1# 使用RSA密钥对分段签名验签(PKCS1模式)(ArkTS) 2 3<!--Kit: Crypto Architecture Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @zxz--3--> 6<!--Designer: @lanming--> 7<!--Tester: @PAFT--> 8<!--Adviser: @zengyawen--> 9 10对应的算法规格请查看[签名验签算法规格:RSA](crypto-sign-sig-verify-overview.md#rsa)。 11 12**签名** 13 141. 调用[cryptoFramework.createAsyKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateasykeygenerator)、[AsyKeyGenerator.generateKeyPair](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatekeypair-1),生成密钥算法为RSA、密钥长度为1024位、素数个数为2的非对称密钥对象(KeyPair),包括公钥(PubKey)和私钥(PriKey)。 15 16 如何生成RSA非对称密钥,开发者可参考下文示例,并结合[非对称密钥生成和转换规格:RSA](crypto-asym-key-generation-conversion-spec.md#rsa)和[随机生成非对称密钥对](crypto-generate-asym-key-pair-randomly.md)理解,参考文档与当前示例可能存在入参差异,请在阅读时注意区分。 17 182. 调用[cryptoFramework.createSign](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatesign),指定字符串参数'RSA1024|PKCS1|SHA256',创建非对称密钥类型为RSA1024、填充模式为PKCS1、摘要算法为SHA256的Sign实例,用于完成签名操作。 19 203. 调用[Sign.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-3),使用私钥(PriKey)初始化Sign实例。 21 224. 将一次传入数据量设置为64字节,多次调用[Sign.update](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#update-3),传入待签名的数据。当前单次update长度没有限制,开发者可以根据数据量判断如何调用update。 23 245. 调用[Sign.sign](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#sign-1),生成数据签名。 25 26**验签** 27 281. 调用[cryptoFramework.createVerify](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateverify),指定字符串参数'RSA1024|PKCS1|SHA256',与签名的Sign实例保持一致。创建Verify实例,用于完成验签操作。 29 302. 调用[Verify.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-5),使用公钥(PubKey)初始化Verify实例。 31 323. 调用[Verify.update](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#update-5),传入待验证的数据。当前单次update长度没有限制,开发者可以根据数据量判断如何调用update。 33 344. 调用[Verify.verify](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#verify-1),对数据进行验签。 35 36- 异步方法示例: 37 38 ```ts 39 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 40 import { buffer } from '@kit.ArkTS'; 41 42 async function signMessageBySegment(priKey: cryptoFramework.PriKey, plainText: Uint8Array) { 43 let signAlg = "RSA1024|PKCS1|SHA256"; 44 let signer = cryptoFramework.createSign(signAlg); 45 await signer.init(priKey); 46 let textSplitLen = 64; // 自定义的数据拆分长度,此处取64。 47 for (let i = 0; i < plainText.length; i += textSplitLen) { 48 let updateMessage = plainText.subarray(i, i + textSplitLen); 49 let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage }; 50 // 分段update。 51 await signer.update(updateMessageBlob); 52 } 53 // 已通过分段传入所有明文,故此处sign传入null。 54 let signData = await signer.sign(null); 55 return signData; 56 } 57 async function verifyMessageBySegment(pubKey: cryptoFramework.PubKey, plainText: Uint8Array, signMessageBlob: cryptoFramework.DataBlob) { 58 let verifyAlg = "RSA1024|PKCS1|SHA256"; 59 let verifier = cryptoFramework.createVerify(verifyAlg); 60 await verifier.init(pubKey); 61 let textSplitLen = 64; // 自定义的数据拆分长度,此处取64。 62 for (let i = 0; i < plainText.length; i += textSplitLen) { 63 let updateMessage = plainText.subarray(i, i + textSplitLen); 64 let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage }; 65 // 分段update。 66 await verifier.update(updateMessageBlob); 67 } 68 // 已通过分段传入所有明文,故此处verify第一个参数传入null。 69 let res = await verifier.verify(null, signMessageBlob); 70 console.info("verify result is " + res); 71 return res; 72 } 73 async function rsaSignatureBySegment() { 74 let message = "This is a long plainText! This is a long plainText! This is a long plainText!" + 75 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 76 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 77 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 78 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 79 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 80 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 81 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!"; 82 let keyGenAlg = "RSA1024"; 83 let generator = cryptoFramework.createAsyKeyGenerator(keyGenAlg); 84 let keyPair = await generator.generateKeyPair(); 85 let messageData = new Uint8Array(buffer.from(message, 'utf-8').buffer); 86 let signData = await signMessageBySegment(keyPair.priKey, messageData); 87 let verifyResult = await verifyMessageBySegment(keyPair.pubKey, messageData, signData); 88 if (verifyResult === true) { 89 console.info('verify success'); 90 } else { 91 console.error('verify failed'); 92 } 93 } 94 ``` 95 96- 同步方法示例: 97 98 ```ts 99 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 100 import { buffer } from '@kit.ArkTS'; 101 102 function signMessageBySegment(priKey: cryptoFramework.PriKey, plainText: Uint8Array) { 103 let signAlg = "RSA1024|PKCS1|SHA256"; 104 let signer = cryptoFramework.createSign(signAlg); 105 signer.initSync(priKey); 106 let textSplitLen = 64; // 自定义的数据拆分长度,此处取64。 107 for (let i = 0; i < plainText.length; i += textSplitLen) { 108 let updateMessage = plainText.subarray(i, i + textSplitLen); 109 let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage }; 110 // 分段update。 111 signer.updateSync(updateMessageBlob); 112 } 113 // 已通过分段传入所有明文,故此处sign传入null。 114 let signData = signer.signSync(null); 115 return signData; 116 } 117 function verifyMessageBySegment(pubKey: cryptoFramework.PubKey, plainText: Uint8Array, signMessageBlob: cryptoFramework.DataBlob) { 118 let verifyAlg = "RSA1024|PKCS1|SHA256"; 119 let verifier = cryptoFramework.createVerify(verifyAlg); 120 verifier.initSync(pubKey); 121 let textSplitLen = 64; // 自定义的数据拆分长度,此处取64。 122 for (let i = 0; i < plainText.length; i += textSplitLen) { 123 let updateMessage = plainText.subarray(i, i + textSplitLen); 124 let updateMessageBlob: cryptoFramework.DataBlob = { data: updateMessage }; 125 // 分段update。 126 verifier.updateSync(updateMessageBlob); 127 } 128 // 已通过分段传入所有明文,故此处verify第一个参数传入null。 129 let res = verifier.verifySync(null, signMessageBlob); 130 console.info("verify result is " + res); 131 return res; 132 } 133 function rsaSignatureBySegment() { 134 let message = "This is a long plainText! This is a long plainText! This is a long plainText!" + 135 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 136 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 137 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 138 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 139 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 140 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!" + 141 "This is a long plainText! This is a long plainText! This is a long plainText! This is a long plainText!"; 142 let keyGenAlg = "RSA1024"; 143 let generator = cryptoFramework.createAsyKeyGenerator(keyGenAlg); 144 let keyPair = generator.generateKeyPairSync(); 145 let messageData = new Uint8Array(buffer.from(message, 'utf-8').buffer); 146 let signData = signMessageBySegment(keyPair.priKey, messageData); 147 let verifyResult = verifyMessageBySegment(keyPair.pubKey, messageData, signData); 148 if (verifyResult === true) { 149 console.info('verify success'); 150 } else { 151 console.error('verify failed'); 152 } 153 } 154 ``` 155