• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Encryption and Decryption by Segment
2
3<!--Kit: Crypto Architecture Kit-->
4<!--Subsystem: Security-->
5<!--Owner: @zxz--3-->
6<!--Designer: @lanming-->
7<!--Tester: @PAFT-->
8<!--Adviser: @zengyawen-->
9
10The Crypto framework does not have a limit on the amount of the data to be passed in one time or cumulatively during the encryption/decryption process. However, when the amount of data is greater than 2 MB, you are advised to pass in and encrypt/decrypt the data by segment to improve processing efficiency.
11
12## Symmetric Encryption and Decryption
13
14Use [Cipher.update](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#update-1) to pass in and encrypt/decrypt the data of a symmetric key by segment.
15
16You can set the amount of the data to be passed in each time (**updateLength** in the example) and call **update()** multiple times to pass in the data.
17
18Currently, the amount of data that can be passed in each time cannot exceed **INT_MAX** (maximum length of the Uint8Array type).
19
20The value returned by each **update** and **doFinal** must be checked. If the return value is not null, obtain and combine the data segments into the complete ciphertext or plaintext.
21
22Example: [Encryption and Decryption by Segment with an AES Symmetric Key (GCM Mode)](crypto-aes-sym-encrypt-decrypt-gcm-by-segment.md)
23
24Example: [Encryption and Decryption by Segment with an SM4 Symmetric Key (GCM Mode)](crypto-sm4-sym-encrypt-decrypt-gcm-by-segment.md)
25
26## Asymmetric Encryption and Decryption
27
28Use [Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1) and [Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1) to pass in and encrypt/decrypt the data of an asymmetric key pair by segment.
29
30If the plaintext length is greater than the data length supported by a single encryption (see [Asymmetric Key Encryption and Decryption Algorithm Specifications](crypto-asym-encrypt-decrypt-spec.md)), divide the data to be encrypted into data segments of an appropriate length and encrypt each data segment. Specifically, create a **Cipher** instance and call [Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1) and [Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1).
31
32The amount of data to be passed in each time varies, depending on the key specifications.
33
34- RSA: The input data varies depending on the padding mode. Determine the amount of the data to be passed in at a time based on [RSA specifications](crypto-asym-encrypt-decrypt-spec.md#rsa).
35
36The value returned by each **doFinal** must be checked. If the return value is not null, obtain and combine the data segments into the complete ciphertext or plaintext.
37
38Example: [Encryption and Decryption by Segment with an RSA Asymmetric Key Pair](crypto-rsa-asym-encrypt-decrypt-by-segment.md)
39
40## FAQs
41
42- Does the cipher mode affect the amount of the data to be passed in by each **update** in encryption and decryption by segment?
43
44   You can set the amount of the data to be passed in by each **update**. It has nothing to do with the cipher mode.
45
46   The encryption/decryption parameters vary with the cipher mode. For details, see [ParamsSpec](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#paramsspec).
47