1# Signing and Signature Verification (ArkTS) 2 3<!--Kit: Universal Keystore Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @wutiantian-gitee--> 6<!--Designer: @HighLowWorld--> 7<!--Tester: @wxy1234564846--> 8<!--Adviser: @zengyawen--> 9 10This topic provides signing and signature verification development cases with the following algorithms: 11 12- [Key algorithm ECC256 and digest algorithm SHA-256](#ecc256sha256) 13- [Key algorithm SM2 and digest algorithm SM3](#sm2sm3) 14- [Key algorithm RSA, digest algorithm SHA-256, and padding mode PSS](#rsasha256pss) 15- [Key algorithm RSA, digest algorithm SHA-256, and padding mode PKCS #1 v1.5](#rsasha256pkcs1_v1_5) 16<!--RP1--><!--RP1End--> 17 18For details about the scenarios and supported algorithms, see [Supported Algorithms](huks-signing-signature-verification-overview.md#supported-algorithms). 19 20## How to Develop 21 22**Key Generation** 23 241. Specify the key alias. For details about the naming rules, see [Key Generation Overview and Algorithm Specifications](huks-key-generation-overview.md). 25 262. Initialize the key property set. 27 283. Use [generateKeyItem](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksgeneratekeyitem9) to generate a key. For details, see [Key Generation](huks-key-generation-overview.md). 29 30Alternatively, you can [import a key](huks-key-import-overview.md). 31 32**Signing** 33 341. Obtain the key alias. 35 362. Obtain the plaintext to be signed. 37 383. Obtain the property parameter [HuksOptions](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksoptions), which contains the **properties** and **inData** fields. Pass in the plaintext to be signed in **inData**, and [algorithm parameters](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksparam) in **properties**. 39 404. Use [initSession](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksinitsession9) to initialize a key session. The session handle is returned after the initialization. 41 425. Use [finishSession](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksfinishsession9) to generate a signature. 43 44**Signature Verification** 45 461. Obtain the key alias. 47 482. Obtain the signature to be verified. 49 503. Obtain the property parameter [HuksOptions](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksoptions), which contains the **properties** and **inData** fields. Pass in the signature in **inData**, and [algorithm parameters](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksparam) in **properties**. 51 524. Use [initSession](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksinitsession9) to initialize a key session. The session handle is returned after the initialization. 53 545. Use [updateSession](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksupdatesession9) to process data. 55 566. Use [finishSession](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksfinishsession9) to finish signature verification. 57 58**Key Deletion** 59 60Use [deleteKeyItem](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksdeletekeyitem9) to delete the key that is not required. For details, see [Deleting a Key](huks-delete-key-arkts.md). 61## Development Cases 62 63### ECC256/SHA256 64```ts 65/* 66 * Key algorithm ECC256 and digest algorithm SHA-256 are used. 67 */ 68import { huks } from '@kit.UniversalKeystoreKit'; 69 70let keyAlias = 'test_eccKeyAlias'; 71let handle: number; 72let plaintext = '123456'; 73let signature: Uint8Array; 74 75function StringToUint8Array(str: string) { 76 let arr: number[] = new Array(); 77 for (let i = 0, j = str.length; i < j; ++i) { 78 arr.push(str.charCodeAt(i)); 79 } 80 return new Uint8Array(arr); 81} 82 83function Uint8ArrayToString(fileData: Uint8Array) { 84 let dataString = ''; 85 for (let i = 0; i < fileData.length; i++) { 86 dataString += String.fromCharCode(fileData[i]); 87 } 88 return dataString; 89} 90 91function GetEccGenerateProperties() { 92 let properties: Array<huks.HuksParam> = [{ 93 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 94 value: huks.HuksKeyAlg.HUKS_ALG_ECC 95 }, { 96 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 97 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 98 }, { 99 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 