1# 使用RSA密钥对分段签名验签(PKCS1模式)(ArkTS) 2 3对应的算法规格请查看[签名验签算法规格:RSA](crypto-sign-sig-verify-overview.md#rsa)。 4 5**签名** 6 71. 调用[cryptoFramework.createAsyKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateasykeygenerator)、[AsyKeyGenerator.generateKeyPair](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatekeypair-1),生成密钥算法为RSA、密钥长度为1024位、素数个数为2的非对称密钥对象(KeyPair),包括公钥(PubKey)和私钥(PriKey)。 8 9 如何生成RSA非对称密钥,开发者可参考下文示例,并结合[非对称密钥生成和转换规格:RSA](crypto-asym-key-generation-conversion-spec.md#rsa)和[随机生成非对称密钥对](crypto-generate-asym-key-pair-randomly.md)理解,参考文档与当前示例可能存在入参差异,请在阅读时注意区分。 10 112. 调用[cryptoFramework.createSign](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatesign),指定字符串参数'RSA1024|PKCS1|SHA256',创建非对称密钥类型为RSA1024、填充模式为PKCS1、摘要算法为SHA256的Sign实例,用于完成签名操作。 12 133. 调用[Sign.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-3),使用私钥(PriKey)初始化Sign实例。 14 154. 将一次传入数据量设置为64字节,多次调用[Sign.update](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#update-3),传入待签名的数据。当前单次update长度没有限制,开发者可以根据数据量判断如何调用update。 16 175. 调用[Sign.sign](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#sign-1),生成数据签名。 18 19**验签** 20 211. 调用[cryptoFramework.createVerify](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateverify),指定字符串参数'RSA1024|PKCS1|SHA256',与签名的Sign实例保持一致。创建Verify实例,用于完成验签操作。 22 232. 调用[Verify.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-5),使用公钥(PubKey)初始化Verify实例。 24 253. 调用[Verify.update](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#update-5),传入待验证的数据。当前单次update长度没有限制,开发者可以根据数据量判断如何调用update。 26 274. 调用[Verify.verify](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#verify-1),对数据进行验签。 28 29- 异步方法示例: 30 31 ```ts 32 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 33 import { buffer } from '@kit.ArkTS'; 34 35 async function signMessageBySegment(priKey: cryptoFramework.PriKey, plainText: Uint8Array) { 36 let signAlg = "RSA1024|PKCS1|SHA256"; 37 let signer = cryptoFramework.createSign(signAlg); 38 await signer.init(priKey); 39 let textSplitLen = 64; // 自定义的数据拆分长度,此处取64。 40 for (let i = 0; i < plainText.length; i += textSplitLen) { 41 let updateMessage = plainText.subarray(i, i + textSplitLen); 42 let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage }; 43 // 分段update。 44 await signer.update(updateMessageBlob); 45 } 46 // 已通过分段传入所有明文,故此处sign传入null。 47 let signData = await signer.sign(null); 48 return signData; 49 } 50 async function verifyMessagBySegment(pubKey: cryptoFramework.PubKey, plainText: Uint8Array, signMessageBlob: cryptoFramework.DataBlob) { 51 let verifyAlg = "RSA1024|PKCS1|SHA256"; 52 let verifier = cryptoFramework.createVerify(verifyAlg); 53 await verifier.init(pubKey); 54 let textSplitLen = 64; // 自定义的数据拆分长度,此处取64。 55 for (let i = 0; i < plainText.length; i += textSplitLen) { 56 let updateMessage = plainText.subarray(i, i + textSplitLen); 57 let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage }; 58 // 分段update。 59 await verifier.update(updateMessageBlob); 60 } 61 // 已通过分段传入所有明文,故此处verify第一个参数传入null。 62 let res = await verifier.verify(null, signMessageBlob); 63 console.info("verify result is " + res); 64 return res; 65 } 66 async function rsaSignatureBySegment() { 67 let message = "This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 68 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 69 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 70 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 71 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 72 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 73 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 74 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!"; 75 let keyGenAlg = "RSA1024"; 76 let generator = cryptoFramework.createAsyKeyGenerator(keyGenAlg); 77 let keyPair = await generator.generateKeyPair(); 78 let messageData = new Uint8Array(buffer.from(message, 'utf-8').buffer); 79 let signData = await signMessageBySegment(keyPair.priKey, messageData); 80 let verifyResult = await verifyMessagBySegment(keyPair.pubKey, messageData, signData); 81 if (verifyResult === true) { 82 console.info('verify success'); 83 } else { 84 console.error('verify failed'); 85 } 86 } 87 ``` 88 89- 同步方法示例: 90 91 ```ts 92 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 93 import { buffer } from '@kit.ArkTS'; 94 95 function signMessageBySegment(priKey: cryptoFramework.PriKey, plainText: Uint8Array) { 96 let signAlg = "RSA1024|PKCS1|SHA256"; 97 let signer = cryptoFramework.createSign(signAlg); 98 signer.initSync(priKey); 99 let textSplitLen = 64; // 自定义的数据拆分长度,此处取64。 100 for (let i = 0; i < plainText.length; i += textSplitLen) { 101 let updateMessage = plainText.subarray(i, i + textSplitLen); 102 let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage }; 103 // 分段update。 104 signer.updateSync(updateMessageBlob); 105 } 106 // 已通过分段传入所有明文,故此处sign传入null。 107 let signData = signer.signSync(null); 108 return signData; 109 } 110 function verifyMessagBySegment(pubKey: cryptoFramework.PubKey, plainText: Uint8Array, signMessageBlob: cryptoFramework.DataBlob) { 111 let verifyAlg = "RSA1024|PKCS1|SHA256"; 112 let verifier = cryptoFramework.createVerify(verifyAlg); 113 verifier.initSync(pubKey); 114 let textSplitLen = 64; // 自定义的数据拆分长度,此处取64。 115 for (let i = 0; i < plainText.length; i += textSplitLen) { 116 let updateMessage = plainText.subarray(i, i + textSplitLen); 117 let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage }; 118 // 分段update。 119 verifier.updateSync(updateMessageBlob); 120 } 121 // 已通过分段传入所有明文,故此处verify第一个参数传入null。 122 let res = verifier.verifySync(null, signMessageBlob); 123 console.info("verify result is " + res); 124 return res; 125 } 126 function rsaSignatureBySegment() { 127 let message = "This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 128 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 129 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 130 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 131 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 132 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 133 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 134 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!"; 135 let keyGenAlg = "RSA1024"; 136 let generator = cryptoFramework.createAsyKeyGenerator(keyGenAlg); 137 let keyPair = generator.generateKeyPairSync(); 138 let messageData = new Uint8Array(buffer.from(message, 'utf-8').buffer); 139 let signData = signMessageBySegment(keyPair.priKey, messageData); 140 let verifyResult = verifyMessagBySegment(keyPair.pubKey, messageData, signData); 141 if (verifyResult === true) { 142 console.info('verify success'); 143 } else { 144 console.error('verify failed'); 145 } 146 } 147 ``` 148