• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# 使用RSA非对称密钥分段加解密
2
3对应的算法规格请查看[非对称密钥加解密算法规格:RSA](crypto-asym-encrypt-decrypt-spec.md#rsa)。
4
5**加密**
6
71. 调用[cryptoFramework.createAsyKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateasykeygenerator)、[AsyKeyGenerator.generateKeyPair](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatekeypair-1),生成RSA密钥类型为RSA1024、素数个数为2(不填默认)的非对称密钥对(KeyPair)。KeyPair对象中包括公钥PubKey、私钥PriKey。
8
9   如何生成RSA非对称密钥对,开发者可参考下文示例,并结合[非对称密钥生成和转换规格:RSA](crypto-asym-key-generation-conversion-spec.md#rsa)和[随机生成非对称密钥对](crypto-generate-asym-key-pair-randomly.md)理解,参考文档与当前示例可能存在入参差异,请在阅读时注意区分。
10
112. 调用[cryptoFramework.createCipher](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatecipher),指定字符串参数'RSA1024|PKCS1',创建非对称密钥类型为RSA1024、填充模式为PKCS1的Cipher实例,用于完成加解密操作。
12
133. 调用[Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1),设置模式为加密(CryptoMode.ENCRYPT_MODE),指定加密密钥(KeyPair.PubKey),初始化加密Cipher实例。
14
154. 多次调用[Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1),传入明文,获取加密后的数据。
16
17   doFinal输出结果可能为null,在访问具体数据前,需要先判断结果是否为null,避免产生异常。
18
19   此处将明文按64个字节一组拆分,多次加密。使用1024位密钥,每次将生成128字节密文。
20
21**解密**
22
231. 由于RSA算法的Cipher实例不支持重复init操作,需要调用[cryptoFramework.createCipher](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatecipher),重新生成Cipher实例。
24
252. 调用[Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1),设置模式为解密(CryptoMode.DECRYPT_MODE),指定解密密钥(KeyPair.PriKey)初始化解密Cipher实例。PKCS1模式无加密参数,直接传入null。
26
273. 多次调用[Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1),传入密文,获取解密后的数据。
28
29- 异步方法示例:
30
31  ```ts
32  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
33  import { buffer } from '@kit.ArkTS';
34  // 分段加密消息。
35  async function rsaEncryptBySegment(pubKey: cryptoFramework.PubKey, plainText: cryptoFramework.DataBlob) {
36    let cipher = cryptoFramework.createCipher('RSA1024|PKCS1');
37    await cipher.init(cryptoFramework.CryptoMode.ENCRYPT_MODE, pubKey, null);
38    let plainTextSplitLen = 64;
39    let cipherText = new Uint8Array();
40    for (let i = 0; i < plainText.data.length; i += plainTextSplitLen ) {
41      let updateMessage = plainText.data.subarray(i, i + plainTextSplitLen );
42      let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage };
43      // 将原文按64字符进行拆分,循环调用doFinal进行加密,使用1024bit密钥时,每次加密生成128字节长度的密文。
44      let updateOutput = await cipher.doFinal(updateMessageBlob);
45      let mergeText = new Uint8Array(cipherText.length + updateOutput.data.length);
46      mergeText.set(cipherText);
47      mergeText.set(updateOutput.data, cipherText.length);
48      cipherText = mergeText;
49    }
50    let cipherBlob: cryptoFramework.DataBlob = { data: cipherText };
51    return cipherBlob;
52  }
53  // 分段解密消息。
54  async function rsaDecryptBySegment(priKey: cryptoFramework.PriKey, cipherText: cryptoFramework.DataBlob) {
55    let decoder = cryptoFramework.createCipher('RSA1024|PKCS1');
56    await decoder.init(cryptoFramework.CryptoMode.DECRYPT_MODE, priKey, null);
57    let cipherTextSplitLen = 128; // RSA密钥每次加密生成的密文字节长度计算方式:密钥位数/8。
58    let decryptText = new Uint8Array();
59    for (let i = 0; i < cipherText.data.length; i += cipherTextSplitLen) {
60      let updateMessage = cipherText.data.subarray(i, i + cipherTextSplitLen);
61      let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage };
62      // 将密文按128字节进行拆分解密,得到原文后进行拼接。
63      let updateOutput = await decoder.doFinal(updateMessageBlob);
64      let mergeText = new Uint8Array(decryptText.length + updateOutput.data.length);
65      mergeText.set(decryptText);
66      mergeText.set(updateOutput.data, decryptText.length);
67      decryptText = mergeText;
68    }
69    let decryptBlob: cryptoFramework.DataBlob = { data: decryptText };
70    return decryptBlob;
71  }
72  async function rsaEncryptLongMessage() {
73    let message = "This is a long plainTest! This is a long plainTest! This is a long plainTest!" +
74      "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" +
75      "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" +
76      "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" +
77      "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" +
78      "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" +
79      "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" +
