1# Crypto Framework Overview 2The Cryptographic (Crypto for shot) Framework shields the implementation differences of third-party cryptographic algorithm libraries and implements encryption and decryption, digital signature and signature verification, message authentication code (MAC) generation, hashes, and generation of secure random numbers. You can use the APIs provided by this framework to implement cipher development quickly. 3 4> **NOTE** 5> 6> The Crypto Framework provides cryptographic operations, but not key management. It can be used when temporary session keys are used only in the memory or the applications implement secure key storage. If the system is required to provide key management (such as key storage), use the [HUKS](huks-overview.md). 7 8## Working Principles 9 10The Crypto Framework provides components in the following layers: 11 12- Interface layer: provides unified JavaScript interfaces externally. 13- Plug-in layer: implements third-party algorithm libraries. 14- Framework layer: flexibly loads plug-ins at the plug-in layer to adapt to third-party algorithm libraries and shield differences between these libraries. 15## Basic Concepts 16 17### Symmetric Key 18 19A symmetric key is a key used both to encrypt and decrypt data. In symmetric encryption, the sender converts information in plaintext into ciphertext using a key and certain algorithm for security purposes. The receiver converts the ciphertext into plaintext using the same key and algorithm. 20 21- **AES key** 22 23 Advanced Encryption Standard (AES) is the most common symmetric encryption algorithm. AES is a block cipher, which divides plaintext into fixed-length groups of bits, called blocks. A block is encrypted each time until the entire plaintext is encrypted. The block size in AES is 128 bits. That is, each block contains 16 bytes (8 bits/byte). The AES key length can be 128 bits, 192 bits, or 256 bits. 24 25- **3DES key** 26 27 Triple Data Encryption Standard (3DES), also called 3DESede or Triple DES, applies the DES cipher three times to each data block. It uses three 64-bit keys to encrypt a data block three times. Compared with DES, 3DES provides higher security due to longer key length, but lower processing speed. AES is faster and more secure than 3DES. 28 29- **SM4 key** 30 31 ShangMi 4 (SM4) is a block cipher that has a key size and a block size of 128 bits each. Both the encryption and decryption of one block of data is composed of 32 rounds. A non-linear key scheduler is used to produce the round keys. The decryption uses the same round keys as for encryption, except that they are in reversed order. 32 33### Asymmetric Key 34 35In the asymmetric cryptography, a private and public key pair is required. The private key is used to encrypt the plaintext, and the public key is used to decrypt the ciphertext. The public key is public and open to anyone in the system, while the private key is private. For digital signature and signature verification, the private key is used to sign the plaintext, and the public key is used to verify the signature data. 36 37- **RSA key** 38 39 Rivest-Shamir-Adleman (RSA) is an asymmetric encryption algorithm widely used for secure data transmission. The security of RSA depends on the practical difficulty of factoring the product of two large prime numbers. 40 41 The RSA key parameters include the following integers: 42 43 **n**: modulus, which is a public parameter of the private key and public key. 44 45 **sk**: private exponent, which is often written as **d** in the formula. 46 47 **pk**: public exponent, which is often written as **e** in the formula. 48 49- **ECC key** 50 51 Elliptic-curve cryptography (ECC) is a public-key encryption algorithm based on elliptic curve mathematics. It security is based on the assumption that it is infeasible to find the discrete logarithm of a random elliptic curve element with respect to a publicly known base point. The Crypto Framework provides capabilities for generating a variety of ECC keys. 52 53 The ECC algorithm can be regarded as an operation of numbers defined in a special set. Currently, the Crypto Framework supports elliptic curves in **Fp** fields, where **p** is prime. The **Fp** fields are also called the prime fields. 54 55 The ECC key parameters in the **Fp** fields include the following: 56 57 **p**: prime number used to determine **Fp**. 58 59 **a**, **b**: determine the elliptic curve equation. 60 61 **g**: base point of the elliptic curve, which can be represented as **gx** or **gy**. 62 63 **n**: order of the base point **g**. 64 65 **h**: cofactor. 66 67 **sk**: private key, which is a random integer less than **n**. 68 69 **pk**: public key, which is a point on the elliptic curve. **pk** = **sk** x **g**. 70 71- **DSA key** 72 73 Digital Signature Algorithm (DSA) is a public-key algorithm based on the modular exponentiation and discrete logarithm problem. It is used for digital signatures and signature verification, but not for encryption and decryption. The Crypto Framework provides the capability of generating DSA keys of different lengths. 74 75 The DSA key parameters include the following: 76 77 **p**: a prime modulus, whose length is an integer multiple of 64. 78 79 **q**: prime factor of p – 1. The length varies depending on the length of **p**. 80 81 **g**: g = (h ^ ((p - 1) / q)) mod p, where **h** is any integer that meets 1 < h < p -1. 82 83 **sk**: private key, which is a randomly generated integer and complies with 0 < sk < q. 84 85 **pk**: public key. pk = (g ^ sk) mod p 86 87- **SM2 key** 88 89 ShangMi 2 (SM2) is a public key cryptographic algorithm based on the ECC. The key length is 256 bits. The SM2 algorithm uses the elliptic curve in the Fp fields. 90 91 The SM2 key parameters in the **Fp** fields include the following: 92 93 **p**: a prime greater than 3, used to determine **Fp**. 94 95 **a**, **b**: determine the elliptic curve equation. 96 97 **g**: base point of the elliptic curve, which can be represented as **gx** or **gy**. 98 99 **n**: order of the base point **g**. 100 101 **h**: cofactor. 102 103 **sk**: private key, which is a random integer less than **n**. 