harmony 鸿蒙Encryption and Decryption (ArkTS)
Encryption and Decryption (ArkTS)
This topic walks you through on how to perform encryption and decryption using AES128, RSA2048, and SM2. For details about the scenarios and supported algorithms, see Supported Algorithms.
How to Develop
Key Generation
Set the key alias.
Initialize the key property set.
Use generateKeyItem to generate a key. For details, see Key Generation.
Alternatively, you can import a key.
Encryption
Obtain the key alias.
Obtain the data to be encrypted.
Obtain the algorithm parameters for encryption.
The parameters to be configured vary with the algorithm used. - If the AES algorithm, CBC block mode, and PKCS7 padding mode are used for encryption, the IV parameter must be set. For details, see AES/CBC/PKCS7. - If the AES algorithm and GCM block mode are used for encryption, the NONCE parameter is mandatory and AAD is optional. For details, see AES/GCM/NoPadding. - If the RSA algorithm is used for encryption, you need to select the corresponding block mode, padding mode, and digest algorithm. For details, see RSA/ECB/PKCS1_V1_5 and RSA/ECB/OAEP/SHA256. - If the SM2 algorithm is used for encryption, the digest algorithm must be SM3. For details, see SM2.
For details about the specifications, see Encryption and Decryption Overview and Algorithm Specifications.
Use initSession to initialize a key session. The session handle is returned after the initialization.
Use finishSession with the session handle to obtain the ciphertext.
Decryption
Obtain the key alias.
Obtain the ciphertext to be decrypted.
Obtain the algorithm parameters for decryption.
The parameters to be configured vary with the algorithm used. - If the AES algorithm and GCM block mode are used for encryption, NONCE and AEAD are mandatory and AAD is optional. For details, see AES/GCM/NoPadding. - The requirements for the parameters in the other development cases are the same as those in the encryption.
For details about the specifications, see Encryption and Decryption Overview and Algorithm Specifications.
Use initSession to initialize a key session. The session handle is returned after the initialization.
Use finishSession to obtain the data decrypted.
Key Deletion
Use deleteKeyItem to delete the key that is not required. For details, see Deleting a Key.
Development Cases
AES/CBC/PKCS7
/*
* The following uses AES/CBC/PKCS7 with promise-based APIs.
*/
import { huks } from '@kit.UniversalKeystoreKit';
let aesKeyAlias = 'test_aesKeyAlias';
let handle: number;
let plainText = '123456';
let IV = '001122334455';
let cipherData: Uint8Array;
function StringToUint8Array(str: String) {
let arr: number[] = new Array();
for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
return new Uint8Array(arr);
}
function Uint8ArrayToString(fileData: Uint8Array) {
let dataString = '';
for (let i = 0; i < fileData.length; i++) {
dataString += String.fromCharCode(fileData[i]);
}
return dataString;
}
function GetAesGenerateProperties() {
let properties: Array<huks.HuksParam> = [{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
}, {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128
}, {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT|
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
}];
return properties;
}
function GetAesEncryptProperties() {
let properties: Array<huks.HuksParam> = [{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
}, {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128
}, {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
}, {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7
}, {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_CBC
}, {
tag: huks.HuksTag.HUKS_TAG_IV,
value: StringToUint8Array(IV)
}];
return properties;
}
function GetAesDecryptProperties() {
let properties: Array<huks.HuksParam> = [{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
}, {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128
}, {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
}, {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7
}, {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_CBC
}, {
tag: huks.HuksTag.HUKS_TAG_IV,
value: StringToUint8Array(IV)
}];
return properties;
}
async function GenerateAesKey() {
/*
* Simulate the key generation scenario.
* 1. Set the key alias.
*/
/*
* 2. Obtain the parameters for key generation.
*/
let genProperties = GetAesGenerateProperties();
let options: huks.HuksOptions = {
properties: genProperties
}
/*
* 3. Call generateKeyItem.
*/
await huks.generateKeyItem(aesKeyAlias, options)
.then((data) => {
console.info(`promise: generate AES Key success, data = ${JSON.stringify(data)}`);
}).catch((error: Error) => {
console.error(`promise: generate AES Key failed, ${JSON.stringify(error)}`);
})
}
async function EncryptData() {
/*
* Simulate the encryption scenario.
* 1. Obtain the key alias.
*/
/*
* 2. Obtain the data to be encrypted.
*/
/*
* 3. Obtain the algorithm parameters for encryption.
*/
let encryptProperties = GetAesEncryptProperties();
let options: huks.HuksOptions = {
properties: encryptProperties,
inData: StringToUint8Array(plainText)
}
/*
* 4. Call initSession to obtain a session handle.
*/
await huks.initSession(aesKeyAlias, options)
.then((data) => {
handle = data.handle;
}).catch((error: Error) => {
console.error(`promise: init EncryptData failed, ${JSON.stringify(error)}`);
})
/*
* 5. Call finishSession to obtain the ciphertext.