100 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN | 101 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 102 }, { 103 tag: huks.HuksTag.HUKS_TAG_DIGEST, 104 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 105 }]; 106 return properties; 107} 108 109function GetEccSignProperties() { 110 let properties: Array<huks.HuksParam> = [{ 111 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 112 value: huks.HuksKeyAlg.HUKS_ALG_ECC 113 }, { 114 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 115 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 116 }, { 117 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 118 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN 119 }, { 120 tag: huks.HuksTag.HUKS_TAG_DIGEST, 121 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 122 }]; 123 return properties; 124} 125 126function GetEccVerifyProperties() { 127 let properties: Array<huks.HuksParam> = [{ 128 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 129 value: huks.HuksKeyAlg.HUKS_ALG_ECC 130 }, { 131 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 132 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 133 }, { 134 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 135 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 136 }, { 137 tag: huks.HuksTag.HUKS_TAG_DIGEST, 138 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 139 }]; 140 return properties; 141} 142 143async function GenerateEccKey(keyAlias: string) { 144 let genProperties = GetEccGenerateProperties(); 145 let options: huks.HuksOptions = { 146 properties: genProperties 147 } 148 await huks.generateKeyItem(keyAlias, options) 149 .then((data) => { 150 console.info(`promise: generate ECC Key success, data = ${JSON.stringify(data)}`); 151 }).catch((err: Error) => { 152 console.error(`promise: generate ECC Key failed, error: ` + JSON.stringify(err)); 153 }) 154} 155 156async function Sign(keyAlias: string, plaintext: string) { 157 let signProperties = GetEccSignProperties(); 158 let options: huks.HuksOptions = { 159 properties: signProperties, 160 inData: StringToUint8Array(plaintext) 161 } 162 await huks.initSession(keyAlias, options) 163 .then((data) => { 164 handle = data.handle; 165 }).catch((err: Error) => { 166 console.error(`promise: init sign failed, error: ` + JSON.stringify(err)); 167 }) 168 await huks.finishSession(handle, options) 169 .then((data) => { 170 console.info(`promise: sign success, data is ` + Uint8ArrayToString(data.outData as Uint8Array)); 171 signature = data.outData as Uint8Array; 172 }).catch((err: Error) => { 173 console.error(`promise: sign failed, error: ` + JSON.stringify(err)); 174 }) 175} 176 177async function Verify(keyAlias: string, plaintext: string, signature: Uint8Array) { 178 let verifyProperties = GetEccVerifyProperties() 179 let options: huks.HuksOptions = { 180 properties: verifyProperties, 181 inData: StringToUint8Array(plaintext) 182 } 183 await huks.initSession(keyAlias, options) 184 .then((data) => { 185 handle = data.handle; 186 }).catch((err: Error) => { 187 console.error(`promise: init verify failed, error: ` + JSON.stringify(err)); 188 }) 189 await huks.updateSession(handle, options) 190 .then((data) => { 191 console.info(`promise: update verify success, data is ` + Uint8ArrayToString(data.outData as Uint8Array)); 192 }).catch((err: Error) => { 193 console.error(`promise: update verify failed, error: ` + JSON.stringify(err)); 194 }) 195 options.inData = signature; 196 await huks.finishSession(handle, options) 197 .then((data) => { 198 console.info(`promise: verify success, data is ` + Uint8ArrayToString(data.outData as Uint8Array)); 199 }).catch((err: Error) => { 200 console.error(`promise: verify failed, error: ` + JSON.stringify(err)); 201 }) 202} 203 204async function DeleteEccKey(keyAlias: string) { 205 let emptyOptions: huks.HuksOptions = { 206 properties: [] 207 } 208 await huks.deleteKeyItem(keyAlias, emptyOptions) 209 .then((data) => { 210 console.info(`promise: delete data success`); 211 }).catch((err: Error) => { 212 console.error(`promise: delete data failed`); 213 }) 214} 215 216async function testSignVerify() { 217 await GenerateEccKey(keyAlias); 218 await Sign(keyAlias, plaintext); 219 await