• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# 使用ECDH进行密钥协商(ArkTS)
2
3<!--Kit: Crypto Architecture Kit-->
4<!--Subsystem: Security-->
5<!--Owner: @zxz--3-->
6<!--Designer: @lanming-->
7<!--Tester: @PAFT-->
8<!--Adviser: @zengyawen-->
9
10对应的算法规格请查看[密钥协商算法规格:ECDH](crypto-key-agreement-overview.md#ecdh)。
11
12## 开发步骤
13
141. 调用[cryptoFramework.createAsyKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateasykeygenerator)、[AsyKeyGenerator.generateKeyPair](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatekeypair-1)、[AsyKeyGenerator.convertKey](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#convertkey-3)生成密钥算法为ECC、密钥长度为256位的非对称密钥(KeyPair)。
15
16   如何生成ECC非对称密钥,开发者可参考下文示例,并结合[非对称密钥生成和转换规格:ECC](crypto-asym-key-generation-conversion-spec.md#ecc)和[随机生成非对称密钥对](crypto-generate-asym-key-pair-randomly.md)理解。参考文档与当前示例可能存在入参差异,请在阅读时注意区分。
17
182. 调用[cryptoFramework.createKeyAgreement](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatekeyagreement),指定字符串参数'ECC256',创建密钥算法为ECC、密钥长度为256位的密钥协议生成器(KeyAgreement)。
19
203. 调用[KeyAgreement.generateSecret](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatesecret-1),基于传入的私钥(KeyPair.priKey)与公钥(KeyPair.pubKey)进行密钥协商,返回共享秘钥。
21
22- 以使用await方式,完成密钥协商为例:
23
24  ```ts
25  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
26
27  async function ecdhAwait() {
28    // 假设此公私钥对数据为外部传入。
29    let pubKeyArray = new Uint8Array([48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 134, 72, 206, 61, 3, 1, 7, 3, 66, 0, 4, 83, 96, 142, 9, 86, 214, 126, 106, 247, 233, 92, 125, 4, 128, 138, 105, 246, 162, 215, 71, 81, 58, 202, 121, 26, 105, 211, 55, 130, 45, 236, 143, 55, 16, 248, 75, 167, 160, 167, 106, 2, 152, 243, 44, 68, 66, 0, 167, 99, 92, 235, 215, 159, 239, 28, 106, 124, 171, 34, 145, 124, 174, 57, 92]);
30    let priKeyArray = new Uint8Array([48, 49, 2, 1, 1, 4, 32, 115, 56, 137, 35, 207, 0, 60, 191, 90, 61, 136, 105, 210, 16, 27, 4, 171, 57, 10, 61, 123, 40, 189, 28, 34, 207, 236, 22, 45, 223, 10, 189, 160, 10, 6, 8, 42, 134, 72, 206, 61, 3, 1, 7]);
31    let eccGen = cryptoFramework.createAsyKeyGenerator('ECC256');
32    // 外部传入的公私钥对A。
33    let keyPairA = await eccGen.convertKey({ data: pubKeyArray }, { data: priKeyArray });
34    // 内部生成的公私钥对B。
35    let keyPairB = await eccGen.generateKeyPair();
36    let eccKeyAgreement = cryptoFramework.createKeyAgreement('ECC256');
37    // 使用A的公钥和B的私钥进行密钥协商。
38    let secret1 = await eccKeyAgreement.generateSecret(keyPairB.priKey, keyPairA.pubKey);
39    // 使用A的私钥和B的公钥进行密钥协商。
40    let secret2 = await eccKeyAgreement.generateSecret(keyPairA.priKey, keyPairB.pubKey);
41    // 两种协商的结果应当一致。
42    if (secret1.data.toString() === secret2.data.toString()) {
43      console.info('ecdh success');
44      console.info('ecdh output is ' + secret1.data);
45    } else {
46      console.error('ecdh result is not equal');
47    }
48  }
49  ```
50
51- 同步方法示例:
52
53  ```ts
54  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
55
56  function ecdhSync() {
57    // 假设此公私钥对数据为外部传入。
58    let pubKeyArray = new Uint8Array([48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 134, 72, 206, 61, 3, 1, 7, 3, 66, 0, 4, 83, 96, 142, 9, 86, 214, 126, 106, 247, 233, 92, 125, 4, 128, 138, 105, 246, 162, 215, 71, 81, 58, 202, 121, 26, 105, 211, 55, 130, 45, 236, 143, 55, 16, 248, 75, 167, 160, 167, 106, 2, 152, 243, 44, 68, 66, 0, 167, 99, 92, 235, 215, 159, 239, 28, 106, 124, 171, 34, 145, 124, 174, 57, 92]);
59    let priKeyArray = new Uint8Array([48, 49, 2, 1, 1, 4, 32, 115, 56, 137, 35, 207, 0, 60, 191, 90, 61, 136, 105, 210, 16, 27, 4, 171, 57, 10, 61, 123, 40, 189, 28, 34, 207, 236, 22, 45, 223, 10, 189, 160, 10, 6, 8, 42, 134, 72, 206, 61, 3, 1, 7]);
60    let eccGen = cryptoFramework.createAsyKeyGenerator('ECC256');
61    // 外部传入的公私钥对A。
62    let keyPairA = eccGen.convertKeySync({ data: pubKeyArray }, { data: priKeyArray });
63    // 内部生成的公私钥对B。
64    let keyPairB = eccGen.generateKeyPairSync();
65    let eccKeyAgreement = cryptoFramework.createKeyAgreement('ECC256');
66    // 使用A的公钥和B的私钥进行密钥协商。
67    let secret1 = eccKeyAgreement.generateSecretSync(keyPairB.priKey, keyPairA.pubKey);
68    // 使用A的私钥和B的公钥进行密钥协商。
69    let secret2 = eccKeyAgreement.generateSecretSync(keyPairA.priKey, keyPairB.pubKey);
70    // 两种协商的结果应当一致。
71    if (secret1.data.toString() === secret2.data.toString()) {
72      console.info('ecdh success');
73      console.info('ecdh output is ' + secret1.data);
74    } else {
75      console.error('ecdh result is not equal');
76    }
77  }
78  ```
79