104 105 **pk**: public key, which is a point on the elliptic curve. **pk** = **sk** x **g**. 106 107### Encryption and Decryption 108 109- **Symmetric AES encryption and decryption** 110 111 The algorithm library provides the following cipher modes of operation for AES: ECB, CBC, OFB, CFB, CTR, GCM, and CCM. AES is a block cipher, with a fixed block size of 128 bits. In actual applications, the last block of plaintext may be less than 128 bits and needs to be padded. The padding options are as follows: 112 - **NoPadding**: no padding. 113 - **PKCS5**: pads a block cipher with a block size of 8 bytes. 114 - **PKCS7**: pads any block size from 1 to 255 bytes. The PKCS #7 padding scheme is the same as that of PKCS #5. 115 116 > **NOTE** 117 > 118 > In ECB and CBC modes, the plaintext must be padded if its length is not an integer multiple of 128 bits.<br> 119 > Since the plaintext is padded to the block size, the PKCS #5 and PKCS #7 used in the algorithm library use the block size as the padding length. That is, data is padded to 16 bytes in AES encryption. 120 121- **Symmetric 3DES encryption and decryption** 122 123 3DES encryption and decryption apply the DES cipher three times to each data block to obtain the ciphertext or plaintext. 124 125 The algorithm library provides the following cipher modes of operation for 3DES encryption and decryption: ECB, CBC, OFB, and CFB. DES is a block cipher, with a fixed block size of 64 bits. In actual applications, the last block of plaintext may be less than 64 bits and needs to be padded. The padding options are as follows: 126 - **NoPadding**: no padding. 127 - **PKCS5**: pads a block cipher with a block size of 8 bytes. 128 - **PKCS7**: pads any block size from 1 to 255 bytes. The PKCS #7 padding scheme is the same as that of PKCS #5. 129 130 > **NOTE** 131 > 132 > In ECB and CBC modes, the plaintext must be padded if its length is not an integer multiple of 64 bits. 133 > Since the plaintext is padded to the block size, the PKCS #5 and PKCS #7 used in the algorithm library use the block size as the padding length. That is, data is padded to 8 bytes in 3DES encryption. 134 135- **Symmetric SM4 encryption and decryption** 136 137 The Crypto Framework provides the following SM4 encryption modes: ECB, CBC, CTR, OFB, CFB, and CFB128. SM4 is a block cipher, with a fixed block size of 128 bits. In actual applications, the last block of plaintext may be less than 128 bits and needs to be padded. The padding options are as follows: 138 139 - **NoPadding**: no padding. 140 - **PKCS5**: pads a block cipher with a block size of 8 bytes. 141 - **PKCS7**: pads any block size from 1 to 255 bytes. The PKCS #7 padding scheme is the same as that of PKCS #5. 142 143 > **NOTE** 144 > 145 > In ECB and CBC modes, the plaintext must be padded if its length is not an integer multiple of 128 bits.<br> 146 > Since the plaintext is padded to the block size, the PKCS #5 and PKCS #7 used in the algorithm library use the block size as the padding length. That is, data is padded to 16 bytes in SM4 encryption. 147 148- **Asymmetric RSA encryption and decryption** 149 150 RSA is an asymmetric cipher, with fixed-length blocks. In actual applications, diverse padding modes are used. Currently, the Crypto Framework provides the following padding modes: 151 - **NoPadding**: no padding. The length of the input or output data must be the same as that of the RSA key modulus. 152 153 - **PKCS1**: RSAES-PKCS1-V1_5 mode in RFC3447 (corresponding to RSA_PKCS1_PADDING in OpenSSL). The RSA converts the source data D into an encryption block (EB). In encryption, the length of the input data must be less than or equal to the RSA key modulus minus 11. The length of the output data is the same as that of the RSA key modulus. 154 155 - **PKCS1_OAEP**: RSAES-OAEP mode in RFC 3447 (corresponding to RSA_PKCS1_OAEP_PADDING in OpenSSL). It is a new padding mode developed by PKCS#1. In this mode, two digests (**md** and **mgf1_md**) need to be set. During encryption, the length of the input data must meet the following requirements: 156 157 Input data length < RSA key modulus – **md** length (bytes) – **mgf1_md** length (bytes) – 2 158 159 The length of the output data is the same as that of the RSA key modulus. In this mode, you can also set the **pSource** byte stream to define the encoding input **P** filled by OAEP and obtain the parameters related to PKCS1_OAEP. 160 161 The **PKCS1_OAEP** parameters include the following: 162 163 **md**: message digest algorithm.<br> 164 **mgf**: mask generation algorithm. Currently, only MGF1 is supported.<br> 165 **mgf1_md**: mgf1 digest algorithm.<br> 166 **pSource**: byte stream, which is the source for encoding input P in OAEP padding. 167 168 > **NOTE** 169 > 170 > RSA key modulus = (RSA bits + 7)/8 171 172- **Asymmetric SM2 encryption and decryption** 173 174 SM2 is an asymmetric encryption algorithm based on the ECC. The encryption length is fixed. Currently, the Crypto Framework supports encrypted data in C1C3C2 format and decryption of data in C1C3C2 format. 175 176### Signing and Signature Verification 177 178- **RSA signing and signature verification** 179 180 The Crypto Framework provides the following padding modes for RSA signing and signature verification: 181 - **PKCS1**: RSASSA-PKCS1-V1_5 mode in RFC3447 (corresponding to RSA_PKCS1_PADDING in OpenSSL). When this mode is used for signing and signature verification, the digest (**md**) must be set, the digest algorithm output length (bytes) must be less than the RSA key modulus. 182 183 - **PSS**: RSASSA-PSS mode in RFC 3447 (corresponding to RSA_PKCS1_PSS_PADDING in OpenSSL). In this mode, two digests (**md** and **mgf1_md**) must be set, and the total length (bytes) of **md** and **mgf1_md** must be less than the RSA key modulus. In this mode, the salt length (**saltLen**, in bytes) can also be set, and PSS-related parameters can be obtained. 184 185 The PSS parameters include the following: 186 187 **md**: message digest algorithm.<br> 188 **mgf**: mask generation algorithm. Currently, only MGF1 is supported.<br> 189 **mgf1_md**: digest algorithm used in the MGF1 algorithm.