1# 使用RSA密钥对(PKCS1模式)签名及签名恢复(ArkTS) 2 3对应的算法规格请查看[签名验签算法规格:RSA](crypto-sign-sig-verify-overview.md#rsa)。 4 5**签名** 6 71. 调用[cryptoFramework.createAsyKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateasykeygenerator)、[AsyKeyGenerator.generateKeyPair](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatekeypair-1),生成密钥算法为RSA、密钥长度为1024位、素数个数为2的非对称密钥对象(KeyPair),包括公钥(PubKey)和私钥(PriKey)。 8 9 如何生成RSA非对称密钥,开发者可参考下文示例,并结合[非对称密钥生成和转换规格:RSA](crypto-asym-key-generation-conversion-spec.md#rsa)和[随机生成非对称密钥对](crypto-generate-asym-key-pair-randomly.md)理解,参考文档与当前示例可能存在入参差异,请在阅读时注意区分。 10 112. 调用[cryptoFramework.createSign](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatesign),指定字符串参数'RSA1024|PKCS1|SHA256|SignOnly',创建非对称密钥类型为RSA1024、填充模式为PKCS1、摘要算法为SHA256的Sign实例,用于完成仅签名操作。 12 133. 调用[Sign.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-3),使用私钥(PriKey)初始化Sign实例。 14 154. 调用[Sign.sign](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#sign-1),生成数据签名。 16 17**验签** 18 191. 调用[cryptoFramework.createVerify](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateverify),指定字符串参数'RSA1024|PKCS1|SHA256|Recover',与签名的Sign实例保持一致。创建Verify实例,用于完成验签操作。 20 212. 调用[Verify.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-5),使用公钥(PubKey)初始化Verify实例。 22 233. 调用[Verify.recover](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#recover12),对数据进行签名恢复。 24 25- 异步方法示例: 26 27 ```ts 28 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 29 import { buffer } from '@kit.ArkTS'; 30 // 完整的明文被拆分为input1和input2。 31 let input1: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from("This is Sign test plan1", 'utf-8').buffer) }; 32 async function signMessagePromise(priKey: cryptoFramework.PriKey) { 33 let signAlg = "RSA1024|PKCS1|NoHash|OnlySign"; 34 let signer = cryptoFramework.createSign(signAlg); 35 await signer.init(priKey); 36 let signData = await signer.sign(input1); 37 return signData; 38 } 39 async function verifyMessagePromise(signMessageBlob: cryptoFramework.DataBlob, pubKey: cryptoFramework.PubKey) { 40 let verifyAlg = "RSA1024|PKCS1|NoHash|Recover"; 41 let verifier = cryptoFramework.createVerify(verifyAlg); 42 await verifier.init(pubKey); 43 let rawSignData = await verifier.recover(signMessageBlob); 44 return rawSignData; 45 } 46 async function main() { 47 let keyGenAlg = "RSA1024"; 48 let generator = cryptoFramework.createAsyKeyGenerator(keyGenAlg); 49 let keyPair = await generator.generateKeyPair(); 50 let signData = await signMessagePromise(keyPair.priKey); 51 let rawSignData = await verifyMessagePromise(signData, keyPair.pubKey); 52 if (rawSignData !== null) { 53 console.info('recover result: ' + rawSignData.data); 54 } else { 55 console.error("get verify recover result fail!"); 56 } 57 } 58 ``` 59 60- 同步方法示例: 61 62 ```ts 63 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 64 import { buffer } from '@kit.ArkTS'; 65 // 完整的明文被拆分为input1和input2。 66 let input1: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from("This is Sign test plan1", 'utf-8').buffer) }; 67 function signMessagePromise(priKey: cryptoFramework.PriKey) { 68 let signAlg = "RSA1024|PKCS1|NoHash|OnlySign"; 69 let signer = cryptoFramework.createSign(signAlg); 70 signer.initSync(priKey); 71 let signData = signer.signSync(input1); 72 return signData; 73 } 74 function verifyMessagePromise(signMessageBlob: cryptoFramework.DataBlob, pubKey: cryptoFramework.PubKey) { 75 let verifyAlg = "RSA1024|PKCS1|NoHash|Recover"; 76 let verifier = cryptoFramework.createVerify(verifyAlg); 77 verifier.initSync(pubKey); 78 let rawSignData = verifier.recoverSync(signMessageBlob); 79 return rawSignData; 80 } 81 function main() { 82 let keyGenAlg = "RSA1024"; 83 let generator = cryptoFramework.createAsyKeyGenerator(keyGenAlg); 84 let keyPair = generator.generateKeyPairSync(); 85 let signData = signMessagePromise(keyPair.priKey); 86 let rawSignData = verifyMessagePromise(signData, keyPair.pubKey); 87 if (rawSignData !== null) { 88 console.info('recover result: ' + rawSignData.data); 89 } else { 90 console.error("get verify recover result fail!"); 91 } 92 } 93 ``` 94