1# 指定二进制数据转换非对称密钥对(ArkTS) 2 3<!--Kit: Crypto Architecture Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @zxz--3--> 6<!--Designer: @lanming--> 7<!--Tester: @PAFT--> 8<!--Adviser: @zengyawen--> 9 10以RSA、ECC、SM2为例,根据指定的非对称密钥二进制数据,生成非对称密钥对(KeyPair),即将外部或存储的二进制数据转换为算法库的密钥对象,该对象可用于后续的加解密等操作。 11 12> **说明:** 13> 14> 针对非对称密钥的convertKey操作: 15> 16> - 公钥需满足:ASN.1语法、X.509规范、DER编码格式。 17> 18> - 私钥需满足:ASN.1语法、PKCS\#8规范、DER编码格式。 19 20## 指定二进制数据转换RSA密钥对 21 22对应的算法规格请查看[非对称密钥生成和转换规格:RSA](crypto-asym-key-generation-conversion-spec.md#rsa)。 23 241. 获取RSA公钥或私钥二进制数据,封装成DataBlob对象。 25 26 公钥和私钥可单独传入,此处示例传入公钥。 27 282. 调用[cryptoFramework.createAsyKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateasykeygenerator),指定字符串参数'RSA1024',创建RSA密钥类型为RSA1024、素数个数为2的非对称密钥生成器(AsyKeyGenerator)。 29 30 生成RSA非对称密钥时,默认素数为2,此处省略了参数PRIMES_2。 31 323. 调用[AsyKeyGenerator.convertKey](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#convertkey-3),传入二进制密钥数据,生成非对称密钥对象(KeyPair)。即将外部或存储的二进制数据转换为算法库的密钥对象,该对象可用于后续的加解密等操作。 33 34- 以使用callback方式生成RSA密钥对为例: 35 ```ts 36 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 37 38 function convertAsyKey() { 39 let rsaGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024'); 40 let pkVal = new Uint8Array([48, 129, 159, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 129, 141, 0, 48, 129, 137, 2, 129, 129, 0, 174, 203, 113, 83, 113, 3, 143, 213, 194, 79, 91, 9, 51, 142, 87, 45, 97, 65, 136, 24, 166, 35, 5, 179, 42, 47, 212, 79, 111, 74, 134, 120, 73, 67, 21, 19, 235, 80, 46, 152, 209, 133, 232, 87, 192, 140, 18, 206, 27, 106, 106, 169, 106, 46, 135, 111, 118, 32, 129, 27, 89, 255, 183, 116, 247, 38, 12, 7, 238, 77, 151, 167, 6, 102, 153, 126, 66, 28, 253, 253, 216, 64, 20, 138, 117, 72, 15, 216, 178, 37, 208, 179, 63, 204, 39, 94, 244, 170, 48, 190, 21, 11, 73, 169, 156, 104, 193, 3, 17, 100, 28, 60, 50, 92, 235, 218, 57, 73, 119, 19, 101, 164, 192, 161, 197, 106, 105, 73, 2, 3, 1, 0, 1]); 41 let pkBlob: cryptoFramework.DataBlob = { data: pkVal }; 42 rsaGenerator.convertKey(pkBlob, null, (err, keyPair) => { 43 if (err) { 44 console.error(`convertKey failed, ${err.code}, ${err.message}`); 45 return; 46 } 47 console.info('convertKey success'); 48 }); 49 } 50 ``` 51 52- 同步返回结果(调用方法[convertKeySync](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#convertkeysync12)): 53 ```ts 54 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 55 56 function convertAsyKeySync() { 57 let rsaGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024'); 58 let pkVal = new Uint8Array([48, 129, 159, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 129, 141, 0, 48, 129, 137, 2, 129, 129, 0, 174, 203, 113, 83, 113, 3, 143, 213, 194, 79, 91, 9, 51, 142, 87, 45, 97, 65, 136, 24, 166, 35, 5, 179, 42, 47, 212, 79, 111, 74, 134, 120, 73, 67, 21, 19, 235, 80, 46, 152, 209, 133, 232, 87, 192, 