<br> 190 **saltLen**: salt length, in bytes.<br> 191 **trailer_field**: integer used for encoding. The value must be **1**. 192 193 > **NOTE** 194 > 195 > RSA key modulus = (RSA bits + 7)/8 196 197- **ECDSA** 198 199 The Elliptic Curve Digital Signature Algorithm (ECDSA) is a digital signature algorithm that uses the ECC. Compared with the ordinary Discrete Logarithm Problem (DLP) and Integer Factorization Problem (IFP), the ECC provides a higher unit bit strength than other public-key cryptographic systems. The Crypto Framework provides the ECDSA that combines multiple elliptic curves and digest algorithms. 200 201- **DSA** 202 203 The DSA security is based on the difficulty of the DLP in integer finite field. The DSA features high compatibility and applicability. 204 205- **SM2** 206 207 SM2 is a digital signature algorithm based on the ECC. 208 209 210### Key Agreement 211 212**ECDH** 213 214Elliptic Curve Diffie-Hellman (ECDH) allows two parties to establish a shared secret over an insecure channel. The Crypto Framework provides a variety of ECDH capabilities based on the open-source algorithm library. 215 216### Message Digest 217 218The message digest algorithm allows a fixed-length digest to be generated from data of arbitrary size by using the hash algorithm. It is used for sensitive information encryption because it is infeasible to invert or reverse the computation. The MD algorithm is also referred to as a hash algorithm or a one-way hash algorithm. 219When the same digest algorithm is used, the generated digest (hash value) has the following features: 220 221- The same message always results in the same hash value. 222- The digest generated is of the fixed length no matter the length of messages. (The digest length is determined by the algorithm used). 223- It is almost impossible to find two different messages with the same hash value. (The probability still exists, depending on the length of the digest.) 224 225### HMAC 226 227Hash-based Message Authentication Code (HMAC) is a key-based message authentication code algorithm. It provides authentication using a shared secret instead of using a digital signature. The MAC generated can be used to verify the integrity and authenticity of the message. The length of the MAC generated by HMAC is fixed. Compared with MAC, HMAC introduces the shared secret, which ensures data correctness. 228 229### Random Number 230 231Random numbers are mainly used to generate temporary session keys or keys in asymmetric encryption. They are generated by a hardware random number generator or software-based pseudo-random number generator. In encryption and decryption, a secure random number generator must feature randomness, unrepeatability, and unpredictability. The random numbers generated by the Cryptography Secure Random Number Generator (CSPRNG) meet the requirements of cryptography security pseudo-randomness. 232 233- Internal state<br>A value in the random number generator memory. The same internal state produces the same sequence of the random number. 234- Seed<br>A number used to initialize the internal state of a pseudorandom number generator. The random number generator generates a series of random sequences based on the seeds. 235 236## Constraints 237 238- The Crypto Framework does not support concurrent operations of multiple threads. 239- Currently, the algorithm library supports only OpenSSL. 240- For a key generated based on key parameters, the bigint type must be a positive number in big-endian format. 241- The Crypto Framework algorithm library provides common algorithms. Some algorithms and specifications, such as MD5, are not applicable to security scenarios. You need to select the proper algorithms as required. 242 243## Key Generation Specifications 244 245A key can be generated based on either of the following specifications: 246- String parameter: provides the specifications of the key to be generated in the form of a string. 247- Key parameters: constructs a key object using the specific cryptography information. 248 249### AES Key Generation Specifications 250 251The AES key can be generated based on a string parameter. 252 253|Symmetric Key Algorithm|Key Length (Bit)|String Parameter| 254|---|---|---| 255|AES|128|AES128| 256|AES|192|AES192| 257|AES|256|AES256| 258 259 > **NOTE** 260 > 261 > As a combination of the Symmetric key algorithm and the key length, the string parameter specifies the key specifications when a symmetric key generator is created. 262 263### 3DES Key Generation Specifications 264 265The 3DES key can be generated based on a string parameter. 266 267|Symmetric Key Algorithm|Key Length (Bit)|String Parameter| 268|---|---|---| 269|3DES|192|3DES192| 270 271 > **NOTE** 272 > 273 > As a combination of the symmetric key algorithm and the key length, the string parameter specifies the key specifications when a symmetric key generator is created. 274 275### RSA Key Generation Specifications 276 277 > **NOTE** 278 > 279 > The RSA keys can be generated based on key parameters from API version 10. 280 281- The RSA key can be generated based on a string parameter. 282 283 |RSA Key Type|Number of Primes|String Parameter| 284 |---|---|---| 285 |RSA512|2|RSA512\|PRIMES_2| 286 |RSA768|2|RSA768\|PRIMES_2| 287 |RSA1024|2|RSA1024\|PRIMES_2| 288 |RSA1024|3|RSA1024\|PRIMES_3| 289 |RSA2048|2|RSA2048\|PRIMES_2| 290 |RSA2048|3|RSA2048\|PRIMES_3| 291 |RSA3072|2|RSA3072\|PRIMES_2| 292 |RSA3072|3|RSA3072\|PRIMES_3| 293 |RSA4096|2|RSA4096\|PRIMES_2| 294 |RSA4096|3|RSA4096\|PRIMES_3| 295 |RSA4096|4|RSA4096\|PRIMES_4| 296 |RSA8192|2|RSA8192\|PRIMES_2| 297 |RSA8192|3|RSA8192\|PRIMES_3| 298 |RSA8192|4|RSA8192\|PRIMES_4| 299 |RSA8192|5|RSA8192\|PRIMES_5| 300 301 > **NOTE** 302 > 303 > As a combination of the RSA key type and the number of primes, the string parameter specifies the key specifications when an asymmetric key generator is created. 304 > 305 > The default number of primes for generating the RSA asymmetric key is 2, and **PRIMES_2** can be omitted. 306 307- The RSA key can also be generated based on key parameters. The following table lists the types of key parameters and cryptography specifications of each key parameter. 