• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# 使用SM2非对称密钥加解密
2
3对应的算法规格请查看[非对称密钥加解密算法规格:SM2](crypto-asym-encrypt-decrypt-spec.md#sm2)。
4
5**加密**
6
71. 调用[cryptoFramework.createAsyKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateasykeygenerator)、[AsyKeyGenerator.generateKeyPair](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatekeypair-1),生成RSA密钥类型为SM2_256的非对称密钥对(KeyPair)。KeyPair对象中包括公钥PubKey、私钥PriKey。
8
9   如何生成SM2非对称密钥对,开发者可参考下文示例,并结合[非对称密钥生成和转换规格:SM2](crypto-asym-key-generation-conversion-spec.md#sm2)和[随机生成非对称密钥对](crypto-generate-asym-key-pair-randomly.md)理解,参考文档与当前示例可能存在入参差异,请在阅读时注意区分。
10
112. 调用[cryptoFramework.createCipher](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatecipher),指定字符串参数'SM2_256|SM3',创建非对称密钥类型为SM2_256、摘要算法为SM3的Cipher实例,用于完成加解密操作。
12
133. 调用[Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1),设置模式为加密(CryptoMode.ENCRYPT_MODE),指定加密密钥(KeyPair.PubKey),初始化加密Cipher实例。
14
15   非对称密钥无加密参数,直接传入null。
16
174. 调用[Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1),传入明文,获取加密后的数据。
18
19   - doFinal输出结果可能为null,在访问具体数据前,需要先判断结果是否为null,避免产生异常。
20   - 当数据量较大时,可以多次调用doFinal,即分段加解密。
21
22**解密**
23
241. 由于SM2算法的Cipher实例不支持重复init操作,需要调用[cryptoFramework.createCipher](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatecipher),重新生成Cipher实例。
25
262. 调用[Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1),设置模式为解密(CryptoMode.DECRYPT_MODE),指定解密密钥(KeyPair.PriKey)初始化解密Cipher实例。SM2无加密参数,直接传入null。
27
283. 调用[Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1),传入密文,获取解密后的数据。
29
30- 异步方法示例:
31
32  ```ts
33  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
34  import { buffer } from '@kit.ArkTS';
35
36  // 加密消息。
37  async function encryptMessagePromise(publicKey: cryptoFramework.PubKey, plainText: cryptoFramework.DataBlob) {
38    let cipher = cryptoFramework.createCipher('SM2_256|SM3');
39    await cipher.init(cryptoFramework.CryptoMode.ENCRYPT_MODE, publicKey, null);
40    let encryptData = await cipher.doFinal(plainText);
41    return encryptData;
42  }
43  // 解密消息。
44  async function decryptMessagePromise(privateKey: cryptoFramework.PriKey, cipherText: cryptoFramework.DataBlob) {
45    let decoder = cryptoFramework.createCipher('SM2_256|SM3');
46    await decoder.init(cryptoFramework.CryptoMode.DECRYPT_MODE, privateKey, null);
47    let decryptData = await decoder.doFinal(cipherText);
48    return decryptData;
49  }
50  // 生成SM2密钥对。
51  async function genKeyPairByData(pubKeyData: Uint8Array, priKeyData: Uint8Array) {
52    let pubKeyBlob: cryptoFramework.DataBlob = { data: pubKeyData };
53    let priKeyBlob: cryptoFramework.DataBlob = { data: priKeyData };
54    let sm2Generator = cryptoFramework.createAsyKeyGenerator('SM2_256');
55    let keyPair = await sm2Generator.convertKey(pubKeyBlob, priKeyBlob);
56    console.info('convertKey success');
57    return keyPair;
58  }
59  async function main() {
60    let pkData = new Uint8Array([48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 129, 28, 207, 85, 1, 130, 45, 3, 66, 0, 4, 90, 3, 58, 157, 190, 248, 76, 7, 132, 200, 151, 208, 112, 230, 96, 140, 90, 238, 211, 155, 128, 109, 248, 40, 83, 214, 78, 42, 104, 106, 55, 148, 249, 35, 61, 32, 221, 135, 143, 100, 45, 97, 194, 176, 52, 73, 136, 174, 40, 70, 70, 34, 103, 103, 161, 99, 27, 187, 13, 187, 109, 244, 13, 7]);
61    let skData = new Uint8Array([48, 49, 2, 1, 1, 4, 32, 54, 41, 239, 240, 63, 188, 134, 113, 31, 102, 149, 203, 245, 89, 15, 15, 47, 202, 170, 60, 38, 154, 28, 169, 189, 100, 251, 76, 112, 223, 156, 159, 160, 10, 6, 8, 42, 129, 28, 207, 85, 1, 130, 45]);