Verify(keyAlias, plaintext, signature); 220 await DeleteEccKey(keyAlias); 221} 222``` 223### SM2/SM3 224```ts 225/* 226 * The key algorithm SM2 and digest algorithm SM3 are used. 227 */ 228import { huks } from '@kit.UniversalKeystoreKit'; 229 230let keyAlias = 'test_sm2KeyAlias'; 231let handle: number; 232let plaintext = '123456'; 233let signature: Uint8Array; 234 235 236function StringToUint8Array(str: string) { 237 let arr: number[] = new Array(); 238 for (let i = 0, j = str.length; i < j; ++i) { 239 arr.push(str.charCodeAt(i)); 240 } 241 return new Uint8Array(arr); 242} 243 244 245function Uint8ArrayToString(fileData: Uint8Array) { 246 let dataString = ''; 247 for (let i = 0; i < fileData.length; i++) { 248 dataString += String.fromCharCode(fileData[i]); 249 } 250 return dataString; 251} 252 253 254function GetSm2GenerateProperties() { 255 let properties: Array<huks.HuksParam> = [{ 256 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 257 value: huks.HuksKeyAlg.HUKS_ALG_SM2 258 }, { 259 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 260 value: huks.HuksKeySize.HUKS_SM2_KEY_SIZE_256 261 }, { 262 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 263 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN | 264 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 265 }, { 266 tag: huks.HuksTag.HUKS_TAG_DIGEST, 267 value: huks.HuksKeyDigest.HUKS_DIGEST_SM3 268 }]; 269 return properties; 270} 271 272function GetSm2SignProperties() { 273 let properties: Array<huks.HuksParam> = [{ 274 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 275 value: huks.HuksKeyAlg.HUKS_ALG_SM2 276 }, { 277 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 278 value: huks.HuksKeySize.HUKS_SM2_KEY_SIZE_256 279 }, { 280 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 281 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN 282 }, { 283 tag: huks.HuksTag.HUKS_TAG_DIGEST, 284 value: huks.HuksKeyDigest.HUKS_DIGEST_SM3 285 }]; 286 return properties; 287} 288 289function GetSm2VerifyProperties() { 290 let properties: Array<huks.HuksParam> = [{ 291 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 292 value: huks.HuksKeyAlg.HUKS_ALG_SM2 293 }, { 294 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 295 value: huks.HuksKeySize.HUKS_SM2_KEY_SIZE_256 296 }, { 297 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 298 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 299 }, { 300 tag: huks.HuksTag.HUKS_TAG_DIGEST, 301 value: huks.HuksKeyDigest.HUKS_DIGEST_SM3 302 }]; 303 return properties; 304} 305 306async function GenerateSm2Key(keyAlias: string) { 307 let genProperties = GetSm2GenerateProperties(); 308 let options: huks.HuksOptions = { 309 properties: genProperties 310 } 311 await huks.generateKeyItem(keyAlias, options) 312 .then((data) => { 313 console.info(`promise: generate Sm2 Key success, data = ${JSON.stringify(data)}`); 314 }).catch((err: Error) => { 315 console.error(`promise: generate Sm2 Key failed, error: ` + JSON.stringify(err)); 316 }) 317} 318 319async function Sign(keyAlias: string, plaintext: string) { 320 let signProperties = GetSm2SignProperties(); 321 let options: huks.HuksOptions = { 322 properties: signProperties, 323 inData: StringToUint8Array(plaintext) 324 } 325 await huks.initSession(keyAlias, options) 326 .then((data) => { 327 handle = data.handle; 328 }).catch((err: Error) => { 329 console.error(`promise: init sign failed, error: ` + JSON.stringify(err)); 330 }) 331 await huks.finishSession(handle, options) 332 .then((data) => { 333 console.info(`promise: sign success, data is ` + Uint8ArrayToString(data.outData as Uint8Array)); 334 signature = data.outData as Uint8Array; 335 }).catch((err: Error) => { 336 console.error(`promise: sign failed, error: ` + JSON.stringify(err)); 337 }) 338} 339 340async function Verify(keyAlias: string, plaintext: string, signature: Uint8Array) { 341 let verifyProperties = GetSm2VerifyProperties() 342 let options: huks.HuksOptions = { 343 properties: verifyProperties, 344 inData: StringToUint8Array(plaintext) 345 } 346 await huks.initSession(keyAlias, options) 347 .then((data) => { 348 handle = data.handle; 349 }).catch((err: Error) => { 350 console.error(`promise: init verify failed, error: ` + JSON.stringify(err)); 