• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Certificate Signing with PKCS #7
2
3<!--Kit: Device Certificate Kit-->
4<!--Subsystem: Security-->
5<!--Owner: @zxz--3-->
6<!--Designer: @lanming-->
7<!--Tester: @PAFT-->
8<!--Adviser: @zengyawen-->
9
10This feature is supported since API version 18.
11
12PKCS #7 is a standard syntax for storing signed or encrypted data. The extension of PKCS#7, which is CMS, supports the following data types: data, signed data, enveloped data, signed and enveloped data, digest data, and encrypted data. It is often used to protect data integrity and confidentiality. Currently, only PKCS #7 signed data is supported.
13
14## How to Develop
15
161. Import the [cert](../../reference/apis-device-certificate-kit/js-apis-cert.md) module.
17
18   ```ts
19   import { cert } from '@kit.DeviceCertificateKit';
20   ```
212. Call [cert.createCmsGenerator](../../reference/apis-device-certificate-kit/js-apis-cert.md#certcreatecmsgenerator18) to create a **cmsGenerator** object.
22
233. Call [cmsGenerator.addSigner](../../reference/apis-device-certificate-kit/js-apis-cert.md#addsigner18) to add the signer information.
24
254. Call [cmsGenerator.addCert](../../reference/apis-device-certificate-kit/js-apis-cert.md#addcert18) to add a certificate.
26
275. Call [cmsGenerator.doFinal](../../reference/apis-device-certificate-kit/js-apis-cert.md#dofinal18) to obtain the final signed data of the CMS.
28
29- Example (using asynchronous APIs):
30
31  ```ts
32  import { cert } from '@kit.DeviceCertificateKit';
33  import { BusinessError } from '@kit.BasicServicesKit';
34
35  let certData = '-----BEGIN CERTIFICATE-----\n' +
36    'MIICXjCCAcegAwIBAgIGAXKnJjrAMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNVBAYT\n' +
37    'AkNOMQwwCgYDVQQIDANzaGExDTALBgNVBAcMBHhpYW4xDTALBgNVBAoMBHRlc3Qx\n' +
38    'DTALBgNVBAMMBHRlc3QwHhcNMjQxMTIyMDkwNTIyWhcNMzQxMTIwMDkwNTIyWjBI\n' +
39    'MQswCQYDVQQGEwJDTjEMMAoGA1UECAwDc2hhMQ0wCwYDVQQHDAR4aWFuMQ0wCwYD\n' +
40    'VQQKDAR0ZXN0MQ0wCwYDVQQDDAR0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n' +
41    'iQKBgQC6nCZTM16Rk2c4P/hwfVm++jqe6GCA/PXXGe4YL218q1dTKMHBGEw8kXi0\n' +
42    'XLDcyyC2yUn8ywN2QSyly6ke9EE6PGfZywStLp4g2PTTWB04sS3aXT2y+fToiTXQ\n' +
43    '3AxfFYRpB+EgSdSCkJs6jKXVwbzu54kEtQTfs8UdBQ9nVKaJLwIDAQABo1MwUTAd\n' +
44    'BgNVHQ4EFgQU6QXnt1smb2HRSO/2zuRQnz/SDxowHwYDVR0jBBgwFoAU6QXnt1sm\n' +
45    'b2HRSO/2zuRQnz/SDxowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOB\n' +
46    'gQBPR/+5xzFG1XlTdgwWVvqVxvhGUkbMTGW0IviJ+jbKsi57vnVsOtFzEA6y+bYx\n' +
47    'xG/kEOcwLtzeVHOQA+ZU5SVcc+qc0dfFiWjL2PSAG4bpqSTjujpuUk+g8ugixbG1\n' +
