThrow()
.size - 16)
)
// Call initSession to get handle, aesKeyAlias is the key alias specified during key generation
handle = initSession(aesKeyAlias, options).handle
// Call finishSession to get decrypted data
let result = finishSession(handle.getOrThrow(), options)
}
/*
* Simulating key deletion scenario
*/
func DeleteKey() {
let emptyOptions: HuksOptions = HuksOptions()
// Call deleteKeyItem to delete key, aesKeyAlias is the key alias specified during key generation
deleteKeyItem(aesKeyAlias, emptyOptions)
}
RSA/ECB/PKCS1_V1_5
/*
* The following demonstrates operations using RSA/ECB/PKCS1_V1_5 mode
*/
import kit.PerformanceAnalysisKit.Hilog
import kit.BasicServicesKit.*
import kit.CoreFileKit.*
import kit.AbilityKit.*
import kit.UniversalKeystoreKit.*
let rsaKeyAlias = 'test_rsaKeyAlias' // Key alias, specified during key generation and used for encryption/decryption/deletion
var handle: ?HuksHandleId = None
let plainText = 'PLAIN_TEXT' // Plaintext to be encrypted
var cipherData: ?Array<UInt8> = [] // Encrypted ciphertext data
func StringToUint8Array(str: String) {
return str.toArray()
}
func Uint8ArrayToString(fileData: Array<UInt8>) {
return String.fromUtf8(fileData)
}
func GetRsaGenerateProperties() {
let properties: Array<HuksParam> = [
HuksParam(
HuksTag.HUKS_TAG_ALGORITHM,
HuksParamValue.Uint32Value(HuksKeyAlg.HUKS_ALG_RSA)
),
HuksParam(
HuksTag.HUKS_TAG_KEY_SIZE,
HuksParamValue.Uint32Value(HuksKeySize.HUKS_RSA_KEY_SIZE_2048)
),
HuksParam(
HuksTag.HUKS_TAG_PURPOSE,
HuksParamValue.Uint32Value(1 | 2)
)
]
return properties
}
func GetRsaEncryptProperties() {
let properties: Array<HuksParam> = [
HuksParam(
HuksTag.HUKS_TAG_ALGORITHM,
HuksParamValue.Uint32Value(HuksKeyAlg.HUKS_ALG_RSA)
),
HuksParam(
HuksTag.HUKS_TAG_KEY_SIZE,
HuksParamValue.Uint32Value(HuksKeySize.HUKS_RSA_KEY_SIZE_2048)
),
HuksParam(
HuksTag.HUKS_TAG_PURPOSE,
HuksParamValue.Uint32Value(HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT)
),
HuksParam(
HuksTag.HUKS_TAG_PADDING,
HuksParamValue.Uint32Value(HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5)
),
HuksParam(
HuksTag.HUKS_TAG_BLOCK_MODE,
HuksParamValue.Uint32Value(HuksCipherMode.HUKS_MODE_ECB)
),
HuksParam(
HuksTag.HUKS_TAG_DIGEST,
HuksParamValue.Uint32Value(HuksKeyDigest.HUKS_DIGEST_NONE)
)
]
return properties
}
func GetRsaDecryptProperties() {
let properties: Array<HuksParam> = [
HuksParam(
HuksTag.HUKS_TAG_ALGORITHM,
HuksParamValue.Uint32Value(HuksKeyAlg.HUKS_ALG_RSA)
),
HuksParam(
HuksTag.HUKS_TAG_KEY_SIZE,
HuksParamValue.Uint32Value(HuksKeySize.HUKS_RSA_KEY_SIZE_2048)
),
HuksParam(
HuksTag.HUKS_TAG_PURPOSE,
HuksParamValue.Uint32Value(HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT)
),
HuksParam(
HuksTag.HUKS_TAG_PADDING,
HuksParamValue.Uint32Value(HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5)
),
HuksParam(
HuksTag.HUKS_TAG_BLOCK_MODE,
HuksParamValue.Uint32Value(HuksCipherMode.HUKS_MODE_ECB)
),
HuksParam(
HuksTag.HUKS_TAG_DIGEST,
HuksParamValue.Uint32Value(HuksKeyDigest.HUKS_DIGEST_NONE)
)
]
return properties
}
/*
* Simulating RSA key generation scenario
*/
func GenerateRsaKey() {
// Get algorithm parameters for key generation
