往期鸿蒙全套实战文章必看:(附带鸿蒙全栈学习资料)

使用RSA密钥对分段签名验签(PKCS1模式)(ArkTS)

签名

  1. 调用cryptoFramework.createAsyKeyGeneratorAsyKeyGenerator.generateKeyPair,生成密钥算法为RSA、密钥长度为1024位、素数个数为2的非对称密钥对象(KeyPair),包括公钥(PubKey)和私钥(PriKey)。

    如何生成RSA非对称密钥,开发者可参考下文示例,并结合非对称密钥生成和转换规格:RSA随机生成非对称密钥对理解,参考文档与当前示例可能存在入参差异,请在阅读时注意区分。

  2. 调用cryptoFramework.createSign,指定字符串参数'RSA1024|PKCS1|SHA256',创建非对称密钥类型为RSA1024、填充模式为PKCS1、摘要算法为SHA256的Sign实例,用于完成签名操作。

  3. 调用Sign.init,使用私钥(PriKey)初始化Sign实例。

  4. 将一次传入数据量设置为64字节,多次调用Sign.update,传入待签名的数据。当前单次update长度没有限制,开发者可以根据数据量判断如何调用update。

  5. 调用Sign.sign,生成数据签名。

验签

  1. 调用cryptoFramework.createVerify,指定字符串参数'RSA1024|PKCS1|SHA256',与签名的Sign实例保持一致。创建Verify实例,用于完成验签操作。

  2. 调用Verify.init,使用公钥(PubKey)初始化Verify实例。

  3. 调用Verify.update,传入待验证的数据。当前单次update长度没有限制,开发者可以根据数据量判断如何调用update。

  4. 调用Verify.verify,对数据进行验签。

  • 异步方法示例:

    import { cryptoFramework } from '@kit.CryptoArchitectureKit';
import { buffer } from '@kit.ArkTS';


async function signMessageBySegment(priKey: cryptoFramework.PriKey, plainText: Uint8Array) {
  let signAlg = "RSA1024|PKCS1|SHA256";
  let signer = cryptoFramework.createSign(signAlg);
  await signer.init(priKey);
  let textSplitLen = 64; // 自定义的数据拆分长度,此处取64。
  for (let i = 0; i < plainText.length; i += textSplitLen) {
    let updateMessage = plainText.subarray(i, i + textSplitLen);
    let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage };
    // 分段update。
    await signer.update(updateMessageBlob);
  }
  // 已通过分段传入所有明文,故此处sign传入null。
  let signData = await signer.sign(null);
  return signData;
}
async function verifyMessageBySegment(pubKey: cryptoFramework.PubKey, plainText: Uint8Array, signMessageBlob: cryptoFramework.DataBlob) {
  let verifyAlg = "RSA1024|PKCS1|SHA256";
  let verifier = cryptoFramework.createVerify(verifyAlg);
  await verifier.init(pubKey);
  let textSplitLen = 64; // 自定义的数据拆分长度,此处取64。
  for (let i = 0; i < plainText.length; i += textSplitLen) {
    let updateMessage = plainText.subarray(i, i + textSplitLen);
    let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage };
    // 分段update。
    await verifier.update(updateMessageBlob);
  }
  // 已通过分段传入所有明文,故此处verify第一个参数传入null。
  let res = await verifier.verify(null, signMessageBlob);
  console.info("verify result is " + res);
  return res;
}
async function rsaSignatureBySegment() {
  let message = "This is a long plainText! This is a long plainText! This is a long plainText!" +
    "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" +
    "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" +
    "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" +
    "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" +
    "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" +
    "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" +
    "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!";
  let keyGenAlg = "RSA1024";
  let generator = cryptoFramework.createAsyKeyGenerator(keyGenAlg);
  let keyPair = await generator.generateKeyPair();
  let messageData = new Uint8Array(buffer.from(message, 'utf-8').buffer);
  let signData = await signMessageBySegment(keyPair.priKey, messageData);
  let verifyResult = await verifyMessageBySegment(keyPair.pubKey, messageData, signData);
  if (verifyResult === true) {
    console.info('verify success');
  } else {
    console.error('verify failed');
  }
}