*/
await huks.finishSession(handle, options)
.then((data) => {
console.info(`promise: encrypt data success, data is ` + Uint8ArrayToString(data.outData as Uint8Array));
cipherData = data.outData as Uint8Array;
}).catch((error: Error) => {
console.error(`promise: encrypt data failed, ${JSON.stringify(error)}`);
})
}
async function DecryptData() {
/*
* Simulate the decryption scenario.
* 1. Obtain the key alias.
*/
/*
* 2. Obtain the ciphertext to be decrypted.
*/
/*
* 3. Obtain the algorithm parameters for decryption.
*/
let decryptOptions = GetAesDecryptProperties()
let options: huks.HuksOptions = {
properties: decryptOptions,
inData: cipherData
}
/*
* 4. Call initSession to obtain a session handle.
*/
await huks.initSession(aesKeyAlias, options)
.then((data) => {
handle = data.handle;
}).catch((error: Error) => {
console.error(`promise: init DecryptData failed, ${JSON.stringify(error)}`);
})
/*
* 5. Call finishSession to obtain the decrypted data.
*/
await huks.finishSession(handle, options)
.then((data) => {
console.info(`promise: decrypt data success, data is ` + Uint8ArrayToString(data.outData as Uint8Array));
}).catch((error: Error) => {
console.error(`promise: decrypt data failed, ${JSON.stringify(error)}`);
})
}
async function DeleteKey() {
/*
* Simulate the key deletion scenario.
* 1. Obtain the key alias.
*/
let emptyOptions: huks.HuksOptions = {
properties: []
}
/*
* 2. Call deleteKeyItem to delete the key.
*/
await huks.deleteKeyItem(aesKeyAlias, emptyOptions)
.then((data) => {
console.info(`promise: delete data success`);
}).catch((error: Error) => {
console.error(`promise: delete data failed, ${JSON.stringify(error)}`);
})
}
AES/GCM/NoPadding
/*
* The following uses AES/GCM/NoPadding with promise-based APIs.
*/
import { huks } from '@kit.UniversalKeystoreKit';
let aesKeyAlias = 'test_aesKeyAlias';
let handle: number;
let plainText = '123456';
let cipherData: Uint8Array;
let AAD = '1234567890123456';
let NONCE = '001122334455';
function StringToUint8Array(str: String) {
let arr: number[] = new Array();
for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
return new Uint8Array(arr);
}
function Uint8ArrayToString(fileData: Uint8Array) {
let dataString = '';
for (let i = 0; i < fileData.length; i++) {
dataString += String.fromCharCode(fileData[i]);
}
return dataString;
}
function GetAesGenerateProperties() {
let properties: Array<huks.HuksParam> = [{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
}, {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128
}, {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT|
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
}];
return properties;
}
function GetAesGcmEncryptProperties() {
let properties: Array<huks.HuksParam> = [{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
}, {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128
}, {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
}, {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_NONE
}, {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_GCM
}, {
tag: huks.HuksTag.HUKS_TAG_NONCE,
value: StringToUint8Array(NONCE)
}, {
tag: huks.HuksTag.HUKS_TAG_ASSOCIATED_DATA,
value: StringToUint8Array(AAD)
}];
return properties;
}
function GetAesGcmDecryptProperties(cipherData:Uint8Array) {
let properties: Array<huks.HuksParam> = [
{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_AES
}, {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128
}, {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
}, {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_NONE
}, {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_GCM
}, {
tag: huks.HuksTag.HUKS_TAG_NONCE,
value: StringToUint8Array(NONCE)
}, {
tag: huks.HuksTag.HUKS_TAG_ASSOCIATED_DATA,
value: StringToUint8Array(AAD)
}, {
tag: huks.HuksTag.HUKS_TAG_AE_TAG,
value: cipherData.slice(cipherData.length-16)
}];
return properties;
}
async function GenerateAesKey() {
/*
* Simulate the key generation scenario.
* 1. Set the key alias.
*/
/*
* 2. Obtain the parameters for key generation.
*/
let genProperties = GetAesGenerateProperties();
let options: huks.HuksOptions = {
properties: genProperties
}
/*
* 3. Call generateKeyItem.
*/
await huks.generateKeyItem(aesKeyAlias, options)
.then((data) => {
console.info(`promise: generate AES Key success, data = ${JSON.stringify(data)}`);
}).catch((error: Error) => {
console.error(`promise: generate AES Key failed, ${JSON.stringify(error)}`);
})
}
async function EncryptData() {
/*
* Simulate the encryption scenario.
* 1. Obtain the key alias.
*/
/*
* 2. Obtain the data to be encrypted.
*/
/*
* 3. Obtain the algorithm parameters for encryption.
