• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# 使用SM2密钥对签名验签(ArkTS)
2
3<!--Kit: Crypto Architecture Kit-->
4<!--Subsystem: Security-->
5<!--Owner: @zxz--3-->
6<!--Designer: @lanming-->
7<!--Tester: @PAFT-->
8<!--Adviser: @zengyawen-->
9
10对应的算法规格请查看[签名验签算法规格:SM2](crypto-sign-sig-verify-overview.md#sm2)。
11
12**签名**
13
141. 调用[cryptoFramework.createAsyKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateasykeygenerator)、[AsyKeyGenerator.generateKeyPair](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatekeypair-1),生成非对称密钥算法为SM2、密钥长度为256的密钥对(KeyPair)。
15
16   如何生成SM2非对称密钥,开发者可参考下文示例,并结合[非对称密钥生成和转换规格:SM2](crypto-asym-key-generation-conversion-spec.md#sm2)和[随机生成非对称密钥对](crypto-generate-asym-key-pair-randomly.md)理解,参考文档与当前示例可能存在入参差异,请在阅读时注意区分。
17
182. 调用[cryptoFramework.createSign](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatesign),指定字符串参数'SM2_256|SM3',创建非对称密钥类型为SM2_256、摘要算法为SM3的Sign实例,用于完成签名操作。
19
203. 调用[Sign.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-3),使用私钥(PriKey)初始化Sign实例。
21
224. 调用[Sign.update](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#update-3),传入待签名的数据。当前单次update长度没有限制,开发者可以根据数据量判断如何调用update。
23
245. 调用[Sign.sign](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#sign-1),生成数据签名。
25
26**验签**
27
281. 调用[cryptoFramework.createVerify](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateverify),指定字符串参数'SM2_256|SM3',创建非对称密钥类型为SM2_256、摘要算法为SM3的Verify实例,用于完成验签操作。
29
302. 调用[Verify.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-5),使用公钥(PubKey)初始化Verify实例。
31
323. 调用[Verify.update](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#update-5),传入待验证的数据。当前单次update长度没有限制,开发者可以根据数据量判断如何调用update。
33
344. 调用[Verify.verify](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#verify-1),对数据进行验签。
35
36- 异步方法示例:
37
38  ```ts
39  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
40  import { buffer } from '@kit.ArkTS';
41  // 完整的明文被拆分为input1和input2。
42  let input1: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from("This is Sign test plan1", 'utf-8').buffer) };
43  let input2: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from("This is Sign test plan2", 'utf-8').buffer) };
44  async function signMessagePromise(priKey: cryptoFramework.PriKey) {
45    let signAlg = "SM2_256|SM3";
46    let signer = cryptoFramework.createSign(signAlg);
47    await signer.init(priKey);
48    await signer.update(input1); // 如果明文较短,可以直接调用sign接口一次性传入。
49    let signData = await signer.sign(input2);
50    return signData;
51  }
52  async function verifyMessagePromise(signMessageBlob: cryptoFramework.DataBlob, pubKey: cryptoFramework.PubKey) {
53    let verifyAlg = "SM2_256|SM3";
54    let verifier = cryptoFramework.createVerify(verifyAlg);
55    await verifier.init(pubKey);
56    await verifier.update(input1); // 如果明文较短,可以直接调用verify接口一次性传入。
57    let res = await verifier.verify(input2, signMessageBlob);
58    console.info("verify result is " + res);
59    return res;
60  }
61  async function main() {
62    let keyGenAlg = "SM2_256";
63    let generator = cryptoFramework.createAsyKeyGenerator(keyGenAlg);
64    let keyPair = await generator.generateKeyPair();
65    let signData = await signMessagePromise(keyPair.priKey);
66    let verifyResult = await verifyMessagePromise(signData, keyPair.pubKey);
67    if (verifyResult === true) {
68      console.info('verify success');
69    } else {
70      console.error('verify failed');
71    }
72  }
73  ```
74
75- 同步方法示例:
76
77  ```ts
78  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
79  import { buffer } from '@kit.ArkTS';
80  // 完整的明文被拆分为input1和input2。
81  let input1: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from("This is Sign test plan1", 'utf-8').buffer) };
82  let input2: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from("This is Sign test plan2", 'utf-8').buffer) };
83  function signMessagePromise(priKey: cryptoFramework.PriKey) {
84    let signAlg = "SM2_256|SM3";
85    let signer = cryptoFramework.createSign(signAlg);
86    signer.initSync(priKey);
87    signer.updateSync(input1); // 如果明文较短,可以直接调用sign接口一次性传入。
88    let signData = signer.signSync(input2);
89    return signData;
90  }
91  function verifyMessagePromise(signMessageBlob: cryptoFramework.DataBlob, pubKey: cryptoFramework.PubKey) {
92    let verifyAlg = "SM2_256|SM3";
93    let verifier = cryptoFramework.createVerify(verifyAlg);
94    verifier.initSync(pubKey);
95    verifier.updateSync(input1); // 如果明文较短,可以直接调用verify接口一次性传入。
96    let res = verifier.verifySync(input2, signMessageBlob);
97    console.info("verify result is " + res);
98    return res;
99  }
100  function main() {
101    let keyGenAlg = "SM2_256";
102    let generator = cryptoFramework.createAsyKeyGenerator(keyGenAlg);
103    let keyPair = generator.generateKeyPairSync();
104    let signData = signMessagePromise(keyPair.priKey);
105    let verifyResult = verifyMessagePromise(signData, keyPair.pubKey);
106    if (verifyResult === true) {
107      console.info('verify success');
108    } else {
109      console.error('verify failed');
110    }
111  }
112  ```
113