48    'a26pkDJhNeB/E3eBIbeydSY0A/dIGb6vbGo6BSq2KvnWAA==\n' +
49    '-----END CERTIFICATE-----\n';
50
51  let rsaStr1024: string  =
52    '-----BEGIN RSA PRIVATE KEY-----\n' +
53      'Proc-Type: 4,ENCRYPTED\n' +
54      'DEK-Info: DES-EDE3-CBC,DB0AC6E3BEE16420\n\n' +
55      '1N5xykdckthZnswMV7blxXm2RCqe/OByBfMwFI7JoXR8STtMiStd4xA3W405k1Ma\n' +
56      'ExpsHgWwZaS23x+sQ1sL1dsqIPMrw1Vr+KrL20vQcCVjXPpGKauafVbtcWQ1r2PZ\n' +
57      'QJ4KWP6FhUp+sGt2ItODW3dK+1GdqL22ZtANrgFzS42Wh8FSn0UMCf6RG62DK62J\n' +
58      'z2jtf4XaorrGSjdTeY+fyyGfSyKidIMMBe+IXwlhCgAe7aHSaqXtMsv+BibB7PJ3\n' +
59      'XmEp1D/0ptL3r46txyYcuy8jSNCkW8er93KKnlRN6KbuYZPvPNncWkzZBzV17t5d\n' +
60      'QgtvVh32AKgqk5jm8YVnspOFiPrbrK9UN3IW15juFkfnhriM3IrKap4/kW+tfawZ\n' +
61      'DmHkSyl8xqFK413Rv0UvYBTjOcGbs2BSJYEvp8CIjtA17SvLmNw70K2nXWuQYutY\n' +
62      '+HyucPtHfEqUPQRzWTAMMntTru77u7dxo2WMMMxOtMJO5h7MAnZH9bAFiuO3ewcY\n' +
63      'eEePg10d8Owcfh9G6kc0HIGT9MMLMi0mTXhpoQTuWPYuSx6uUZL1fsp1x2fuM0qn\n' +
64      'bdf3+UnATYUu4tgvBHrMV7405Y6Y3PnqOFxVMeAHeOTo6UThtJ10mfeCPXGcUaHo\n' +
65      'P5enw7h4145cha3+S4hNrUwj3skrtavld7tY74p4DvgZSlCMF3JAm3DhpnEMVcYP\n' +
66      'Y6TkSevvxOpBvEHE41Y4VBCBwd9clcixI6cSBJKPUU4A/sc/kkNdGFcbzLQCg/zR\n' +
67      '1m7YmBROb2qy4w3lv/uwVnPGLg/YV465irRaN3hgz7/1lm8STKQhmQ==\n' +
68      '-----END RSA PRIVATE KEY-----\n';
69
70  // Convert the string into a Uint8Array.
71  function stringToUint8Array(str: string): Uint8Array {
72    let arr: Array<number> = [];
73    for (let i = 0, j = str.length; i < j; i++) {
74      arr.push(str.charCodeAt(i));
75    }
76    return new Uint8Array(arr);
77  }
78
79  async function testPkcs7SignByPromise() {
80    let certEncodingBlob: cert.EncodingBlob = {
81      data: stringToUint8Array(certData),
82      // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported.
83      encodingFormat: cert.EncodingFormat.FORMAT_PEM
84    };
85    cert.createX509Cert(certEncodingBlob, (error, x509Cert) => {
86      if (error) {
87        console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message);
88      } else {
89        try {
90          let cmsContentType = cert.CmsContentType.SIGNED_DATA;
91          let cmsGenerator = cert.createCmsGenerator(cmsContentType);
92          console.info('testPkcs7SignByPromise createCmsGenerator success.');
93          let privateKeyInfo: cert.PrivateKeyInfo = {
94            key: rsaStr1024,
95            password: '123456'
96          };
97          // If addCert is true, an error will be reported if the same certificate is added to addSigner or addCert.