351 }) 352 await huks.updateSession(handle, options) 353 .then((data) => { 354 console.info(`promise: update verify success, data is ` + Uint8ArrayToString(data.outData as Uint8Array)); 355 }).catch((err: Error) => { 356 console.error(`promise: update verify failed, error: ` + JSON.stringify(err)); 357 }) 358 options.inData = signature; 359 await huks.finishSession(handle, options) 360 .then((data) => { 361 console.info(`promise: verify success, data is ` + Uint8ArrayToString(data.outData as Uint8Array)); 362 }).catch((err: Error) => { 363 console.error(`promise: verify failed, error: ` + JSON.stringify(err)); 364 }) 365} 366 367async function DeleteSm2Key(keyAlias: string) { 368 let emptyOptions: huks.HuksOptions = { 369 properties: [] 370 } 371 await huks.deleteKeyItem(keyAlias, emptyOptions) 372 .then((data) => { 373 console.info(`promise: delete data success`); 374 }).catch((err: Error) => { 375 console.error(`promise: delete data failed`); 376 }) 377} 378 379export async function testSignVerify() { 380 await GenerateSm2Key(keyAlias); 381 await Sign(keyAlias, plaintext); 382 await Verify(keyAlias, plaintext, signature); 383 await DeleteSm2Key(keyAlias); 384} 385``` 386### RSA/SHA256/PSS 387```ts 388/* 389 * The key algorithm RSA, digest algorithm SHA-256, and padding mode PSS are used. 390 */ 391import { huks } from '@kit.UniversalKeystoreKit'; 392 393let keyAlias = 'test_rsaKeyAlias'; 394let handle: number; 395let plaintext = '123456'; 396let signature: Uint8Array; 397 398function StringToUint8Array(str: string) { 399 let arr: number[] = []; 400 for (let i = 0, j = str.length; i < j; ++i) { 401 arr.push(str.charCodeAt(i)); 402 } 403 return new Uint8Array(arr); 404} 405 406function Uint8ArrayToString(fileData: Uint8Array) { 407 let dataString = ''; 408 for (let i = 0; i < fileData.length; i++) { 409 dataString += String.fromCharCode(fileData[i]); 410 } 411 return dataString; 412} 413 414function GetRsaGenerateProperties() { 415 let properties: Array<huks.HuksParam> = [{ 416 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 417 value: huks.HuksKeyAlg.HUKS_ALG_RSA 418 }, { 419 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 420 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 421 }, { 422 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 423 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN | 424 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 425 }, { 426 tag: huks.HuksTag.HUKS_TAG_PADDING, 427 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 428 }, { 429 tag: huks.HuksTag.HUKS_TAG_DIGEST, 430 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 431 }]; 432 return properties; 433} 434 435function GetRsaSignProperties() { 436 let properties: Array<huks.HuksParam> = [{ 437 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 438 value: huks.HuksKeyAlg.HUKS_ALG_RSA 439 }, { 440 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 441 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 442 }, { 443 tag: huks.HuksTag.HUKS_TAG_PADDING, 444 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 445 }, { 446 tag: huks.HuksTag.HUKS_TAG_DIGEST, 447 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 448 }, { 449 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 450 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN 451 }]; 452 return properties; 453} 454 455function GetRsaVerifyProperties() { 456 let properties: Array<huks.HuksParam> = [{ 457 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 458 value: huks.HuksKeyAlg.HUKS_ALG_RSA 459 }, { 460 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 461 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 462 }, { 463 tag: huks.HuksTag.HUKS_TAG_PADDING, 464 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 465 }, { 466 tag: huks.HuksTag.HUKS_TAG_DIGEST, 467 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 468 }, { 469 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 470 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 471 }]; 472 return properties; 473} 474 475async function GenerateRsaKey(keyAlias: string) { 476 let genProperties = GetRsaGenerateProperties(); 477 let options: huks.HuksOptions = { 478 properties: genProperties 479 }; 480 await