let genProperties = GetRsaGenerateProperties()
let options: HuksOptions = HuksOptions(properties: genProperties, inData: Bytes())
// Call generateKeyItem, where rsaKeyAlias is the key alias specified by user
generateKeyItem(rsaKeyAlias, options)
}
/*
* Simulating encryption scenario
*/
func EncryptData() {
// Get algorithm parameters for encryption
let encryptProperties = GetRsaEncryptProperties()
let options: HuksOptions = HuksOptions(
properties: encryptProperties,
inData: StringToUint8Array(plainText) // plainText is the plaintext data to be encrypted
)
// Call initSession to get handle, rsaKeyAlias is the key alias specified during key generation
handle = initSession(rsaKeyAlias, options).handle
// Call finishSession to get encrypted ciphertext
finishSession(handle.getOrThrow(), options)
}
/*
* Simulating decryption scenario
*/
func DecryptData() {
// Get algorithm parameters for decryption
let decryptOptions = GetRsaDecryptProperties()
let options: HuksOptions = HuksOptions(
properties: decryptOptions,
inData: cipherData.getOrThrow() // Encrypted ciphertext data
)
// Call initSession to get handle, rsaKeyAlias is the key alias specified during key generation
handle = initSession(rsaKeyAlias, options).handle
// Call finishSession to get decrypted data
finishSession(handle.getOrThrow(), options)
}
/*
* Simulating key deletion scenario
*/
func DeleteKey() {
let emptyOptions: HuksOptions = HuksOptions()
// Call deleteKeyItem to delete key, rsaKeyAlias is the key alias specified during key generation
deleteKeyItem(rsaKeyAlias, emptyOptions)
}
RSA/ECB/OAEP/SHA256
/*
* The following demonstrates operations using RSA/ECB/OAEP/SHA256 mode
*/
import kit.PerformanceAnalysisKit.Hilog
import kit.BasicServicesKit.*
import kit.CoreFileKit.*
import kit.AbilityKit.*
import kit.UniversalKeystoreKit.*
let rsaKeyAlias = 'test_rsaKeyAlias' // Key alias, specified during key generation, used for encryption, decryption, and key deletion
var handle: ?HuksHandleId = None
let plainText = 'PLAIN_TEXT' // Plaintext to be encrypted
var cipherData: ?Array<UInt8> = [] // Encrypted ciphertext data
func StringToUint8Array(str: String) {
return str.toArray()
}
func Uint8ArrayToString(fileData: Array<UInt8>) {
return String.fromUtf8(fileData)
}
func GetRsaGenerateProperties() {
let properties: Array<HuksParam> = [
HuksParam(
HuksTag.HUKS_TAG_ALGORITHM,
HuksParamValue.Uint32Value(HuksKeyAlg.HUKS_ALG_RSA)
),
HuksParam(
HuksTag.HUKS_TAG_KEY_SIZE,
HuksParamValue.Uint32Value(HuksKeySize.HUKS_RSA_KEY_SIZE_2048)
),
HuksParam(
HuksTag.HUKS_TAG_PURPOSE,
HuksParamValue.Uint32Value(1 | 2)
)
]
return properties
}
func GetRsaEncryptProperties() {
let properties: Array<HuksParam> = [
HuksParam(
HuksTag.HUKS_TAG_ALGORITHM,
HuksParamValue.Uint32Value(HuksKeyAlg.HUKS_ALG_RSA)
),
HuksParam(
HuksTag.HUKS_TAG_KEY_SIZE,
HuksParamValue.Uint32Value(HuksKeySize.HUKS_RSA_KEY_SIZE_2048)
),
HuksParam(
HuksTag.HUKS_TAG_PURPOSE,
HuksParamValue.Uint32Value(HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT)
),
HuksParam(
HuksTag.HUKS_TAG_PADDING,
HuksParamValue.Uint32Value(HuksKeyPadding.HUKS_PADDING_OAEP)
),
HuksParam(
HuksTag.HUKS_TAG_BLOCK_MODE,