98          let config: cert.CmsSignerConfig = {
99            mdName:'SHA256',
100            addCert:false,
101            addAttr:true,
102            addSmimeCapAttr:true
103          }
104          cmsGenerator.addSigner(x509Cert, privateKeyInfo, config);
105          console.info('testPkcs7SignByPromise addSigner success.');
106          cmsGenerator.addCert(x509Cert);
107          console.info('testPkcs7SignByPromise addCert success.');
108          let content = new Uint8Array([1,2,3,4]);
109          let optionsFinal: cert.CmsGeneratorOptions = {
110            contentDataFormat : cert.CmsContentDataFormat.BINARY,
111            outFormat : cert.CmsFormat.PEM,
112            isDetached : true
113          };
114          cmsGenerator.doFinal(content, optionsFinal).then(result => {
115            console.log('testPkcs7SignByPromise doFinal success, resullt = %s', result);
116          }).catch((error: BusinessError) => {
117            console.error('testPkcs7SignByPromise failed, errCode: ' + error.code + ', errMsg: ' + error.message);
118          });
119        } catch (err) {
120          let e: BusinessError = err as BusinessError;
121          console.error('testPkcs7SignByPromise failed, errCode: ' + e.code + ', errMsg: ' + e.message);
122        }
123      }
124    });
125  }
126  ```
127
128- Example (using synchronous APIs):
129
130  ```ts
131  import { cert } from '@kit.DeviceCertificateKit';
132  import { BusinessError } from '@kit.BasicServicesKit';
133
134  let certData = '-----BEGIN CERTIFICATE-----\n' +
135    'MIICXjCCAcegAwIBAgIGAXKnJjrAMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNVBAYT\n' +
136    'AkNOMQwwCgYDVQQIDANzaGExDTALBgNVBAcMBHhpYW4xDTALBgNVBAoMBHRlc3Qx\n' +
137    'DTALBgNVBAMMBHRlc3QwHhcNMjQxMTIyMDkwNTIyWhcNMzQxMTIwMDkwNTIyWjBI\n' +
138    'MQswCQYDVQQGEwJDTjEMMAoGA1UECAwDc2hhMQ0wCwYDVQQHDAR4aWFuMQ0wCwYD\n' +
139    'VQQKDAR0ZXN0MQ0wCwYDVQQDDAR0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n' +
140    'iQKBgQC6nCZTM16Rk2c4P/hwfVm++jqe6GCA/PXXGe4YL218q1dTKMHBGEw8kXi0\n' +
141    'XLDcyyC2yUn8ywN2QSyly6ke9EE6PGfZywStLp4g2PTTWB04sS3aXT2y+fToiTXQ\n' +
142    '3AxfFYRpB+EgSdSCkJs6jKXVwbzu54kEtQTfs8UdBQ9nVKaJLwIDAQABo1MwUTAd\n' +
143    'BgNVHQ4EFgQU6QXnt1smb2HRSO/2zuRQnz/SDxowHwYDVR0jBBgwFoAU6QXnt1sm\n' +
144    'b2HRSO/2zuRQnz/SDxowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOB\n' +
145    'gQBPR/+5xzFG1XlTdgwWVvqVxvhGUkbMTGW0IviJ+jbKsi57vnVsOtFzEA6y+bYx\n' +
146    'xG/kEOcwLtzeVHOQA+ZU5SVcc+qc0dfFiWjL2PSAG4bpqSTjujpuUk+g8ugixbG1\n' +
147    'a26pkDJhNeB/E3eBIbeydSY0A/dIGb6vbGo6BSq2KvnWAA==\n' +
148    '-----END CERTIFICATE-----\n';
149
150  let rsaStr1024: string  =
151    '-----BEGIN RSA PRIVATE KEY-----\n' +
152      'Proc-Type: 4,ENCRYPTED\n' +
153      'DEK-Info: DES-EDE3-CBC,DB0AC6E3BEE16420\n\n' +
154      '1N5xykdckthZnswMV7blxXm2RCqe/OByBfMwFI7JoXR8STtMiStd4xA3W405k1Ma\n' +
155      'ExpsHgWwZaS23x+sQ1sL1dsqIPMrw1Vr+KrL20vQcCVjXPpGKauafVbtcWQ1r2PZ\n' +
156      'QJ4KWP6FhUp+sGt2ItODW3dK+1GdqL22ZtANrgFzS42Wh8FSn0UMCf6RG62DK62J\n' +
157      'z2jtf4XaorrGSjdTeY+fyyGfSyKidIMMBe+IXwlhCgAe7aHSaqXtMsv+BibB7PJ3\n' +