308 309 | |Common Parameter|Public Key Parameter|Private Key Parameter|Public/Private Key Pair Parameter| 310 |---|---------|---|---|---| 311 |n |x |√ |x |√ | 312 |pk| |√ | |√ | 313 |sk| | |x |√ | 314 315 > **NOTE** 316 > 317 > The key parameters specify the key specifications when an asymmetric key generator is created. 318 > 319 > The preceding table describes the public and private key parameters supported by the Crypto Framework algorithm library for generating RSA keys.<br> 320 > √ indicates that properties needs to be specified to construct the key parameter.<br>x indicates that the Crypto Framework currently does not support key generation based on this parameter. 321 322 > **CAUTION** 323 > 324 > - RSA does not support random key generation based on the public parameter (**n**). 325 > - RSA does not support generation of the private key by specifying the private key parameters (**n**, **sk**). 326### ECC Key Generation Specifications 327 328 > **NOTE** 329 > 330 > The ECC key can be generated based on key parameters from API version 10. 331 332- The ECC key can be generated based on a string parameter. 333 334 |Asymmetric Key Algorithm|Key Length (Bit)|Curve Name|String Parameter| 335 |---|---|---|---| 336 |ECC|224|NID_secp224r1|ECC224| 337 |ECC|256|NID_X9_62_prime256v1|ECC256| 338 |ECC|384|NID_secp384r1|ECC384| 339 |ECC|521|NID_secp521r1|ECC521| 340 341 > **NOTE** 342 > 343 > As a combination of the asymmetric key algorithm and the key length, the string parameter specifies the key specifications when an asymmetric key generator is created.<br> 344 > Currently, only ECC Fp curves are supported. 345 346- The ECC key can also be generated based on key parameters. 347 348 The following table lists the types of key parameters and cryptography specifications of each key parameter. 349 350 | |Common Parameter|Public Key Parameter|Private Key Parameter|Public/Private Key Pair Parameter| 351 |---|---|---|---|---| 352 |fieldType| √| √| √| √| 353 |p | √| √| √| √| 354 |a | √| √| √| √| 355 |b | √| √| √| √| 356 |g | √| √| √| √| 357 |n | √| √| √| √| 358|h | √| √| √| √| 359 |pk | | √| | √| 360 |sk | | | √| √| 361 362> **NOTE** 363> 364> The key parameters specify the key specifications when an asymmetric key generator is created.<br> 365> The preceding table describes the public and private key parameters supported by the Crypto Framework algorithm library for generating ECC keys.<br> 366> √ indicates that properties needs to be specified to construct the key parameter. 367 368 > **CAUTION** 369 > 370 > - Currently, the ECC supports only the **Fp** fields. Therefore, **fieldType** has a fixed value of **Fp**. **fieldType** and **p** constitute the property **field**. Currently, the **field** supports only [ECFieldFp](../reference/apis/js-apis-cryptoFramework.md#ecfieldfp10). 371 > - **g** and **pk** are points on the ECC curve and belong to the [Point](../reference/apis/js-apis-cryptoFramework.md#point10) type. You need to specify the X and Y coordinates. 372 373### DSA Key Generation Specifications 374 375 > **NOTE** 376 > 377 > From API version 10, the DSA algorithm is supported for key generation, signing, and signature verification. 378 379- The DSA key can be generated based on a string parameter. 380 381 |Asymmetric Key Algorithm|Key Length (Bit)|String Parameter| 382 |---|---|---| 383 |DSA|1024|DSA1024| 384 |DSA|2048|DSA2048| 385 |DSA|3072|DSA3072| 386 387 > **NOTE** 388 > 389 > As a combination of the asymmetric key algorithm and the key length, the string parameter specifies the key specifications when an asymmetric key generator is created. 390 391- The DSA keys can also be generated based on key parameters. 392 393 The following table lists the types of key parameters and cryptography specifications of each key parameter. 394 395 | |Common Parameter|Public Key Parameter|Private Key Parameter|Public/Private Key Pair Parameter| 396 |---|---------|---|---|---| 397 |p |√ |√ |x |√ | 398 |q |√ |√ |x |√ | 399 |g |√ |√ |x |√ | 400 |pk | |√ | |√ | 401 |sk | | |x |√ | 402 403 > **NOTE** 404 > 405 > The key parameters specify the key specifications when an asymmetric key generator is created. 406 > 407 > The preceding table describes the public and private key parameters supported by the Crypto Framework algorithm library for generating DSA keys.<br> 408 > 409 > √ indicates that properties needs to be specified to construct the key parameter.<br> 410 > x indicates that the Crypto Framework currently does not support key generation based on this parameter. 411 412 > **CAUTION** 413 > 414 > - DSA does not support generation of the private key by specifying the private key parameters (**p**, **q**, **g**, **sk**). 415 > - When common parameters (**p**, **q**, **g**) are specified to generate a DSA key pair, the DSA key length must be at least 1024 bits. 416 417### SM2 Key Generation Specifications 418 419> **NOTE** 420> 421> SM2 keys can be randomly generated from API version 10. 422 423- The SM2 keys can be generated based on the string parameter. 424 425 |Asymmetric Key Algorithm|Key Length (Bit)|String Parameter| 426 |---|---|---| 427 |SM2|256|SM2_256| 428 429 > **NOTE** 430 > 431 > As a combination of the asymmetric key algorithm and key length with an underscore (_) in between, the string parameter specifies the key specifications when an asymmetric key generator is created. 432 433### SM4 Key Generation Specifications 434 435> **NOTE** 436> 437> SM4 keys can be randomly generated from API version 10. 438 439- The SM4 keys can be generated based on the string parameter. 440 441 |Symmetric Key Algorithm|Key Length (Bit)|String Parameter| 442 |---|---|---| 443 |SM4|128|SM4_128| 444 445 > **NOTE** 446 > 447 > As a combination of the symmetric key algorithm and key length with an underscore (_) in between, the string parameter specifies the key specifications when a symmetric key generator is created. 448 449## Encryption and Decryption Specifications 450 451### Symmetric Encryption and Decryption 452 453 > **NOTE** 454 > 455 > The APIs support specifications without the key length for symmetric encryption and decryption from API version 10. 