huks.generateKeyItem(keyAlias, options) 481 .then((data) => { 482 console.info(`promise: generate RSA Key success, data = ${JSON.stringify(data)}`); 483 }).catch((err: Error) => { 484 console.error(`promise: generate RSA Key failed, error: ` + JSON.stringify(err)); 485 }); 486} 487 488async function Sign(keyAlias: string, plaintext: string) { 489 let signProperties = GetRsaSignProperties(); 490 let options: huks.HuksOptions = { 491 properties: signProperties, 492 inData: StringToUint8Array(plaintext) 493 } 494 await huks.initSession(keyAlias, options) 495 .then((data) => { 496 handle = data.handle; 497 }).catch((err: Error) => { 498 console.error(`promise: init sign failed, error: ` + JSON.stringify(err)); 499 return; 500 }); 501 502 if (handle !== undefined) { 503 await huks.finishSession(handle, options) 504 .then((data) => { 505 console.info(`promise: sign success, data is ` + Uint8ArrayToString(data.outData as Uint8Array)); 506 signature = data.outData as Uint8Array; 507 }).catch((err: Error) => { 508 console.error(`promise: sign failed, error: ` + JSON.stringify(err)); 509 }); 510 } 511} 512 513async function Verify(keyAlias: string, plaintext: string, signature: Uint8Array) { 514 let verifyProperties = GetRsaVerifyProperties(); 515 let options: huks.HuksOptions = { 516 properties: verifyProperties, 517 inData: StringToUint8Array(plaintext) 518 } 519 await huks.initSession(keyAlias, options) 520 .then((data) => { 521 handle = data.handle; 522 }).catch((err: Error) => { 523 console.error(`promise: init verify failed, error: ` + JSON.stringify(err)); 524 return; 525 }); 526 527 if (handle !== undefined) { 528 await huks.updateSession(handle, options) 529 .then((data) => { 530 console.info(`promise: update verify success, data is ` + Uint8ArrayToString(data.outData as Uint8Array)); 531 }).catch((err: Error) => { 532 console.error(`promise: update verify failed, error: ` + JSON.stringify(err)); 533 }); 534 535 options.inData = signature; 536 await huks.finishSession(handle, options) 537 .then((data) => { 538 console.info(`promise: verify success, data is ` + Uint8ArrayToString(data.outData as Uint8Array)); 539 }).catch((err: Error) => { 540 console.error(`promise: verify failed, error: ` + JSON.stringify(err)); 541 }); 542 } 543} 544 545async function DeleteRsaKey(keyAlias: string) { 546 let emptyOptions: huks.HuksOptions = { 547 properties: [] 548 } 549 await huks.deleteKeyItem(keyAlias, emptyOptions) 550 .then((data) => { 551 console.info(`promise: delete data success`); 552 }).catch((err: Error) => { 553 console.error(`promise: delete data failed`); 554 }); 555} 556 557export async function testSignVerify() { 558 await GenerateRsaKey(keyAlias); 559 await Sign(keyAlias, plaintext); 560 await Verify(keyAlias, plaintext, signature); 561 await DeleteRsaKey(keyAlias); 562} 563``` 564### RSA/SHA256/PKCS1_V1_5 565```ts 566/* 567 * The key algorithm RSA, digest algorithm SHA-256, and padding mode PKCS #1 v1.5 are used. 568 */ 569import { huks } from '@kit.UniversalKeystoreKit'; 570 571let keyAlias = 'test_rsaKeyAlias'; 572let handle: number; 573let plaintext = '123456'; 574let signature: Uint8Array; 575 576function StringToUint8Array(str: string) { 577 let arr: number[] = new Array(); 578 for (let i = 0, j = str.length; i < j; ++i) { 579 arr.push(str.charCodeAt(i)); 580 } 581 return new Uint8Array(arr); 582} 583 584function Uint8ArrayToString(fileData: Uint8Array) { 585 let dataString = ''; 586 for (let i = 0; i < fileData.length; i++) { 587 dataString += String.fromCharCode(fileData[i]); 588 } 589 return dataString; 590} 591 592function GetRsaGenerateProperties() { 593 let properties: Array<huks.HuksParam> = [ 594 { tag: huks.HuksTag.HUKS_TAG_ALGORITHM, value: huks.HuksKeyAlg.HUKS_ALG_RSA }, 595 { tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 }, 596 { 597 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 598 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 599 }, 600 { tag: huks.HuksTag.HUKS_TAG_PADDING, value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5 }, 601 { tag: huks.HuksTag.HUKS_TAG_DIGEST, value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 } 602 ]; 603 return properties; 604} 605 606function GetRsaSignProperties() { 607 let properties: