1# Encryption and Decryption with an AES Symmetric Key (CBC Mode) (ArkTS) 2 3 4For details about the algorithm specifications, see [AES](crypto-sym-encrypt-decrypt-spec.md#aes). 5 6 7**Encryption** 8 9 101. Call [cryptoFramework.createSymKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatesymkeygenerator) and [SymKeyGenerator.generateSymKey](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatesymkey-1) to generate a 128-bit AES symmetric key (**SymKey**). 11 12 In addition to the example in this topic, [AES](crypto-sym-key-generation-conversion-spec.md#aes) and [Randomly Generating a Symmetric Key](crypto-generate-sym-key-randomly.md) may help you better understand how to generate an AES symmetric key. Note that the input parameters in the reference documents may be different from those in the example below. 13 142. Call [cryptoFramework.createCipher](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatecipher) with the string parameter **'AES128|CBC|PKCS7'** to create a **Cipher** instance for encryption. The key type is **AES128**, block cipher mode is **CBC**, and the padding mode is **PKCS7**. 15 163. Call [Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1) to initialize the **Cipher** instance. In the **Cipher.init** API, set **opMode** to **CryptoMode.ENCRYPT_MODE** (encryption), **key** to **SymKey** (the key for encryption), and **params** to **IvParamsSpec** corresponding to the CBC mode. 17 184. If a small amount of data is to be encrypted, you can use [Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1) after **Cipher.init** to obtain the encrypted data. 19 20 21**Decryption** 22 231. Call [cryptoFramework.createCipher](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatecipher) with the string parameter **'AES128|CBC|PKCS7'** to create a **Cipher** instance for decryption. The key type is **AES128**, block cipher mode is **CBC**, and the padding mode is **PKCS7**. 24 252. Call [Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1) to initialize the **Cipher** instance. In the **Cipher.init** API, set **opMode** to **CryptoMode.DECRYPT_MODE** (decryption), **key** to **SymKey** (the key for decryption), and **params** to **IvParamsSpec** corresponding to the CBC mode. 26 273. If a small amount of data is to be decrypted, you can use [Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1) after **Cipher.init** to obtain the decrypted data. 28 29 30- Example (using asynchronous APIs): 31 32 ```ts 33 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 34 import { buffer } from '@kit.ArkTS'; 35 36 function generateRandom(len: number) { 37 let rand = cryptoFramework.createRandom(); 38 let generateRandSync = rand.generateRandomSync(len); 39 return generateRandSync; 40 } 41 42 function genIvParamsSpec() { 43 let ivBlob = generateRandom(16); 44 let ivParamsSpec: cryptoFramework.IvParamsSpec = { 45 algName: "IvParamsSpec", 46 iv: ivBlob 47 }; 48 return ivParamsSpec; 49 } 50 let iv = genIvParamsSpec(); 51 // Encrypt the message. 52 async function encryptMessagePromise(symKey: cryptoFramework.SymKey, plainText: cryptoFramework.DataBlob) { 53 let cipher = cryptoFramework.createCipher('AES128|CBC|PKCS7'); 54 await cipher.init(cryptoFramework.CryptoMode.ENCRYPT_MODE, symKey, iv); 55 let cipherData = await cipher.doFinal(plainText); 56 return cipherData; 57 } 58 // Decrypt the message. 