140, 18, 206, 27, 106, 106, 169, 106, 46, 135, 111, 118, 32, 129, 27, 89, 255, 183, 116, 247, 38, 12, 7, 238, 77, 151, 167, 6, 102, 153, 126, 66, 28, 253, 253, 216, 64, 20, 138, 117, 72, 15, 216, 178, 37, 208, 179, 63, 204, 39, 94, 244, 170, 48, 190, 21, 11, 73, 169, 156, 104, 193, 3, 17, 100, 28, 60, 50, 92, 235, 218, 57, 73, 119, 19, 101, 164, 192, 161, 197, 106, 105, 73, 2, 3, 1, 0, 1]); 59 let pkBlob: cryptoFramework.DataBlob = { data: pkVal }; 60 try { 61 let keyPair = rsaGenerator.convertKeySync(pkBlob, null); 62 if (keyPair !== null) { 63 console.info('convertKeySync success'); 64 } 65 } catch (e) { 66 console.error(`get key pair failed, ${e.code}, ${e.message}`); 67 } 68 } 69 ``` 70 71## 指定二进制数据转换ECC密钥对 72 73查看[非对称密钥生成和转换规格:ECC](crypto-asym-key-generation-conversion-spec.md#ecc)。 74 751. 获取ECC公钥或私钥二进制数据,封装成DataBlob对象。 76 77 公钥和私钥可只传入其中一个,此处示例以传入公钥、私钥为例。 78 792. 调用[cryptoFramework.createAsyKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateasykeygenerator),指定字符串参数'ECC256',创建密钥算法为ECC、密钥长度为256位的非对称密钥生成器(AsyKeyGenerator)。 80 813. 调用[AsyKeyGenerator.convertKey](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#convertkey-3),传入公钥二进制和私钥二进制,生成非对称密钥对象(KeyPair)。 82 83- 使用callback方式生成ECC密钥对: 84 ```ts 85 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 86 87 function convertEccAsyKey() { 88 let pubKeyArray = new Uint8Array([48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 134, 72, 206, 61, 3, 1, 7, 3, 66, 0, 4, 83, 96, 142, 9, 86, 214, 126, 106, 247, 233, 92, 125, 4, 128, 138, 105, 246, 162, 215, 71, 81, 58, 202, 121, 26, 105, 211, 55, 130, 45, 236, 143, 55, 16, 248, 75, 167, 160, 167, 106, 2, 152, 243, 44, 68, 66, 0, 167, 99, 92, 235, 215, 159, 239, 28, 106, 124, 171, 34, 145, 124, 174, 57, 92]); 89 let priKeyArray = new Uint8Array([48, 49, 2, 1, 1, 4, 32, 115, 56, 137, 35, 207, 0, 60, 191, 90, 61, 136, 105, 210, 16, 27, 4, 171, 57, 10, 61, 123, 40, 189, 28, 34, 207, 236, 22, 45, 223, 10, 189, 160, 10, 6, 8, 42, 134, 72, 206, 61, 3, 1, 7]); 90 let pubKeyBlob: cryptoFramework.DataBlob = { data: pubKeyArray }; 91 let priKeyBlob: cryptoFramework.DataBlob = { data: priKeyArray }; 92 let generator = cryptoFramework.createAsyKeyGenerator('ECC256'); 93 generator.convertKey(pubKeyBlob, priKeyBlob, (error, data) => { 94 if (error) { 95 console.error(`convertKey failed, ${error.code}, ${error.message}`); 96 return; 97 } 98 console.info('convertKey success'); 99 }); 100 } 101 ``` 102 103- 同步返回结果(调用[convertKeySync](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#convertkeysync12)): 104 ```ts 105 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 106 107 function convertECCAsyKeySync() { 108 let pubKeyArray = new Uint8Array([48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 134, 72, 206, 61, 3, 1, 7, 3, 66, 0, 4, 83, 96, 142, 9, 86, 214, 126, 106, 247, 233, 92, 