456 457- The following symmetric encryption algorithms are supported. 458 |Symmetric Encryption and Decryption Algorithm|Block Cipher Mode|String Parameter | 459 |---|---|---| 460 |3DES|ECB|3DES192\|ECB\|[NoPadding\|PKCS5\|PKCS7]| 461 |3DES|CBC|3DES192\|CBC\|[NoPadding\|PKCS5\|PKCS7]| 462 |3DES|OFB|3DES192\|OFB\|[NoPadding\|PKCS5\|PKCS7]| 463 |3DES|CFB|3DES192\|CFB\|[NoPadding\|PKCS5\|PKCS7]| 464 |AES|ECB|AES[128\|192\|256]\|ECB\|[NoPadding\|PKCS5\|PKCS7]| 465 |AES|CBC|AES[128\|192\|256]\|CBC\|[NoPadding\|PKCS5\|PKCS7]| 466 |AES|CTR|AES[128\|192\|256]\|CTR\|[NoPadding\|PKCS5\|PKCS7]| 467 |AES|OFB|AES[128\|192\|256]\|OFB\|[NoPadding\|PKCS5\|PKCS7]| 468 |AES|CFB|AES[128\|192\|256]\|CFB\|[NoPadding\|PKCS5\|PKCS7]| 469 |AES|GCM|AES[128\|192\|256]\|GCM\|[NoPadding\|PKCS5\|PKCS7]| 470 |AES|CCM|AES[128\|192\|256]\|CCM\|[NoPadding\|PKCS5\|PKCS7]| 471 |SM4|ECB|SM4_128\|ECB\|[NoPadding\|PKCS5\|PKCS7]| 472 |SM4|CBC|SM4_128\|CBC\|[NoPadding\|PKCS5\|PKCS7]| 473 |SM4|CTR|SM4_128\|CTR\|[NoPadding\|PKCS5\|PKCS7]| 474 |SM4|OFB|SM4_128\|OFB\|[NoPadding\|PKCS5\|PKCS7]| 475 |SM4|CFB|SM4_128\|CFB\|[NoPadding\|PKCS5\|PKCS7]| 476 |SM4|CFB128|SM4_128\|CFB128\|[NoPadding\|PKCS5\|PKCS7]| 477 478 > **NOTE** 479 > 480 > - The options included in the square brackets ([]) are mutually exclusive. 481 > - As a combination of the algorithm (including the key length), block cipher mode, and padding mode, the string parameter specifies the symmetric encryption/decryption algorithm specifications when a symmetric encryption/decryption instance is created. 482 > - An underscore (_) must be added between SM4<sup>10+</sup> and the key length in **String Parameter**. 483 484### Asymmetric RSA Encryption and Decryption 485 486 > **NOTE** 487 > 488 > The APIs support specifications without the key length for asymmetric RSA encryption and decryption from API version 10. 489 490The Crypto Framework provides three padding modes for RSA encryption/decryption: **NoPadding**, **PKCS1**, and **PKCS1_OAEP**. 491- If **NoPadding** is used, the following parameters can be specified. 492 493 |Asymmetric Key Type| Padding Mode| String Parameter| 494 |---|---|---| 495 |RSA512|NoPadding|RSA512\|NoPadding| 496 |RSA768|NoPadding|RSA768\|NoPadding| 497 |RSA1024|NoPadding|RSA1024\|NoPadding| 498 |RSA2048|NoPadding|RSA2048\|NoPadding| 499 |RSA3072|NoPadding|RSA3072\|NoPadding| 500 |RSA4096|NoPadding|RSA4096\|NoPadding| 501 |RSA8192|NoPadding|RSA8192\|NoPadding| 502 |RSA|NoPadding|RSA\|NoPadding| 503 504 > **NOTE** 505 > 506 > - As a combination of the asymmetric key type and the padding mode, the string parameter specifies the asymmetric encryption/decryption algorithm specifications when an asymmetric encryption/decryption instance is created. 507 > - The RSA key type in the last row of the preceding table does not contain the key length to ensure compatibility with the key generated based on the key parameters. The encryption/decryption operation varies depending on the actual key length. 508 509- If **PKCS1** is used, the following parameters can be specified. 510 511 |Asymmetric Key Type| Padding Mode| String Parameter| 512 |---|---|---| 513 |RSA512|PKCS1|RSA512\|PKCS1| 514 |RSA768|PKCS1|RSA768\|PKCS1| 515 |RSA1024|PKCS1|RSA1024\|PKCS1| 516 |RSA2048|PKCS1|RSA2048\|PKCS1| 517 |RSA3072|PKCS1|RSA3072\|PKCS1| 518 |RSA4096|PKCS1|RSA4096\|PKCS1| 519 |RSA8192|PKCS1|RSA8192\|PKCS1| 520 |RSA|PKCS1|RSA\|PKCS1| 521 522 > **NOTE** 523 > 524 > - As a combination of the asymmetric key type and the padding mode, the string parameter specifies the asymmetric encryption/decryption algorithm specifications when an asymmetric encryption/decryption instance is created. 525 > - The RSA key type in the last row of the preceding table does not contain the key length to ensure compatibility with the key generated based on the key parameters. The encryption/decryption operation varies depending on the actual key length. 526 527- If **PKCS1_OAEP** is used, the following parameters can be specified. 528 529 | Asymmetric Key Type| Padding Mode| Digest| Mask Digest| 530 |---|---|---|---| 531 |RSA512|PKCS1_OAEP|MD5| [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256]| 532 |RSA512|PKCS1_OAEP|SHA1|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256]| 533 |RSA512|PKCS1_OAEP|SHA224|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256]| 534 |RSA512|PKCS1_OAEP|SHA256|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224] 535 |RSA768|PKCS1_OAEP|MD5|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 536 |RSA768|PKCS1_OAEP|SHA1|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 537 |RSA768|PKCS1_OAEP|SHA224|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 538 |RSA768|PKCS1_OAEP|SHA256|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384]| 539 |RSA768|PKCS1_OAEP|SHA384|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256]| 540 |RSA768|PKCS1_OAEP|SHA512|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224]| 541 |RSA1024|PKCS1_OAEP|MD5|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 542 |RSA1024|PKCS1_OAEP|SHA1|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 543 |RSA1024|PKCS1_OAEP|SHA224|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 544 |RSA1024|PKCS1_OAEP|SHA256|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 545 |RSA1024|PKCS1_OAEP|SHA384|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 546 |RSA1024|PKCS1_OAEP|SHA512|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384]| 547 |RSA2048|PKCS1_OAEP|MD5|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 548 |RSA2048|PKCS1_OAEP|SHA1|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 549 |RSA2048|PKCS1_OAEP|SHA224|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 550 |RSA2048|PKCS1_OAEP|SHA256|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 551 |RSA2048|PKCS1_OAEP|SHA384|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 552 |RSA2048|PKCS1_OAEP|SHA512|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 553 |RSA3072|PKCS1_OAEP|MD5|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 554 |RSA3072|PKCS1_OAEP|SHA1|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 555 |RSA3072|PKCS1_OAEP|SHA224|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 556 |RSA3072|PKCS1_OAEP|SHA256|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 557 |RSA3072|PKCS1_OAEP|SHA384|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 558 |RSA3072|PKCS1_OAEP|SHA512|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 559 |RSA4096|PKCS1_OAEP|MD5|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 560 |RSA4096|PKCS1_OAEP|SHA1|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 561 |RSA4096|PKCS1_OAEP|SHA224|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 562 |RSA4096|PKCS1_OAEP|SHA256|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 563 |RSA4096|PKCS1_OAEP|SHA384|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 564 |RSA4096|PKCS1_OAEP|SHA512|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 565 |RSA8192|PKCS1_OAEP|MD5|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 566 |RSA8192|PKCS1_OAEP|SHA1|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 567 |RSA8192|PKCS1_OAEP|SHA224|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 568 |RSA8192|PKCS1_OAEP|SHA256|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 569 |RSA8192|PKCS1_OAEP|SHA384|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 570 |RSA8192|PKCS1_OAEP|SHA512|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 571 |RSA|PKCS1_OAEP|Digest algorithm that meets the requirements for length|MGF1_ digest algorithm that meets the requirements for length| 572 573 > **NOTE** 574 > 575 > - The options included in the square brackets ([]) are mutually exclusive. The options outside the square brackets are fixed values. 576 > - As a combination of the asymmetric key type, padding mode, digest, and mask digest with a vertical bar (|) in between, the string parameter specifies the asymmetric encryption/decryption algorithm specifications when an asymmetric encryption/decryption instance is created. For example, **RSA2048|PKCS1_OAEP|SHA256|MGF1_SHA256**. 577 > - The RSA key type in the last row of the preceding table does not contain the key length to ensure compatibility with the key generated based on the key parameters. The encryption/decryption operation varies depending on the actual key length. 578 > - The input data must meet the following requirement:<br>Input data length < RSA key modulus - **md** length - **mgf1_md** length - 2<br>For example, if the RSA key is 512 bits, SHA-512 is not supported. For details about the definition of the RSA key modulus and digest length, see "Asymmetric RSA encryption and decryption" in [Encryption and Decryption](#encryption-and-decryption). 579 580- If **PKCS1_OAEP** is used, you can obtain the [OAEP cipher parameter](../reference/apis/js-apis-cryptoFramework.md#cipherspecitem10) and set the encoding input P for OAEP padding. 581 582 | OAEP Parameter|Enum Value| Get()| Set()| 583 |---|---|---|---| 584 |md|OAEP_MD_NAME_STR |√| 585 |mgf|OAEP_MGF_NAME_STR|√| 586 |mgf1_md|OAEP_MGF1_MD_STR |√| 587 |pSource|OAEP_MGF1_PSRC_UINT8ARR|√|√| 588 589 > **NOTE** 590 > 591 > The preceding table presents the **Get()** and **Set()** capabilities for OAEP parameters supported by the Crypto Framework. **√** indicates that the parameter can be obtained or set. 592 593 594### **Asymmetric SM2 Encryption and Decryption** 595 596> **NOTE** 597> 598> The APIs support specifications without the key length for asymmetric SM2 encryption and decryption from API version 10. 599 600The SM2 encryption and decryption support only the ciphertext in C1C3C2 format. The SM2 asymmetric encryption result consists of C1, C2, and C3. C1 is the elliptic curve points calculated based on the random number generated. C2 is the ciphertext data. C3 is the value calculated using the specified digest algorithm. The new SM standard support data in C1C3C2 format. Encryption without digest is not supported. 601- The following parameters are supported. 602 603 | Asymmetric Key Type| Digest| String Parameter| 604 |---|---|---| 605 |SM2_256|[MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512\|SM3]|SM2_256\|[MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512\|SM3]| 606 |SM2|[MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512\|SM3]|SM2_256\|[MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512\|SM3]| 607 608 > **NOTE** 609 > 610 > As a combination of the asymmetric key type and the padding mode, the string parameter specifies the asymmetric encryption/decryption algorithm specifications when an asymmetric encryption/decryption instance is created. 611 612## Signing and Signature Verification Specifications 613 614### RSA Signing and Signature Verification 615 616 > **NOTE** 617 > 618 > The APIs support specifications without the key length for RSA signing and signature verification from API version 10. 619 620The Crypto Framework provides two padding modes for RSA signing and signature verification: **PKCS1** and **PSS**. 621 622- If **PKCS1** is used, the following parameters can be specified. 623 624 | Asymmetric Key Type| Padding Mode| Digest| String Parameter| 625 |---|---|---|---| 626 |RSA512|PKCS1|[MD5\|SHA1\|SHA224\|SHA256\|SHA384]|RSA512\|PKCS1\|[MD5\|SHA1\|SHA224\|SHA256\|SHA384]| 627 |RSA768|PKCS1|[MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512]|RSA768\|PKCS1\|[MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512]| 628 |RSA1024|PKCS1|[MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512]|RSA1024\|PKCS1\|[MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512]| 629 |RSA2048|PKCS1|[MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512]|RSA2048\|PKCS1\|[MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512]| 630 |RSA3072|PKCS1|[MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512]|RSA3072\|PKCS1\|[MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512]| 631 |RSA4096|PKCS1|[MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512]|RSA4096\|PKCS1\|[MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512]| 632 |RSA8192|PKCS1|[MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512]|RSA8192\|PKCS1\|[MD5\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512]| 633 |RSA|PKCS1|Digest algorithm that meets the requirements for length|RSA\|PKCS1\|Digest algorithm that meets the requirements for length| 634 635 > **NOTE** 636 > 637 > - The options included in the square brackets ([]) are mutually exclusive. The options outside the square brackets are fixed values. 