62    let keyPair = await genKeyPairByData(pkData, skData);
63    let pubKey = keyPair.pubKey;
64    let priKey = keyPair.priKey;
65    let message = 'This is a test';
66    // 把字符串按utf-8解码为Uint8Array。
67    let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) };
68    let encryptText = await encryptMessagePromise(pubKey, plainText);
69    let decryptText = await decryptMessagePromise(priKey, encryptText);
70    if (plainText.data.toString() === decryptText.data.toString()) {
71      console.info('decrypt ok');
72      // 把Uint8Array按utf-8编码为字符串。
73      let messageDecrypted = buffer.from(decryptText.data).toString('utf-8');
74      console.info('decrypted result string:' + messageDecrypted);
75    } else {
76      console.error('decrypt failed');
77    }
78  }
79  ```
80
81- 同步方法示例:
82
83  ```ts
84  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
85  import { buffer } from '@kit.ArkTS';
86
87  // 加密消息。
88  function encryptMessage(publicKey: cryptoFramework.PubKey, plainText: cryptoFramework.DataBlob) {
89    let cipher = cryptoFramework.createCipher('SM2_256|SM3');
90    cipher.initSync(cryptoFramework.CryptoMode.ENCRYPT_MODE, publicKey, null);
91    let encryptData = cipher.doFinalSync(plainText);
92    return encryptData;
93  }
94  // 解密消息。
95  function decryptMessage(privateKey: cryptoFramework.PriKey, cipherText: cryptoFramework.DataBlob) {
96    let decoder = cryptoFramework.createCipher('SM2_256|SM3');
97    decoder.initSync(cryptoFramework.CryptoMode.DECRYPT_MODE, privateKey, null);
98    let decryptData = decoder.doFinalSync(cipherText);
99    return decryptData;
100  }
101  // 生成SM2密钥对。
102  function genKeyPairByData(pubKeyData: Uint8Array, priKeyData: Uint8Array) {
103    let pubKeyBlob: cryptoFramework.DataBlob = { data: pubKeyData };
104    let priKeyBlob: cryptoFramework.DataBlob = { data: priKeyData };
105    let sm2Generator = cryptoFramework.createAsyKeyGenerator('SM2_256');
106    let keyPair = sm2Generator.convertKeySync(pubKeyBlob, priKeyBlob);
107    console.info('convertKeySync success');
108    return keyPair;
109  }
110  function main() {
111    let pkData = new Uint8Array([48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 129, 28, 207, 85, 1, 130, 45, 3, 66, 0, 4, 90, 3, 58, 157, 190, 248, 76, 7, 132, 200, 151, 208, 112, 230, 96, 140, 90, 238, 211, 155, 128, 109, 248, 40, 83, 214, 78, 42, 104, 106, 55, 148, 249, 35, 61, 32, 221, 135, 143, 100, 45, 97, 194, 176, 52, 73, 136, 174, 40, 70, 70, 34, 103, 103, 161, 99, 27, 187, 13, 187, 109, 244, 13, 7]);
112    let skData = new Uint8Array([48, 49, 2, 1, 1, 4, 32, 54, 41, 239, 240, 63, 188, 134, 113, 31, 102, 149, 203, 245, 89, 15, 15, 47, 202, 170, 60, 38, 154, 28, 169, 189, 100, 251, 76, 112, 223, 156, 159, 160, 10, 6, 8, 42, 129, 28, 207, 85, 1, 130, 45]);
113    let keyPair = genKeyPairByData(pkData, skData);
114    let pubKey = keyPair.pubKey;
115    let priKey = keyPair.priKey;
116    let message = 'This is a test';
117    // 把字符串按utf-8解码为Uint8Array。
118    let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) };
119    let encryptText = encryptMessage(pubKey, plainText);
120    let decryptText = decryptMessage(priKey, encryptText);
121    if (plainText.data.toString() === decryptText.data.toString()) {
122      console.info('decrypt ok');
123      // 把Uint8Array按utf-8编码为字符串。
124      let messageDecrypted = buffer.from(decryptText.data).toString('utf-8');
125      console.info('decrypted result string:' + messageDecrypted);
126    } else {
127      console.error('decrypt failed');
128    }
129  }
130  ```