HuksParamValue.Uint32Value(HuksCipherMode.HUKS_MODE_ECB)
),
HuksParam(
HuksTag.HUKS_TAG_DIGEST,
HuksParamValue.Uint32Value(HuksKeyDigest.HUKS_DIGEST_SHA256)
)
]
return properties
}
func GetRsaDecryptProperties() {
let properties: Array<HuksParam> = [
HuksParam(
HuksTag.HUKS_TAG_ALGORITHM,
HuksParamValue.Uint32Value(HuksKeyAlg.HUKS_ALG_RSA)
),
HuksParam(
HuksTag.HUKS_TAG_KEY_SIZE,
HuksParamValue.Uint32Value(HuksKeySize.HUKS_RSA_KEY_SIZE_2048)
),
HuksParam(
HuksTag.HUKS_TAG_PURPOSE,
HuksParamValue.Uint32Value(HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT)
),
HuksParam(
HuksTag.HUKS_TAG_PADDING,
HuksParamValue.Uint32Value(HuksKeyPadding.HUKS_PADDING_OAEP)
),
HuksParam(
HuksTag.HUKS_TAG_BOCK_MODE,
HuksParamValue.Uint32Value(HuksCipherMode.HUKS_MODE_ECB)
),
HuksParam(
HuksTag.HUKS_TAG_DIGEST,
HuksParamValue.Uint32Value(HuksKeyDigest.HUKS_DIGEST_SHA256)
)
]
return properties
}
/*
* Simulates key generation scenario
*/
func GenerateRsaKey() {
// Get key generation algorithm parameter configuration
let genProperties = GetRsaGenerateProperties()
let options: HuksOptions = HuksOptions(properties: genProperties, inData: Bytes())
// Call generateKeyItem with rsaKeyAlias (key alias specified during key generation)
generateKeyItem(rsaKeyAlias, options)
}
/*
* Simulates encryption scenario
*/
func EncryptData() {
// Get encryption algorithm parameter configuration
let encryptProperties = GetRsaEncryptProperties()
let options: HuksOptions = HuksOptions(
properties: encryptProperties,
inData: StringToUint8Array(plainText)
)
// Call initSession to get handle, rsaKeyAlias is the key alias specified during key generation
handle = initSession(rsaKeyAlias, options).handle
// Call finishSession to get encrypted ciphertext
finishSession(handle.getOrThrow(), options)
}
/*
* Simulates decryption scenario
*/
func DecryptData() {
// Get decryption algorithm parameter configuration
let decryptOptions = GetRsaDecryptProperties()
let options: HuksOptions = HuksOptions(
properties: decryptOptions,
inData: cipherData.getOrThrow() // Encrypted ciphertext data
)
// Call initSession to get handle, rsaKeyAlias is the key alias specified during key generation
handle = initSession(rsaKeyAlias, options).handle
// Call finishSession to get decrypted data
finishSession(handle.getOrThrow(), options)
}
/*
* Simulates key deletion scenario
*/
func DeleteKey() {
let emptyOptions: HuksOptions = HuksOptions()
// Call deleteKeyItem to delete key, rsaKeyAlias is the key alias specified during key generation
deleteKeyItem(rsaKeyAlias, emptyOptions)
}
SM2
/*
* The following demonstrates operations using SM2 mode
*/
import kit.PerformanceAnalysisKit.Hilog
import kit.BasicServicesKit.*
import kit.CoreFileKit.*
import kit.AbilityKit.*
import kit.UniversalKeystoreKit.*
let sm2KeyAlias = 'test_sm2KeyAlias' // Key alias, specified during key generation, used for encryption, decryption, and key deletion
var handle: ?HuksHandleId = None
let plainText = 'PLAIN_TEXT' // Plaintext to be encrypted
var cipherData: ?Array<UInt8> = [] // Encrypted ciphertext data
func StringToUint8Array(str: String) {
return str.toArray()
}
func Uint8ArrayToString(fileData: Array<UInt8>) {