158      'XmEp1D/0ptL3r46txyYcuy8jSNCkW8er93KKnlRN6KbuYZPvPNncWkzZBzV17t5d\n' +
159      'QgtvVh32AKgqk5jm8YVnspOFiPrbrK9UN3IW15juFkfnhriM3IrKap4/kW+tfawZ\n' +
160      'DmHkSyl8xqFK413Rv0UvYBTjOcGbs2BSJYEvp8CIjtA17SvLmNw70K2nXWuQYutY\n' +
161      '+HyucPtHfEqUPQRzWTAMMntTru77u7dxo2WMMMxOtMJO5h7MAnZH9bAFiuO3ewcY\n' +
162      'eEePg10d8Owcfh9G6kc0HIGT9MMLMi0mTXhpoQTuWPYuSx6uUZL1fsp1x2fuM0qn\n' +
163      'bdf3+UnATYUu4tgvBHrMV7405Y6Y3PnqOFxVMeAHeOTo6UThtJ10mfeCPXGcUaHo\n' +
164      'P5enw7h4145cha3+S4hNrUwj3skrtavld7tY74p4DvgZSlCMF3JAm3DhpnEMVcYP\n' +
165      'Y6TkSevvxOpBvEHE41Y4VBCBwd9clcixI6cSBJKPUU4A/sc/kkNdGFcbzLQCg/zR\n' +
166      '1m7YmBROb2qy4w3lv/uwVnPGLg/YV465irRaN3hgz7/1lm8STKQhmQ==\n' +
167      '-----END RSA PRIVATE KEY-----\n';
168
169  // Convert the string into a Uint8Array.
170  function stringToUint8Array(str: string): Uint8Array {
171    let arr: Array<number> = [];
172    for (let i = 0, j = str.length; i < j; i++) {
173      arr.push(str.charCodeAt(i));
174    }
175    return new Uint8Array(arr);
176  }
177
178  function testPkcs7SignBySync() {
179    let certEncodingBlob: cert.EncodingBlob = {
180      data: stringToUint8Array(certData),
181      // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported.
182      encodingFormat: cert.EncodingFormat.FORMAT_PEM
183    };
184    cert.createX509Cert(certEncodingBlob, (error, x509Cert) => {
185      if (error) {
186        console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message);
187      } else {
188          try {
189            let cmsContentType = cert.CmsContentType.SIGNED_DATA;
190            let cmsGenerator = cert.createCmsGenerator(cmsContentType);
191            console.info('testPkcs7SignBySync createCmsGenerator success.');
192            let privateKeyInfo: cert.PrivateKeyInfo = {
193              key: rsaStr1024,
194              password: '123456'
195            };
196            // If addCert is true, an error will be reported if the same certificate is added to addSigner or addCert.
197            let config: cert.CmsSignerConfig = {
198              mdName:'SHA256',
199              addCert:false,
200              addAttr:false,
201              addSmimeCapAttr:false
202            }
203            cmsGenerator.addSigner(x509Cert, privateKeyInfo, config);
204            console.info('testPkcs7SignBySync addSigner success.');
205            cmsGenerator.addCert(x509Cert);
206            console.info('testPkcs7SignBySync addCert success.');
207            let content = new Uint8Array([1,2,3,4]);
208            let optionsFinal: cert.CmsGeneratorOptions = {
209              contentDataFormat : cert.CmsContentDataFormat.BINARY,
210              outFormat : cert.CmsFormat.DER,
211              isDetached : false
212            };
213            let output = cmsGenerator.doFinalSync(content, optionsFinal);
214            console.info('testPkcs7SignBySync doFinalSync success, output = %s.', output);
215          } catch (err) {
216            let e: BusinessError = err as BusinessError;
217            console.error('testPkcs7SignBySync failed, errCode: ' + e.code + ', errMsg: ' + e.message);
218          }
219      }
220    });
221  }
222  ```
223