638 > - The RSA key type in the last row of the preceding table does not contain the key length to ensure compatibility with the key generated based on the key parameters. The signing or signature verification operation varies depending on the actual key length. 639 > - During RSA signature verification, the output length of the digest algorithm must be less than the RSA key modulus. For example, if the RSA key is 512 bits, SHA-512 is not supported. For details, see "RSA signing and signature verification" in [Signing and Signature Verification](#signing-and-signature-verification). 640 641- If **PSS** is used, the following parameters can be specified. 642 643 | Asymmetric Key Type| Padding Mode| Digest| Mask Digest| 644 |---|---|---|---| 645 |RSA512|PSS|MD5|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256]| 646 |RSA512|PSS|SHA1|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256]| 647 |RSA512|PSS|SHA224|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256]| 648 |RSA512|PSS|SHA256|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224]|RSA512\|PSS\|SHA256\|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224]| 649 |RSA768|PSS|MD5|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 650 |RSA768|PSS|SHA1|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 651 |RSA768|PSS|SHA224|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 652 |RSA768|PSS|SHA256|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384]| 653 |RSA768|PSS|SHA384|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256]| 654 |RSA768|PSS|SHA512|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224]| 655 |RSA1024|PSS|MD5|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 656 |RSA1024|PSS|SHA1|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 657 |RSA1024|PSS|SHA224|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 658 |RSA1024|PSS|SHA256|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 659 |RSA1024|PSS|SHA384|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 660 |RSA1024|PSS|SHA512| [MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384]| 661 |RSA2048|PSS|MD5|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 662 |RSA2048|PSS|SHA1|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 663 |RSA2048|PSS|SHA224|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 664 |RSA2048|PSS|SHA256|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 665 |RSA2048|PSS|SHA384|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 666 |RSA2048|PSS|SHA512|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 667 |RSA3072|PSS|MD5|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 668 |RSA3072|PSS|SHA1|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 669 |RSA3072|PSS|SHA224|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 670 |RSA3072|PSS|SHA256|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 671 |RSA3072|PSS|SHA384|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 672 |RSA3072|PSS|SHA512|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 673 |RSA4096|PSS|MD5|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 674 |RSA4096|PSS|SHA1|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 675 |RSA4096|PSS|SHA224|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 676 |RSA4096|PSS|SHA256|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 677 |RSA4096|PSS|SHA384|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 678 |RSA4096|PSS|SHA512|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 679 |RSA8192|PSS|MD5|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 680 |RSA8192|PSS|SHA1|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 681 |RSA8192|PSS|SHA224|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 682 |RSA8192|PSS|SHA256|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 683 |RSA8192|PSS|SHA384|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 684 |RSA8192|PSS|SHA512|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]| 685 |RSA|PSS|Digest algorithm that meets the requirements for length|MGF1_ digest algorithm that meets the requirements for length| 686 687 > **NOTE** 688 > 689 > - The options included in the square brackets ([]) are mutually exclusive. The options outside the square brackets are fixed values. 690 > - As a combination of the asymmetric key type, padding mode, digest, and mask digest with a vertical bar (|) in between, the string parameter specifies the asymmetric signing or signature verification algorithm specifications when an asymmetric signing or signature verification instance is created. For example, **RSA2048|PSS|SHA256|MGF1_SHA256**. 691 > - The RSA key type in the last row of the preceding table does not contain the key length to ensure compatibility with the key generated based on the key parameters. The signing or signature verification operation varies depending on the actual key length. 692 > - If the PSS padding mode is used in RSA signing or signature verification, the total length (in bytes) of **md** and **mgf1_md** must be less than the RSA key modulus. For example, if the RSA key is 512 bits, **md** and **mgf1_md** cannot be SHA256 at the same time. For details about the definition of the RSA key modulus and digest length, see "RSA signing and signature verification" in [Signing and Signature Verification](#signing-and-signature-verification). 693 694- If the PSS mode is used, you can obtain the PSS [parameter](../reference/apis/js-apis-cryptoFramework.md#signspecitem10) for signing or signature verification, and set the salt length (**saltLen**, in bytes) for the PSS. 695 696 | PSS Parameter|Enum Value| Get()| Set()| 697 |---|---|---|---| 698 |md|PSS_MD_NAME_STR |√| 699 |mgf|PSS_MGF_NAME_STR|√| 700 |mgf1_md|PSS_MGF1_MD_STR |√| 701 |saltLen|PSS_SALT_LEN_NUM|√|√| 702 |trailer_field|PSS_TRAILER_FIELD_NUM|√| 703 704 > **NOTE** 705 > 706 > The preceding table presents the **Get()** and **Set()** capabilities for PSS parameters supported by the Crypto Framework. **√** indicates that the parameter can be obtained or set. 707 708### ECDSA Signing and Signature Verification 709 710 > **NOTE** 711 > 712 > The APIs support specifications without the key length for ECDSA signing and signature verification from API version 10. 