80      "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!";
81    let asyKeyGenerator = cryptoFramework.createAsyKeyGenerator("RSA1024"); // 创建非对称密钥生成器对象。
82    let keyPair = await asyKeyGenerator.generateKeyPair(); // 随机生成RSA密钥。
83    let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) };
84    let encryptText = await rsaEncryptBySegment(keyPair.pubKey, plainText);
85    let decryptText = await rsaDecryptBySegment(keyPair.priKey, encryptText);
86    if (plainText.data.toString() === decryptText.data.toString()) {
87      console.info('decrypt ok');
88      console.info('decrypt plainText: ' + buffer.from(decryptText.data).toString('utf-8'));
89    } else {
90      console.error('decrypt failed');
91    }
92  }
93  ```
94
95- 同步方法示例:
96
97  ```ts
98  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
99  import { buffer } from '@kit.ArkTS';
100  // 分段加密消息。
101  function rsaEncryptBySegment(pubKey: cryptoFramework.PubKey, plainText: cryptoFramework.DataBlob) {
102    let cipher = cryptoFramework.createCipher('RSA1024|PKCS1');
103    cipher.initSync(cryptoFramework.CryptoMode.ENCRYPT_MODE, pubKey, null);
104    let plainTextSplitLen = 64;
105    let cipherText = new Uint8Array();
106    for (let i = 0; i < plainText.data.length; i += plainTextSplitLen ) {
107      let updateMessage = plainText.data.subarray(i, i + plainTextSplitLen );
108      let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage };
109      // 将原文按64字符进行拆分,循环调用doFinal进行加密,使用1024bit密钥时,每次加密生成128字节长度的密文。
110      let updateOutput = cipher.doFinalSync(updateMessageBlob);
111      let mergeText = new Uint8Array(cipherText.length + updateOutput.data.length);
112      mergeText.set(cipherText);
113      mergeText.set(updateOutput.data, cipherText.length);
114      cipherText = mergeText;
115    }
116    let cipherBlob: cryptoFramework.DataBlob = { data: cipherText };
117    return cipherBlob;
118  }
119  // 分段解密消息。
120  function rsaDecryptBySegment(priKey: cryptoFramework.PriKey, cipherText: cryptoFramework.DataBlob) {
121    let decoder = cryptoFramework.createCipher('RSA1024|PKCS1');
122    decoder.initSync(cryptoFramework.CryptoMode.DECRYPT_MODE, priKey, null);
123    let cipherTextSplitLen = 128; // RSA密钥每次加密生成的密文字节长度计算方式:密钥位数/8。
124    let decryptText = new Uint8Array();
125    for (let i = 0; i < cipherText.data.length; i += cipherTextSplitLen) {
126      let updateMessage = cipherText.data.subarray(i, i + cipherTextSplitLen);
127      let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage };
128      // 将密文按128字节进行拆分解密,得到原文后进行拼接。
129      let updateOutput = decoder.doFinalSync(updateMessageBlob);
130      let mergeText = new Uint8Array(decryptText.length + updateOutput.data.length);
131      mergeText.set(decryptText);
132      mergeText.set(updateOutput.data, decryptText.length);
133      decryptText = mergeText;
134    }
135    let decryptBlob: cryptoFramework.DataBlob = { data: decryptText };
136    return decryptBlob;
137  }
138  function main() {
139    let message = "This is a long plainTest! This is a long plainTest! This is a long plainTest!" +
140      "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" +
141      "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" +
142      "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" +
143      "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" +
144      "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" +
145      "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" +
146      "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!";
147    let asyKeyGenerator = cryptoFramework.createAsyKeyGenerator("RSA1024"); // 创建非对称密钥生成器对象。
148    let keyPair = asyKeyGenerator.generateKeyPairSync(); // 随机生成RSA密钥。
149    let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) };
150    let encryptText = rsaEncryptBySegment(keyPair.pubKey, plainText);
151    let decryptText = rsaDecryptBySegment(keyPair.priKey, encryptText);
152    if (plainText.data.toString() === decryptText.data.toString()) {
153      console.info('decrypt ok');
154      console.info('decrypt plainText: ' + buffer.from(decryptText.data).toString('utf-8'));
155    } else {
156      console.error('decrypt failed');
157    }
158  }
159  ```