1# Signing and Signature Verification by Segment with an RSA Key Pair (PKCS1 Mode) (ArkTS) 2 3<!--Kit: Crypto Architecture Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @zxz--3--> 6<!--Designer: @lanming--> 7<!--Tester: @PAFT--> 8<!--Adviser: @zengyawen--> 9 10For details about the algorithm specifications, see [RSA](crypto-sign-sig-verify-overview.md#rsa). 11 12**Signing** 13 141. Call [cryptoFramework.createAsyKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateasykeygenerator) and [AsyKeyGenerator.generateKeyPair](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatekeypair-1) to generate a 1024-bit RSA key pair (**KeyPair**) with two primes. The **KeyPair** instance consists of a public key (**PubKey**) and a private key (**PriKey**). 15 16 In addition to the example in this topic, [RSA](crypto-asym-key-generation-conversion-spec.md#rsa) and [Randomly Generating an Asymmetric Key Pair](crypto-generate-asym-key-pair-randomly.md) may help you better understand how to generate an RSA asymmetric key pair. Note that the input parameters in the reference documents may be different from those in the example below. 17 182. Call [cryptoFramework.createSign](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatesign) with the string parameter **'RSA1024|PKCS1|SHA256'** to create a **Sign** instance. The key type is RSA1024, the padding mode is **PKCS1**, and the MD algorithm is **SHA256**. 19 203. Call [Sign.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-3) to initialize the **Sign** instance with the private key (**PriKey**). 21 224. Set the data length to be passed in each time to 64 bytes, and call [Sign.update](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#update-3) multiple times to pass in the data to be signed. Currently, the amount of data to be passed in by a single update is not limited. You can determine how to pass in data based on the data volume. 23 245. Call [Sign.sign](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#sign-1) to generate a signature. 25 26**Signature Verification** 27 281. Call [cryptoFramework.createVerify](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateverify) with the string parameter **'RSA1024|PKCS1|SHA256'** to create a **Verify** instance. The string parameter must be the same as that used to create the **Sign** instance. 29 302. Call [Verify.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-5) to initialize the **Verify** instance using the public key (**PubKey**). 31 323. Call [Verify.update](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#update-5) to pass in the data to be verified. Currently, the amount of data to be passed in by a single update is not limited. You can determine how to pass in data based on the data volume. 33 344. Call [Verify.verify](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#verify-1) to verify the data signature. 35 36- Example (using asynchronous APIs): 37 38 ```ts 39 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 40 import { buffer } from '@kit.ArkTS'; 41 42 async function signMessageBySegment(priKey: cryptoFramework.PriKey, plainText: Uint8Array) { 43 let signAlg = "RSA1024|PKCS1|SHA256"; 44 let signer = cryptoFramework.createSign(signAlg); 45 await signer.init(priKey); 46 let textSplitLen = 64; // Set the length of the data to be passed in each time. In this example, the value is 64. 47 for (let i = 0; i < plainText.length; i += textSplitLen) { 48 let updateMessage = plainText.subarray(i, i + textSplitLen); 49 let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage }; 50 // Call update() multiple times to pass in data by segment. 51 await signer.update(updateMessageBlob); 52 } 53 // Pass in null here because all the plaintext has been passed in by segment. 54 let signData = await signer.sign(null); 55 return signData; 56 } 57 async function verifyMessageBySegment(pubKey: cryptoFramework.PubKey, plainText: Uint8Array, signMessageBlob: cryptoFramework.DataBlob) { 58 let verifyAlg = "RSA1024|PKCS1|SHA256"; 59 let verifier = cryptoFramework.createVerify(verifyAlg); 60 await verifier.init(pubKey); 61 let textSplitLen = 64; // Set the length of the data to be passed in each time. In this example, the value is 64. 62 for (let i = 0; i < plainText.length; i += textSplitLen) { 63 let updateMessage = plainText.subarray(i, i + textSplitLen); 64 let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage }; 65 // Call update() multiple times to pass in data by segment. 66 await verifier.update(updateMessageBlob); 67 } 68 // Pass in null in the first parameter of verify() because all the plaintext has been passed in by segment. 69 let res = await verifier.verify(null, signMessageBlob); 70 console.info("verify result is " + res); 71 return res; 72 } 73 async function rsaSignatureBySegment() { 74 let message = "This is a long plainText! This is a long plainText! This is a long plainText!" + 75 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 76 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 77 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 78 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 79 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 80 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 81 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!"; 82 let keyGenAlg = "RSA1024"; 83 let generator = cryptoFramework.createAsyKeyGenerator(keyGenAlg); 84 let keyPair = await generator.generateKeyPair(); 85 let messageData = new Uint8Array(buffer.from(message, 'utf-8').buffer); 86 let signData = await signMessageBySegment(keyPair.priKey, messageData); 87 let verifyResult = await verifyMessageBySegment(keyPair.pubKey, messageData, signData); 88 if (verifyResult === true) { 89 console.info('verify success'); 90 } else { 91 console.error('verify failed'); 92 } 93 } 94 ``` 95 96- Example (using synchronous APIs): 97 98 ```ts 99 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 100 import { buffer } from '@kit.ArkTS'; 101 102 function signMessageBySegment(priKey: cryptoFramework.PriKey, plainText: Uint8Array) { 103 let signAlg = "RSA1024|PKCS1|SHA256"; 104 let signer = cryptoFramework.createSign(signAlg); 105 signer.initSync(priKey); 106 let textSplitLen = 64; // Set the length of the data to be passed in each time. In this example, the value is 64. 107 for (let i = 0; i < plainText.length; i += textSplitLen) { 108 let updateMessage = plainText.subarray(i, i + textSplitLen); 109 let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage }; 110 // Call update() multiple times to pass in data by segment. 111 signer.updateSync(updateMessageBlob); 112 } 113 // Pass in null here because all the plaintext has been passed in by segment. 114 let signData = signer.signSync(null); 115 return signData; 116 } 117 function verifyMessageBySegment(pubKey: cryptoFramework.PubKey, plainText: Uint8Array, signMessageBlob: cryptoFramework.DataBlob) { 118 let verifyAlg = "RSA1024|PKCS1|SHA256"; 119 let verifier = cryptoFramework.createVerify(verifyAlg); 120 verifier.initSync(pubKey); 121 let textSplitLen = 64; // Set the length of the data to be passed in each time. In this example, the value is 64. 122 for (let i = 0; i < plainText.length; i += textSplitLen) { 123 let updateMessage = plainText.subarray(i, i + textSplitLen); 124 let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage }; 125 // Call update() multiple times to pass in data by segment. 126 verifier.updateSync(updateMessageBlob); 127 } 128 // Pass in null in the first parameter of verify() because all the plaintext has been passed in by segment. 129 let res = verifier.verifySync(null, signMessageBlob); 130 console.info("verify result is " + res); 131 return res; 132 } 133 function rsaSignatureBySegment() { 134 let message = "This is a long plainText! This is a long plainText! This is a long plainText!" + 135 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 136 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 137 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 138 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 139 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 140 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 141 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!"; 142 let keyGenAlg = "RSA1024"; 143 let generator = cryptoFramework.createAsyKeyGenerator(keyGenAlg); 144 let keyPair = generator.generateKeyPairSync(); 145 let messageData = new Uint8Array(buffer.from(message, 'utf-8').buffer); 146 let signData = signMessageBySegment(keyPair.priKey, messageData); 147 let verifyResult = verifyMessageBySegment(keyPair.pubKey, messageData, signData); 148 if (verifyResult === true) { 149 console.info('verify success'); 150 } else { 151 console.error('verify failed'); 152 } 153 } 154 ``` 155