713- The following ECDSA parameters are supported. 714 715 |Asymmetric Key Type|Digest|String Parameter| 716 |---|---|---| 717 |ECC224|[SHA1\|SHA224\|SHA256\|SHA384\|SHA512]|ECC224\|[SHA1\|SHA224\|SHA256\|SHA384\|SHA512]| 718 |ECC256|[SHA1\|SHA224\|SHA256\|SHA384\|SHA512]|ECC256\|[SHA1\|SHA224\|SHA256\|SHA384\|SHA512]| 719 |ECC384|[SHA1\|SHA224\|SHA256\|SHA384\|SHA512]|ECC384\|[SHA1\|SHA224\|SHA256\|SHA384\|SHA512]| 720 |ECC521|[SHA1\|SHA224\|SHA256\|SHA384\|SHA512]|ECC521\|[SHA1\|SHA224\|SHA256\|SHA384\|SHA512]| 721 |ECC|[SHA1\|SHA224\|SHA256\|SHA384\|SHA512]|ECC\|[SHA1\|SHA224\|SHA256\|SHA384\|SHA512]| 722 723 > **NOTE** 724 > 725 > - The options included in the square brackets ([]) are mutually exclusive. The options outside the square brackets are fixed values. 726 > - As a combination of the asymmetric key type and digest with a vertical bar (|) in between, the string parameter specifies the asymmetric signing or signature verification algorithm specifications when an asymmetric signing or signature verification instance is created. For example, **ECC224|SHA256**. 727 > - The ECC key type in the last row of the preceding table does not contain the key length to ensure compatibility with the key generated based on the key parameters. The ECDSA signing or signature verification operation varies depending on the actual key length. 728 729### DSA Signing and Signature Verification 730 731 > **NOTE** 732 > 733 > DSA signing and signature verification specifications are supported from API version 10. 734 735- The following DSA parameters are supported. 736 737 |Asymmetric Key Type|Digest|String Parameter| 738 |---|---|---| 739 |DSA1024|[NoHash\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512]|DSA1024\|[NoHash\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512]| 740 |DSA2048|[NoHash\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512]|DSA2048\|[NoHash\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512]| 741 |DSA3072|[NoHash\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512]|DSA3072\|[NoHash\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512]| 742 |DSA|[NoHash\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512]|DSA\|[NoHash\|SHA1\|SHA224\|SHA256\|SHA384\|SHA512]| 743 744 > **NOTE** 745 > 746 > - The options included in the square brackets ([]) are mutually exclusive. The options outside the square brackets are fixed values. 747 > - As a combination of the asymmetric key type and digest with a vertical bar (|) in between, the string parameter specifies the asymmetric signing or signature verification algorithm specifications when an asymmetric signing or signature verification instance is created. For example, **DSA1024|SHA256**. 748 > - The DSA key type in the last row of the preceding table does not contain the key length to ensure compatibility with the key generated based on the key parameters. The signing or signature verification operation varies depending on the actual key length. 749 750 751### SM2 Signature Verification 752 753> **NOTE** 754> 755> The APIs support SM2 signing and signature verification from API version 10. 756 757- The following SM2 parameters are supported. 758 759 |Asymmetric Key Type|Digest|String Parameter| 760 |---|---|---| 761 |SM2_256|SM3|SM2_256\|SM3| 762 |SM2|SM3|SM2\|SM3| 763 764 > **NOTE** 765 > 766 > - The options included in the square brackets ([]) are mutually exclusive. The options outside the square brackets are fixed values. 767 > - As a combination of the asymmetric key type and digest with a vertical bar (|) in between, the string parameter specifies the asymmetric signing or signature verification algorithm specifications when an asymmetric signing or signature verification instance is created. 768 > - SM2 digital signatures support only the SM3 digest. 769 770## Key Agreement Specifications 771 772### ECDH 773 774 > **NOTE** 775 > 776 > The APIs support specifications without the key length for ECDH from API version 10. 777 778- The following ECDH parameters are supported. 779 780 |Asymmetric Key Algorithm|String Parameter| 781 |---|---| 782 |ECC|ECC224| 783 |ECC|ECC256| 784 |ECC|ECC384| 785 |ECC|ECC521| 786 |ECC|ECC| 787 788 > **NOTE** 789 > 790 > - The string parameter specifies the key agreement algorithm specifications when a key agreement instance is created. 791 > - The ECC key type in the last row of the preceding table does not contain the key length to ensure compatibility with the key generated based on the key parameters. The ECDH key agreement operation varies depending on the actual key length. 792 793 794## MD Algorithm Specifications 795 796- The Crypto Framework supports the following MD algorithm parameters. 797 798 > **NOTE** 799 > 800 > SM3 is supported since API version 10. 801 802 |Digest Algorithm|Supported Type| 803 |---|---| 804 |HASH|SHA1| 805 |HASH|SHA224| 806 |HASH|SHA256| 807 |HASH|SHA384| 808 |HASH|SHA512| 809 |HASH|MD5| 810 |HASH|SM3| 811 812 > **NOTE** 813 > 814 > **Supported Type** specifies the MD algorithm specifications when an MD instance is created. 815 816## HMAC Algorithm Specifications 817 818- The Crypto Framework supports the following HMAC algorithm parameters. 819 820 > **NOTE** 821 > 822 > SM3 is supported from API version 10. 823 824 |Digest Algorithm|Supported Type| 825 |---|---| 826 |HASH|SHA1| 827 |HASH|SHA224| 828 |HASH|SHA256| 829 |HASH|SHA384| 830 |HASH|SHA512| 831 |HASH|SM3| 832 833 > **NOTE** 834 > 835 > **Supported Type** specifies the HMAC algorithm specifications when an HMAC instance is created. 836 837## Random Number 838- Currently, the Crypto Framework supports only the CTR_DRBG algorithm. 839 840 > **NOTE** 841 > 842 > - Currently, only secure random numbers with length of 1 to **INT_MAX** bytes are supported. 843 > - The random number generation algorithm uses the **RAND_priv_bytes** interface of OpenSSL to generate secure random numbers. 844