59 async function decryptMessagePromise(symKey: cryptoFramework.SymKey, cipherText: cryptoFramework.DataBlob) { 60 let decoder = cryptoFramework.createCipher('AES128|CBC|PKCS7'); 61 await decoder.init(cryptoFramework.CryptoMode.DECRYPT_MODE, symKey, iv); 62 let decryptData = await decoder.doFinal(cipherText); 63 return decryptData; 64 } 65 66 async function genSymKeyByData(symKeyData: Uint8Array) { 67 let symKeyBlob: cryptoFramework.DataBlob = { data: symKeyData }; 68 let aesGenerator = cryptoFramework.createSymKeyGenerator('AES128'); 69 let symKey = await aesGenerator.convertKey(symKeyBlob); 70 console.info('convertKey success'); 71 return symKey; 72 } 73 74 async function aesCBC() { 75 try { 76 let keyData = new Uint8Array([83, 217, 231, 76, 28, 113, 23, 219, 250, 71, 209, 210, 205, 97, 32, 159]); 77 let symKey = await genSymKeyByData(keyData); 78 let message = "This is a test"; 79 let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) }; 80 let encryptText = await encryptMessagePromise(symKey, plainText); 81 let decryptText = await decryptMessagePromise(symKey, encryptText); 82 if (plainText.data.toString() === decryptText.data.toString()) { 83 console.info('decrypt ok'); 84 console.info('decrypt plainText: ' + buffer.from(decryptText.data).toString('utf-8')); 85 } else { 86 console.error('decrypt failed'); 87 } 88 } catch (error) { 89 console.error(`AES CBC "${error}", error code: ${error.code}`); 90 } 91 } 92 ``` 93 94- Example (using synchronous APIs): 95 96 ```ts 97 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 98 import { buffer } from '@kit.ArkTS'; 99 100 function generateRandom(len: number) { 101 let rand = cryptoFramework.createRandom(); 102 let generateRandSync = rand.generateRandomSync(len); 103 return generateRandSync; 104 } 105 106 function genIvParamsSpec() { 107 let ivBlob = generateRandom(16); 108 let ivParamsSpec: cryptoFramework.IvParamsSpec = { 109 algName: "IvParamsSpec", 110 iv: ivBlob 111 }; 112 return ivParamsSpec; 113 } 114 let iv = genIvParamsSpec(); 115 // Encrypt the message. 116 function encryptMessage(symKey: cryptoFramework.SymKey, plainText: cryptoFramework.DataBlob) { 117 let cipher = cryptoFramework.createCipher('AES128|CBC|PKCS7'); 118 cipher.initSync(cryptoFramework.CryptoMode.ENCRYPT_MODE, symKey, iv); 119 let cipherData = cipher.doFinalSync(plainText); 120 return cipherData; 121 } 122 // Decrypt the message. 123 function decryptMessage(symKey: cryptoFramework.SymKey, cipherText: cryptoFramework.DataBlob) { 124 let decoder = cryptoFramework.createCipher('AES128|CBC|PKCS7'); 125 decoder.initSync(cryptoFramework.CryptoMode.DECRYPT_MODE, symKey, iv); 126 let decryptData = decoder.doFinalSync(cipherText); 127 return decryptData; 128 } 129 130 function genSymKeyByData(symKeyData: Uint8Array) { 131 let symKeyBlob: cryptoFramework.DataBlob = { data: symKeyData }; 132 let aesGenerator = cryptoFramework.createSymKeyGenerator('AES128'); 133 let symKey = aesGenerator.convertKeySync(symKeyBlob); 134 console.info('convertKeySync success'); 135 return symKey; 136 } 137 138 function main() { 139 try { 140 let keyData = new Uint8Array([83, 217, 231, 76, 28, 113, 23, 219, 250, 71, 209, 210, 205, 97, 32, 159]); 141 let symKey = genSymKeyByData(keyData); 142 let message = "This is a test"; 143 let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) }; 144 let encryptText = encryptMessage(symKey, plainText); 145 let decryptText = decryptMessage(symKey, encryptText); 146 if (plainText.data.toString() === decryptText.data.toString()) { 147 console.info('decrypt ok'); 148 console.info('decrypt plainText: ' + buffer.from(decryptText.data).toString('utf-8')); 149 } else { 150 console.error('decrypt failed'); 151 } 152 } catch (error) { 153 console.error(`AES CBC "${error}", error code: ${error.code}`); 154 } 155 } 156 ``` 157