125, 4, 128, 138, 105, 246, 162, 215, 71, 81, 58, 202, 121, 26, 105, 211, 55, 130, 45, 236, 143, 55, 16, 248, 75, 167, 160, 167, 106, 2, 152, 243, 44, 68, 66, 0, 167, 99, 92, 235, 215, 159, 239, 28, 106, 124, 171, 34, 145, 124, 174, 57, 92]); 109 let priKeyArray = new Uint8Array([48, 49, 2, 1, 1, 4, 32, 115, 56, 137, 35, 207, 0, 60, 191, 90, 61, 136, 105, 210, 16, 27, 4, 171, 57, 10, 61, 123, 40, 189, 28, 34, 207, 236, 22, 45, 223, 10, 189, 160, 10, 6, 8, 42, 134, 72, 206, 61, 3, 1, 7]); 110 let pubKeyBlob: cryptoFramework.DataBlob = { data: pubKeyArray }; 111 let priKeyBlob: cryptoFramework.DataBlob = { data: priKeyArray }; 112 let generator = cryptoFramework.createAsyKeyGenerator('ECC256'); 113 try { 114 let keyPair = generator.convertKeySync(pubKeyBlob, priKeyBlob); 115 if (keyPair !== null) { 116 console.info('convertKeySync success'); 117 } 118 } catch (e) { 119 console.error(`get key pair failed, ${e.code}, ${e.message}`); 120 } 121 } 122 ``` 123 124## 指定PKCS8二进制数据转换ECC私钥 125 126查看[非对称密钥生成和转换规格:ECC](crypto-asym-key-generation-conversion-spec.md#ecc)。 127 128获取ECC公钥或私钥二进制数据,封装成DataBlob对象再转为ECC密钥格式。示例如下: 129 1301. 调用[cryptoFramework.createAsyKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateasykeygenerator),指定字符串参数'ECC256',创建密钥算法为ECC、密钥长度为256位的非对称密钥生成器(AsyKeyGenerator)。 131 1322. 调用[PubKey.getEncoded](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#getencoded)获取公钥数据字节流,调用[PriKey.getEncodeDer](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#getencodedder12-1) 并设置参数为'PKCS8',获取私钥数据的字节流。由此分别获取密钥对象的二进制数据。 133 1343. 调用[AsyKeyGenerator.convertKey](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#convertkey-3),将生成的二进制密钥数据转为非对称密钥对象(KeyPair)。 135 136 ```ts 137 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 138 139 async function main() { 140 // 创建一个AsyKeyGenerator实例。 141 let eccGenerator = cryptoFramework.createAsyKeyGenerator('ECC256'); 142 // 使用密钥生成器随机生成非对称密钥对。 143 let keyGenPromise = eccGenerator.generateKeyPair(); 144 keyGenPromise.then(keyPair => { 145 let pubKey = keyPair.pubKey; 146 let priKey = keyPair.priKey; 147 // 获取非对称密钥对ECC的二进制数据。 148 let pubBlob = pubKey.getEncoded(); 149 let skBlob = priKey.getEncodedDer('PKCS8'); 150 let generator = cryptoFramework.createAsyKeyGenerator('ECC256'); 151 generator.convertKey(pubBlob, skBlob, (error, data) => { 152 if (error) { 153 console.error(`convertKey failed, ${error.code}, ${error.message}`); 154 return; 155 } 156 console.info('convertKey success'); 157 }); 158 }); 159 } 160 ``` 161 162## 指定二进制数据转换SM2密钥对 163 164查看[非对称密钥生成和转换规格:SM2](crypto-asym-key-generation-conversion-spec.md#sm2)。 165 1661. 获取SM2公钥或私钥的二进制数据,封装成DataBlob对象。 167 168 公钥和私钥可只传入其中一个,示例以传入公钥、私钥为例。 169 1702. 调用[cryptoFramework.createAsyKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateasykeygenerator),指定字符串参数'SM2_256',创建密钥算法为SM2、密钥长度为256位的非对称密钥生成器(AsyKeyGenerator)。 