return String.fromUtf8(fileData)
}
func GetSm2GenerateProperties() {
let properties: Array<HuksParam> = [
HuksParam(
HuksTag.HUKS_TAG_ALGORITHM,
HuksParamValue.Uint32Value(HuksKeyAlg.HUKS_ALG_SM2)
),
HuksParam(
HuksTag.HUKS_TAG_KEY_SIZE,
HuksParamValue.Uint32Value(HuksKeySize.HUKS_SM2_KEY_SIZE_256)
),
HuksParam(
HuksTag.HUKS_TAG_PURPOSE,
HuksParamValue.Uint32Value(1 | 2)
)
]
return properties
}
func GetSm2EncryptProperties() {
let properties: Array<HuksParam> = [
HuksParam(
HuksTag.HUKS_TAG_ALGORITHM,
HuksParamValue.Uint32Value(HuksKeyAlg.HUKS_ALG_SM2)
),
HuksParam(
HuksTag.HUKS_TAG_KEY_SIZE,
HuksParamValue.Uint32Value(HuksKeySize.HUKS_SM2_KEY_SIZE_256)
),
HuksParam(
HuksTag.HUKS_TAG_PURPOSE,
HuksParamValue.Uint32Value(HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT)
),
HuksParam(
HuksTag.HUKS_TAG_DIGEST,
HuksParamValue.Uint32Value(HuksKeyDigest.HUKS_DIGEST_SM3)
)
]
return properties
}
func GetSm2DecryptProperties() {
let properties: Array<HuksParam> = [
HuksParam(
HuksTag.HUKS_TAG_ALGORITHM,
HuksParamValue.Uint32Value(HuksKeyAlg.HUKS_ALG_SM2)
),
HuksParam(
HuksTag.HUKS_TAG_KEY_SIZE,
HuksParamValue.Uint32Value(HuksKeySize.HUKS_SM2_KEY_SIZE_256)
),
HuksParam(
HuksTag.HUKS_TAG_PURPOSE,
HuksParamValue.Uint32Value(HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT)
),
HuksParam(
HuksTag.HUKS_TAG_DIGEST,
HuksParamValue.Uint32Value(HuksKeyDigest.HUKS_DIGEST_SM3)
)
]
return properties
}
/*
* Simulates key generation scenario
*/
func GenerateSm2Key() {
// Get key generation algorithm parameter configuration
let genProperties = GetSm2GenerateProperties()
let options: HuksOptions = HuksOptions(properties: genProperties, inData: Bytes())
// Call generateKeyItem to generate key, sm2KeyAlias is the key alias specified during key generation
generateKeyItem(sm2KeyAlias, options)
}
/*
* Simulates encryption scenario
*/
func EncryptDataSm2() {
// Get encryption algorithm parameter configuration
let encryptProperties = GetSm2EncryptProperties()
let options: HuksOptions = HuksOptions(
properties: encryptProperties,
inData: StringToUint8Array(plainText) // plainText is the plaintext data to be encrypted
)
// Call initSession to get handle, sm2KeyAlias is the key alias specified during key generation
handle = initSession(sm2KeyAlias, options).handle
// Call finishSession to get encrypted ciphertext
finishSession(handle.getOrThrow(), options)
}
/*
* Simulates decryption scenario
*/
func DecryptDataSm2() {
// Get decryption algorithm parameter configuration
let decryptOptions = GetSm2DecryptProperties()
let options: HuksOptions = HuksOptions(
properties: decryptOptions,
inData: cipherData.getOrThrow() // Encrypted ciphertext data
)
// Call initSession to get handle, sm2KeyAlias is the key alias specified during key generation
handle = initSession(sm2KeyAlias, options).handle
// Call finishSession to get decrypted data
finishSession(handle.getOrThrow(), options)
}
/*
* Simulates key deletion scenario
*/
func DeleteKey() {
let emptyOptions: HuksOptions = HuksOptions()
// Call deleteKeyItem to delete key, sm2KeyAlias is the key alias specified during key generation
deleteKeyItem(sm2KeyAlias, emptyOptions)
}