1# 使用RSA非对称密钥分段加解密(ArkTS) 2 3<!--Kit: Crypto Architecture Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @zxz--3--> 6<!--Designer: @lanming--> 7<!--Tester: @PAFT--> 8<!--Adviser: @zengyawen--> 9 10对应的算法规格请查看[非对称密钥加解密算法规格:RSA](crypto-asym-encrypt-decrypt-spec.md#rsa)。 11 12**加密** 13 141. 调用[cryptoFramework.createAsyKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateasykeygenerator)、[AsyKeyGenerator.generateKeyPair](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatekeypair-1),生成RSA密钥类型为RSA1024、素数个数为2(不填默认)的非对称密钥对(KeyPair)。KeyPair对象中包括公钥PubKey、私钥PriKey。 15 16 如何生成RSA非对称密钥对,开发者可参考下文示例,并结合[非对称密钥生成和转换规格:RSA](crypto-asym-key-generation-conversion-spec.md#rsa)和[随机生成非对称密钥对](crypto-generate-asym-key-pair-randomly.md)理解,参考文档与当前示例可能存在入参差异,请在阅读时注意区分。 17 182. 调用[cryptoFramework.createCipher](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatecipher),指定字符串参数'RSA1024|PKCS1',创建非对称密钥类型为RSA1024、填充模式为PKCS1的Cipher实例,用于完成加解密操作。 19 203. 调用[Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1),设置模式为加密(CryptoMode.ENCRYPT_MODE),指定加密密钥(KeyPair.PubKey),初始化加密Cipher实例。 21 224. 多次调用[Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1),传入明文,获取加密后的数据。 23 24 doFinal输出结果可能为null,在访问具体数据前,需要先判断结果是否为null,避免产生异常。 25 26 此处将明文按64个字节一组拆分,多次加密。使用1024位密钥,每次将生成128字节密文。 27 > **说明:** 28 > 非对称密钥的分段加解密是指当明文大于单次加解密支持的数据长度时,需要将待加解密数据分为合适长度的数据段,并对每个数据段执行加解密操作。详细介绍可见[非对称分段加解密介绍](crypto-encrypt-decrypt-by-segment.md#非对称加解密)。 29 30**解密** 31 321. 由于RSA算法的Cipher实例不支持重复init操作,需要调用[cryptoFramework.createCipher](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatecipher),重新生成Cipher实例。 33 342. 调用[Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1),设置模式为解密(CryptoMode.DECRYPT_MODE),指定解密密钥(KeyPair.PriKey)初始化解密Cipher实例。PKCS1模式无加密参数,直接传入null。 35 363. 多次调用[Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1),传入密文,获取解密后的数据。 37 38- 异步方法示例: 39 40 ```ts 41 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 42 import { buffer } from '@kit.ArkTS'; 43 // 分段加密消息。 44 async function rsaEncryptBySegment(pubKey: cryptoFramework.PubKey, plainText: cryptoFramework.DataBlob) { 45 let cipher = cryptoFramework.createCipher('RSA1024|PKCS1'); 46 await cipher.init(cryptoFramework.CryptoMode.ENCRYPT_MODE, pubKey, null); 47 let plainTextSplitLen = 64; 48 let cipherText = new Uint8Array(); 49 for (let i = 0; i < plainText.data.length; i += plainTextSplitLen ) { 50 let updateMessage = plainText.data.subarray(i, i + plainTextSplitLen ); 51 let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage }; 52 // 将原文按64字符进行拆分,循环调用doFinal进行加密,使用1024bit密钥时,每次加密生成128字节长度的密文。 53 let updateOutput = await cipher.doFinal(updateMessageBlob); 54 let mergeText = new Uint8Array(cipherText.length + updateOutput.data.length); 55 mergeText.set(cipherText); 56 mergeText.set(updateOutput.data, cipherText.length); 57 cipherText = mergeText; 58 } 59 let cipherBlob: cryptoFramework.DataBlob = { data: cipherText }; 60 return cipherBlob; 61 } 62 // 分段解密消息。 63 async function rsaDecryptBySegment(priKey: cryptoFramework.PriKey, cipherText: cryptoFramework.DataBlob) { 64 let decoder = cryptoFramework.createCipher('RSA1024|PKCS1'); 65 await decoder.init(cryptoFramework.CryptoMode.DECRYPT_MODE, priKey, null); 66 let cipherTextSplitLen = 128; // RSA密钥每次加密生成的密文字节长度计算方式:密钥位数/8。 67 let decryptText = new Uint8Array(); 68 for (let i = 0; i < cipherText.data.length; i += cipherTextSplitLen) { 69 let updateMessage = cipherText.data.subarray(i, i + cipherTextSplitLen); 70 let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage }; 71 // 将密文按128字节进行拆分解密,得到原文后进行拼接。 72 let updateOutput = await decoder.doFinal(updateMessageBlob); 73 let mergeText = new Uint8Array(decryptText.length + updateOutput.data.length); 74 mergeText.set(decryptText); 75 mergeText.set(updateOutput.data, decryptText.length); 76 decryptText = mergeText; 77 } 78 let decryptBlob: cryptoFramework.DataBlob = { data: decryptText }; 79 return decryptBlob; 80 } 81 async function rsaEncryptLongMessage() { 82 let message = "This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 83 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 84 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 85 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 86 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 87 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 88 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 89 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!"; 90 let asyKeyGenerator = cryptoFramework.createAsyKeyGenerator("RSA1024"); // 创建非对称密钥生成器对象。 