• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Signing and Signature Verification with an RSA Key Pair (PKCS1 Mode) (ArkTS)
2
3<!--Kit: Crypto Architecture Kit-->
4<!--Subsystem: Security-->
5<!--Owner: @zxz--3-->
6<!--Designer: @lanming-->
7<!--Tester: @PAFT-->
8<!--Adviser: @zengyawen-->
9
10For details about the algorithm specifications, see [RSA](crypto-sign-sig-verify-overview.md#rsa).
11
12**Signing**
13
141. Call [cryptoFramework.createAsyKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateasykeygenerator) and [AsyKeyGenerator.generateKeyPair](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatekeypair-1) to generate a 1024-bit RSA key pair (**KeyPair**) with two primes. The **KeyPair** instance consists of a public key (**PubKey**) and a private key (**PriKey**).
15
16   In addition to the example in this topic, [RSA](crypto-asym-key-generation-conversion-spec.md#rsa) and [Randomly Generating an Asymmetric Key Pair](crypto-generate-asym-key-pair-randomly.md) may help you better understand how to generate an RSA asymmetric key pair. Note that the input parameters in the reference documents may be different from those in the example below.
17
182. Call [cryptoFramework.createSign](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatesign) with the string parameter **'RSA1024|PKCS1|SHA256'** to create a **Sign** instance. The key type is RSA1024, the padding mode is **PKCS1**, and the MD algorithm is **SHA256**.
19
203. Call [Sign.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-3) to initialize the **Sign** instance with the private key (**PriKey**).
21
224. Call [Sign.update](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#update-3) to pass in the data to be signed.
23
24   Currently, the amount of data to be passed in by a single **update()** is not limited. You can determine how to pass in data based on the data size.
25
26   - If a small amount of data is to be signed, call **Sign.sign()** immediately after **Sign.init()**.
27   - If a large amount of data is to be verified, call **update()** multiple times to [pass in data by segment](crypto-rsa-sign-sig-verify-pkcs1-by-segment.md).
28
295. Call [Sign.sign](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#sign-1) to generate a signature.
30
31**Signature Verification**
32
331. Call [cryptoFramework.createVerify](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateverify) with the string parameter **'RSA1024|PKCS1|SHA256'** to create a **Verify** instance. The string parameter must be the same as that used to create the **Sign** instance.
34
352. Call [Verify.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-5) to initialize the **Verify** instance using the public key (**PubKey**).
36
373. Call [Verify.update](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#update-5) to pass in the data to be verified.
38   Currently, the amount of data to be passed in by a single **update()** is not limited. You can determine how to pass in data based on the data size.
39
40   - If a small amount of data is to be verified, call **Verify.verify()** immediately after **Verify.init()**.
41   - If a large amount of data is to be verified, call **update()** multiple times to [pass in data by segment](crypto-rsa-sign-sig-verify-pkcs1-by-segment.md).
42
434. Call [Verify.verify](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#verify-1) to verify the data signature.
44
45- Example (using asynchronous APIs):
46
47  ```ts
48  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
49  import { buffer } from '@kit.ArkTS';
50  // The plaintext is split into input1 and input2.
51  let input1: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from("This is Sign test plan1", 'utf-8').buffer) };
52  let input2: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from("This is Sign test plan2", 'utf-8').buffer) };
53  async function signMessagePromise(priKey: cryptoFramework.PriKey) {
54    let signAlg = "RSA1024|PKCS1|SHA256";
55    let signer = cryptoFramework.createSign(signAlg);
56    await signer.init(priKey);
57    await signer.update(input1); // If the plaintext is short, you can use sign() to pass in the full data at a time.
58    let signData = await signer.sign(input2);
59    return signData;
60  }
61  async function verifyMessagePromise(signMessageBlob: cryptoFramework.DataBlob, pubKey: cryptoFramework.PubKey) {
62    let verifyAlg = "RSA1024|PKCS1|SHA256";
63    let verifier = cryptoFramework.createVerify(verifyAlg);
64    await verifier.init(pubKey);
65    await verifier.update(input1); // If the plaintext is short, you can use verify() to pass in the full data at a time.
66    let res = await verifier.verify(input2, signMessageBlob);
67    console.info("verify result is " + res);
68    return res;
69  }
70  async function main() {
71    let keyGenAlg = "RSA1024";
72    let generator = cryptoFramework.createAsyKeyGenerator(keyGenAlg);
73    let keyPair = await generator.generateKeyPair();
74    let signData = await signMessagePromise(keyPair.priKey);
75    let verifyResult = await verifyMessagePromise(signData, keyPair.pubKey);
76    if (verifyResult === true) {
77      console.info('verify success');
78    } else {
79      console.error('verify failed');
80    }
81  }
82  ```
83
84- Example (using synchronous APIs):
85
86  ```ts
87  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
88  import { buffer } from '@kit.ArkTS';
89  // The plaintext is split into input1 and input2.
90  let input1: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from("This is Sign test plan1", 'utf-8').buffer) };
91  let input2: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from("This is Sign test plan2", 'utf-8').buffer) };
92  function signMessagePromise(priKey: cryptoFramework.PriKey) {
93    let signAlg = "RSA1024|PKCS1|SHA256";
94    let signer = cryptoFramework.createSign(signAlg);
95    signer.initSync(priKey);
96    signer.updateSync(input1); // If the plaintext is short, you can use sign() to pass in the full data at a time.
97    let signData = signer.signSync(input2);
98    return signData;
99  }
100  function verifyMessagePromise(signMessageBlob: cryptoFramework.DataBlob, pubKey: cryptoFramework.PubKey) {
101    let verifyAlg = "RSA1024|PKCS1|SHA256";
102    let verifier = cryptoFramework.createVerify(verifyAlg);
103    verifier.initSync(pubKey);
104    verifier.updateSync(input1); // If the plaintext is short, you can use verify() to pass in the full data at a time.
105    let res = verifier.verifySync(input2, signMessageBlob);
106    console.info("verify result is " + res);
107    return res;
108  }
109  function main() {
110    let keyGenAlg = "RSA1024";
111    let generator = cryptoFramework.createAsyKeyGenerator(keyGenAlg);
112    let keyPair = generator.generateKeyPairSync();
113    let signData = signMessagePromise(keyPair.priKey);
114    let verifyResult = verifyMessagePromise(signData, keyPair.pubKey);
115    if (verifyResult === true) {
116      console.info('verify success');
117    } else {
118      console.error('verify failed');
119    }
120  }
121  ```
122