171 1723. 调用[AsyKeyGenerator.convertKey](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#convertkey-3),传入公钥和私钥的二进制数据,生成非对称密钥对象(KeyPair)。 173 174- 以使用callback方式生成SM2密钥对为例: 175 ```ts 176 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 177 178 function convertSM2AsyKey() { 179 let pubKeyArray = new Uint8Array([48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 129, 28, 207, 85, 1, 130, 45, 3, 66, 0, 4, 90, 3, 58, 157, 190, 248, 76, 7, 132, 200, 151, 208, 112, 230, 96, 140, 90, 238, 211, 155, 128, 109, 248, 40, 83, 214, 78, 42, 104, 106, 55, 148, 249, 35, 61, 32, 221, 135, 143, 100, 45, 97, 194, 176, 52, 73, 136, 174, 40, 70, 70, 34, 103, 103, 161, 99, 27, 187, 13, 187, 109, 244, 13, 7]); 180 let priKeyArray = new Uint8Array([48, 49, 2, 1, 1, 4, 32, 54, 41, 239, 240, 63, 188, 134, 113, 31, 102, 149, 203, 245, 89, 15, 15, 47, 202, 170, 60, 38, 154, 28, 169, 189, 100, 251, 76, 112, 223, 156, 159, 160, 10, 6, 8, 42, 129, 28, 207, 85, 1, 130, 45]); 181 let pubKeyBlob: cryptoFramework.DataBlob = { data: pubKeyArray }; 182 let priKeyBlob: cryptoFramework.DataBlob = { data: priKeyArray }; 183 let generator = cryptoFramework.createAsyKeyGenerator('SM2_256'); 184 generator.convertKey(pubKeyBlob, priKeyBlob, (error, data) => { 185 if (error) { 186 console.error(`convertKey failed, ${error.code}, ${error.message}`); 187 return; 188 } 189 console.info('convertKey success'); 190 }); 191 } 192 ``` 193 194- 同步返回结果(调用方法[convertKeySync](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#convertkeysync12)): 195 ```ts 196 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 197 198 function convertSM2AsyKeySync() { 199 let pubKeyArray = new Uint8Array([48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 129, 28, 207, 85, 1, 130, 45, 3, 66, 0, 4, 90, 3, 58, 157, 190, 248, 76, 7, 132, 200, 151, 208, 112, 230, 96, 140, 90, 238, 211, 155, 128, 109, 248, 40, 83, 214, 78, 42, 104, 106, 55, 148, 249, 35, 61, 32, 221, 135, 143, 100, 45, 97, 194, 176, 52, 73, 136, 174, 40, 70, 70, 34, 103, 103, 161, 99, 27, 187, 13, 187, 109, 244, 13, 7]); 200 let priKeyArray = new Uint8Array([48, 49, 2, 1, 1, 4, 32, 54, 41, 239, 240, 63, 188, 134, 113, 31, 102, 149, 203, 245, 89, 15, 15, 47, 202, 170, 60, 38, 154, 28, 169, 189, 100, 251, 76, 112, 223, 156, 159, 160, 10, 6, 8, 42, 129, 28, 207, 85, 1, 130, 45]); 201 let pubKeyBlob: cryptoFramework.DataBlob = { data: pubKeyArray }; 202 let priKeyBlob: cryptoFramework.DataBlob = { data: priKeyArray }; 203 let generator = cryptoFramework.createAsyKeyGenerator('SM2_256'); 204 try { 205 let keyPair = generator.convertKeySync(pubKeyBlob, priKeyBlob); 206 if (keyPair !== null) { 207 console.info('convertKeySync success'); 208 } 209 } catch (e) { 210 console.error(`get key pair failed, ${e.code}, ${e.message}`); 211 } 212 } 213 ``` 214