Array<huks.HuksParam> = [{ 608 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 609 value: huks.HuksKeyAlg.HUKS_ALG_RSA 610 }, { 611 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 612 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 613 }, { 614 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 615 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN 616 }, { 617 tag: huks.HuksTag.HUKS_TAG_PADDING, 618 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5 619 }, { 620 tag: huks.HuksTag.HUKS_TAG_DIGEST, 621 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 622 }]; 623 return properties; 624} 625 626function GetRsaVerifyProperties() { 627 let properties: Array<huks.HuksParam> = [{ 628 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 629 value: huks.HuksKeyAlg.HUKS_ALG_RSA 630 }, { 631 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 632 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 633 }, { 634 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 635 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 636 }, { 637 tag: huks.HuksTag.HUKS_TAG_PADDING, 638 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5 639 }, { 640 tag: huks.HuksTag.HUKS_TAG_DIGEST, 641 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 642 }]; 643 return properties; 644} 645 646async function GenerateRsaKey(keyAlias: string) { 647 let genProperties = GetRsaGenerateProperties(); 648 let options: huks.HuksOptions = { 649 properties: genProperties 650 } 651 await huks.generateKeyItem(keyAlias, options) 652 .then((data) => { 653 console.info(`promise: generate RSA Key success, data = ${JSON.stringify(data)}`); 654 }).catch((err: Error) => { 655 console.error(`promise: generate RSA Key failed, error: ` + JSON.stringify(err)); 656 }) 657} 658 659async function Sign(keyAlias: string, plaintext: string) { 660 let signProperties = GetRsaSignProperties(); 661 let options: huks.HuksOptions = { 662 properties: signProperties, 663 inData: StringToUint8Array(plaintext) 664 } 665 await huks.initSession(keyAlias, options) 666 .then((data) => { 667 handle = data.handle; 668 }).catch((err: Error) => { 669 console.error(`promise: init sign failed, error: ` + JSON.stringify(err)); 670 }) 671 await huks.finishSession(handle, options) 672 .then((data) => { 673 console.info(`promise: sign success, data is ` + Uint8ArrayToString(data.outData as Uint8Array)); 674 signature = data.outData as Uint8Array; 675 }).catch((err: Error) => { 676 console.error(`promise: sign failed, error: ` + JSON.stringify(err)); 677 }) 678} 679 680async function Verify(keyAlias: string, plaintext: string, signature: Uint8Array) { 681 let verifyProperties = GetRsaVerifyProperties() 682 let options: huks.HuksOptions = { 683 properties: verifyProperties, 684 inData: StringToUint8Array(plaintext) 685 } 686 await huks.initSession(keyAlias, options) 687 .then((data) => { 688 handle = data.handle; 689 }).catch((err: Error) => { 690 console.error(`promise: init verify failed, error: ` + JSON.stringify(err)); 691 }) 692 await huks.updateSession(handle, options) 693 .then((data) => { 694 console.info(`promise: update verify success, data is ` + Uint8ArrayToString(data.outData as Uint8Array)); 695 }).catch((err: Error) => { 696 console.error(`promise: update verify failed, error: ` + JSON.stringify(err)); 697 }) 698 options.inData = signature; 699 await huks.finishSession(handle, options) 700 .then((data) => { 701 console.info(`promise: verify success, data is ` + Uint8ArrayToString(data.outData as Uint8Array)); 702 }).catch((err: Error) => { 703 console.error(`promise: verify failed, error: ` + JSON.stringify(err)); 704 }) 705} 706 707async function DeleteRsaKey(keyAlias: string) { 708 let emptyOptions: huks.HuksOptions = { 709 properties: [] 710 } 711 await huks.deleteKeyItem(keyAlias, emptyOptions) 712 .then((data) => { 713 console.info(`promise: delete data success`); 714 }).catch((err: Error) => { 715 console.error(`promise: delete data failed`); 716 }) 717} 718 719export async function testSignVerify() { 720 await GenerateRsaKey(keyAlias); 721 await Sign(keyAlias, plaintext); 722 await Verify(keyAlias, plaintext, signature); 723 await DeleteRsaKey(keyAlias); 724} 725``` 726 727<!--RP2--><!--RP2End--> 728