1# 使用SCRYPT进行密钥派生(ArkTS) 2 3<!--Kit: Crypto Architecture Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @zxz--3--> 6<!--Designer: @lanming--> 7<!--Tester: @PAFT--> 8<!--Adviser: @zengyawen--> 9 10对应的算法规格请查看[密钥派生算法规格:SCRYPT](crypto-key-derivation-overview.md#scrypt算法)。 11 12## 开发步骤 13 141. 构造[ScryptSpec](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#scryptspec18)对象,作为密钥派生参数进行密钥派生。 15 16 ScryptSpec是[KdfSpec](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#kdfspec11)的子类,需要指定: 17 18 - algName:指定算法名为'SCRYPT'。 19 - passphrase:用于生成派生密钥的原始密码。 20 如果使用string类型,需要直接传入用于密钥派生的数据,而不是HexString、base64等字符串类型。同时需要确保该字符串为utf-8编码,否则派生结果会有差异。 21 - salt:盐值。 22 - n:迭代次数,需要为正整数。 23 - p:并行化参数,需要为正整数。 24 - r:块大小参数,需要为正整数。 25 - maxMemory:最大内存限制参数,需要为正整数。 26 - keySize:目标密钥的字节长度,需要为正整数。 27 282. 调用[cryptoFramework.createKdf](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatekdf11),指定字符串参数'SCRYPT',创建密钥派生算法为SCRYPT的密钥派生函数对象(Kdf)。 29 303. 输入SCRYPT对象,调用[Kdf.generateSecret](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatesecret11)进行密钥派生。 31 32 Kdf.generateSecret的多种调用形式如表所示。 33 34 | 接口名 | 返回方式 | 35 | -------- | -------- | 36 | generateSecret(params: KdfSpec, callback: AsyncCallback<DataBlob>): void | callback异步生成。 | 37 | generateSecret(params: KdfSpec): Promise<DataBlob> | Promise异步生成。 | 38 | generateSecretSync(params: KdfSpec): DataBlob | 同步生成。 | 39 40- 通过await返回结果: 41 42 ```ts 43 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 44 import { BusinessError } from '@kit.BasicServicesKit'; 45 46 async function ScryptAwait() { 47 try { 48 let spec: cryptoFramework.ScryptSpec = { 49 algName: 'SCRYPT', 50 salt: new Uint8Array(16), 51 passphrase: "password", 52 n:1024, 53 p:16, 54 r:8, 55 maxMemory:1024 * 16 * 8 * 10, //n * p * r * 10 56 keySize: 64 57 }; 58 let kdf = cryptoFramework.createKdf('SCRYPT'); 59 let secret = await kdf.generateSecret(spec); 60 console.info("key derivation output is " + secret.data); 61 } catch(error) { 62 let e: BusinessError = error as BusinessError; 63 console.error('key derivation failed, errCode: ' + e.code + ', errMsg: ' + e.message); 64 } 65 } 66 ``` 67 68- 通过Promise返回结果: 69 70 ```ts 71 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 72 import { BusinessError } from '@kit.BasicServicesKit'; 73 74 function ScryptPromise() { 75 let spec: cryptoFramework.ScryptSpec = { 76 algName: 'SCRYPT', 77 passphrase: '123456', 78 salt: new Uint8Array(16), 79 n:1024, 80 p:16, 81 r:8, 82 maxMemory:1024 * 16 * 8 * 10, //n * p * r * 10 83 keySize: 64 84 }; 85 let kdf = cryptoFramework.createKdf('SCRYPT'); 86 let kdfPromise = kdf.generateSecret(spec); 87 kdfPromise.then((secret) => { 88 console.info("key derivation output is " + secret.data); 89 }).catch((error: BusinessError) => { 90 console.error("key derivation error."); 91 }); 92 } 93 ``` 94 95- 通过同步方式返回结果: 96 97 ```ts 98 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 99 import { BusinessError } from '@kit.BasicServicesKit'; 100 101 function kdfSync() { 102 try { 103 let spec: cryptoFramework.ScryptSpec = { 104 algName: 'SCRYPT', 105 passphrase: '123456', 106 salt: new Uint8Array(16), 107 n:1024, 108 p:16, 109 r:8, 110 maxMemory:1024 * 16 * 8 * 10, //n * p * r * 10 111 keySize: 64 112 }; 113 let kdf = cryptoFramework.createKdf('SCRYPT'); 114 let secret = kdf.generateSecretSync(spec); 115 console.info("[Sync]key derivation output is " + secret.data); 116 } catch(error) { 117 let e: BusinessError = error as BusinessError; 118 console.error('key derivation failed, errCode: ' + e.code + ', errMsg: ' + e.message); 119 } 120 } 121 ``` 122