  • 同步方法示例:

    import { cryptoFramework } from '@kit.CryptoArchitectureKit';
import { buffer } from '@kit.ArkTS';


function signMessageBySegment(priKey: cryptoFramework.PriKey, plainText: Uint8Array) {
  let signAlg = "RSA1024|PKCS1|SHA256";
  let signer = cryptoFramework.createSign(signAlg);
  signer.initSync(priKey);
  let textSplitLen = 64; // 自定义的数据拆分长度,此处取64。
  for (let i = 0; i < plainText.length; i += textSplitLen) {
    let updateMessage = plainText.subarray(i, i + textSplitLen);
    let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage };
    // 分段update。
    signer.updateSync(updateMessageBlob);
  }
  // 已通过分段传入所有明文,故此处sign传入null。
  let signData = signer.signSync(null);
  return signData;
}
function verifyMessageBySegment(pubKey: cryptoFramework.PubKey, plainText: Uint8Array, signMessageBlob: cryptoFramework.DataBlob) {
  let verifyAlg = "RSA1024|PKCS1|SHA256";
  let verifier = cryptoFramework.createVerify(verifyAlg);
  verifier.initSync(pubKey);
  let textSplitLen = 64; // 自定义的数据拆分长度,此处取64。
  for (let i = 0; i < plainText.length; i += textSplitLen) {
    let updateMessage = plainText.subarray(i, i + textSplitLen);
    let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage };
    // 分段update。
    verifier.updateSync(updateMessageBlob);
  }
  // 已通过分段传入所有明文,故此处verify第一个参数传入null。
  let res = verifier.verifySync(null, signMessageBlob);
  console.info("verify result is " + res);
  return res;
}
function rsaSignatureBySegment() {
  let message = "This is a long plainText! This is a long plainText! This is a long plainText!" +
    "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" +
    "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" +
    "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" +
    "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" +
    "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" +
    "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" +
    "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!";
  let keyGenAlg = "RSA1024";
  let generator = cryptoFramework.createAsyKeyGenerator(keyGenAlg);
  let keyPair = generator.generateKeyPairSync();
  let messageData = new Uint8Array(buffer.from(message, 'utf-8').buffer);
  let signData = signMessageBySegment(keyPair.priKey, messageData);
  let verifyResult = verifyMessageBySegment(keyPair.pubKey, messageData, signData);
  if (verifyResult === true) {
    console.info('verify success');
  } else {
    console.error('verify failed');
  }
}

# harmonyos # 华为 # 鸿蒙系统 # android # 前端
Logo
HarmonyOS开发者社区

讨论HarmonyOS开发技术,专注于API与组件、DevEco Studio、测试、元服务和应用上架分发等。

更多推荐

cover

鸿蒙5.0开发实战案例:JavaScript页面调用解析

avatar HarmonyOS开发者社区

鸿蒙OH南向开发 小型系统芯片移植指南(二)

LiteOS-A内核移植主要针对ARMv7-a架构芯片,涉及基础适配三部分工作:新增硬件配置参数文件(target_config.h)、定义内存映射数组(g_archMmuInitMapping)和多核处理函数(SmpOps)。移植需遵循内核启动框架的10个层级初始化流程,通过LOS_MODULE_INIT注册模块。验证阶段需确保系统启动后能进入内核态shell并运行基本命令。Linux内核移植则

avatar HarmonyOS开发者社区

鸿蒙列表新的实现方式

鸿蒙系统推出了全新的列表组件Repeat,相比之前的ForEach和LazyForEach,Repeat性能更优且使用更简便。Repeat基于数组数据循环渲染,需与List、Grid等滚动容器配合使用,支持.each()单模板和.template()多模板渲染方式,提供条件渲染能力并通过virtualScroll实现懒加载优化性能。

avatar HarmonyOS开发者社区