91 let keyPair = await asyKeyGenerator.generateKeyPair(); // 随机生成RSA密钥。 92 let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) }; 93 let encryptText = await rsaEncryptBySegment(keyPair.pubKey, plainText); 94 let decryptText = await rsaDecryptBySegment(keyPair.priKey, encryptText); 95 if (plainText.data.toString() === decryptText.data.toString()) { 96 console.info('decrypt ok'); 97 console.info('decrypt plainText: ' + buffer.from(decryptText.data).toString('utf-8')); 98 } else { 99 console.error('decrypt failed'); 100 } 101 } 102 ``` 103 104- 同步方法示例: 105 106 ```ts 107 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 108 import { buffer } from '@kit.ArkTS'; 109 // 分段加密消息。 110 function rsaEncryptBySegment(pubKey: cryptoFramework.PubKey, plainText: cryptoFramework.DataBlob) { 111 let cipher = cryptoFramework.createCipher('RSA1024|PKCS1'); 112 cipher.initSync(cryptoFramework.CryptoMode.ENCRYPT_MODE, pubKey, null); 113 let plainTextSplitLen = 64; 114 let cipherText = new Uint8Array(); 115 for (let i = 0; i < plainText.data.length; i += plainTextSplitLen ) { 116 let updateMessage = plainText.data.subarray(i, i + plainTextSplitLen ); 117 let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage }; 118 // 将原文按64字符进行拆分,循环调用doFinal进行加密,使用1024bit密钥时,每次加密生成128字节长度的密文。 119 let updateOutput = cipher.doFinalSync(updateMessageBlob); 120 let mergeText = new Uint8Array(cipherText.length + updateOutput.data.length); 121 mergeText.set(cipherText); 122 mergeText.set(updateOutput.data, cipherText.length); 123 cipherText = mergeText; 124 } 125 let cipherBlob: cryptoFramework.DataBlob = { data: cipherText }; 126 return cipherBlob; 127 } 128 // 分段解密消息。 129 function rsaDecryptBySegment(priKey: cryptoFramework.PriKey, cipherText: cryptoFramework.DataBlob) { 130 let decoder = cryptoFramework.createCipher('RSA1024|PKCS1'); 131 decoder.initSync(cryptoFramework.CryptoMode.DECRYPT_MODE, priKey, null); 132 let cipherTextSplitLen = 128; // RSA密钥每次加密生成的密文字节长度计算方式:密钥位数/8。 133 let decryptText = new Uint8Array(); 134 for (let i = 0; i < cipherText.data.length; i += cipherTextSplitLen) { 135 let updateMessage = cipherText.data.subarray(i, i + cipherTextSplitLen); 136 let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage }; 137 // 将密文按128字节进行拆分解密,得到原文后进行拼接。 138 let updateOutput = decoder.doFinalSync(updateMessageBlob); 139 let mergeText = new Uint8Array(decryptText.length + updateOutput.data.length); 140 mergeText.set(decryptText); 141 mergeText.set(updateOutput.data, decryptText.length); 142 decryptText = mergeText; 143 } 144 let decryptBlob: cryptoFramework.DataBlob = { data: decryptText }; 145 return decryptBlob; 146 } 147 function main() { 148 let message = "This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 149 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 150 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 151 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 152 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 153 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 154 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!" + 155 "This is a long plainTest! This is a long plainTest! This is a long plainTest! This is a long plainTest!"; 156 let asyKeyGenerator = cryptoFramework.createAsyKeyGenerator("RSA1024"); // 创建非对称密钥生成器对象。 157 let keyPair = asyKeyGenerator.generateKeyPairSync(); // 随机生成RSA密钥。 158 let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) }; 159 let encryptText = rsaEncryptBySegment(keyPair.pubKey, plainText); 160 let decryptText = rsaDecryptBySegment(keyPair.priKey, encryptText); 161 if (plainText.data.toString() === decryptText.data.toString()) { 162 console.info('decrypt ok'); 163 console.info('decrypt plainText: ' + buffer.from(decryptText.data).toString('utf-8')); 164 } else { 165 console.error('decrypt failed'); 166 } 167 } 168 ```