*/
let encryptProperties = GetAesGcmEncryptProperties();
let options: huks.HuksOptions = {
properties: encryptProperties,
inData: StringToUint8Array(plainText)
}
/*
* 4. Call initSession to obtain a session handle.
*/
await huks.initSession(aesKeyAlias, options)
.then((data) => {
handle = data.handle;
}).catch((error: Error) => {
console.error(`promise: init EncryptDataGcm failed, ${JSON.stringify(error)}`);
})
/*
* 5. Call finishSession to obtain the ciphertext.
*/
await huks.finishSession(handle, options)
.then((data) => {
console.info(`promise: encrypt data success, data is ` + Uint8ArrayToString(data.outData as Uint8Array));
cipherData = data.outData as Uint8Array;
}).catch((error: Error) => {
console.error(`promise: encrypt data failed, ${JSON.stringify(error)}`);
})
}
async function DecryptData() {
/*
* Simulate the decryption scenario.
* 1. Obtain the key alias.
*/
/*
* 2. Obtain the ciphertext to be decrypted.
*/
/*
* 3. Obtain the algorithm parameters for decryption.
*/
let decryptOptions = GetAesGcmDecryptProperties(cipherData)
let options: huks.HuksOptions = {
properties: decryptOptions,
inData: cipherData.slice(0, cipherData.length-16)
}
/*
* 4. Call initSession to obtain a session handle.
*/
await huks.initSession(aesKeyAlias, options)
.then((data) => {
handle = data.handle;
}).catch((error: Error) => {
console.error(`promise: init DecryptDataGcm failed, ${JSON.stringify(error)}`);
})
/*
* 5. Call finishSession to obtain the decrypted data.
*/
await huks.finishSession(handle, options)
.then((data) => {
console.info(`promise: decrypt data success, data is ` + Uint8ArrayToString(data.outData as Uint8Array));
}).catch((error: Error) => {
console.error(`promise: decrypt data failed, ${JSON.stringify(error)}`);
})
}
async function DeleteKey() {
/*
* Simulate the key deletion scenario.
* 1. Obtain the key alias.
*/
let emptyOptions: huks.HuksOptions = {
properties: []
}
/*
* 2. Call deleteKeyItem to delete the key.
*/
await huks.deleteKeyItem(aesKeyAlias, emptyOptions)
.then((data) => {
console.info(`promise: delete data success`);
}).catch((error: Error) => {
console.error(`promise: delete data failed, ${JSON.stringify(error)}`);
})
}
RSA/ECB/PKCS1_V1_5
/*
* The following uses RSA/ECB/PKCS1_V1_5 with promise-based APIs.
*/
import { huks } from '@kit.UniversalKeystoreKit';
let rsaKeyAlias = 'test_rsaKeyAlias';
let handle: number;
let plainText = '123456';
let cipherData: Uint8Array;
function StringToUint8Array(str: String) {
let arr: number[] = new Array();
for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
return new Uint8Array(arr);
}
function Uint8ArrayToString(fileData: Uint8Array) {
let dataString = '';
for (let i = 0; i < fileData.length; i++) {
dataString += String.fromCharCode(fileData[i]);
}
return dataString;
}
function GetRsaGenerateProperties() {
let properties: Array<huks.HuksParam> = [{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
}, {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
}, {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT|
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
}];
return properties;
}
function GetRsaEncryptProperties() {
let properties: Array<huks.HuksParam> = [{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
}, {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
}, {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
}, {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5
}, {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB
}, {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_NONE
}];
return properties;
}
function GetRsaDecryptProperties() {
let properties: Array<huks.HuksParam> = [{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
}, {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
}, {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
}, {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5
}, {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB
}, {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_NONE
}];
return properties;
}
async function GenerateRsaKey() {
/*
* Simulate the key generation scenario.
* 1. Set the key alias.
*/
/*
* 2. Obtain the parameters for key generation.
*/
let genProperties = GetRsaGenerateProperties();
let options: huks.HuksOptions = {
properties: genProperties
}
/*
* 3. Call generateKeyItem.
*/
await huks.generateKeyItem(rsaKeyAlias, options)
.then((data) => {
console.info(`promise: generate RSA Key success, data = ${JSON.stringify(data)}`);
}).catch((error: Error) => {
console.error(`promise: generate RSA Key failed, ${JSON.stringify(error)}`);
})
}
async function EncryptData() {
/*
* Simulate the encryption scenario.
* 1. Obtain the key alias.
*/
/*
* 2. Obtain the data to be encrypted.
*/
/*
* 3. Obtain the algorithm parameters for encryption.
*/
let encryptProperties = GetRsaEncryptProperties();
let options: huks.HuksOptions = {
properties: encryptProperties,
inData: StringToUint8Array(plainText)
}
/*
* 4. Call initSession to obtain a session handle.
*/
await huks.initSession(rsaKeyAlias, options)
.then((data) => {
handle = data.handle;
}).catch((error: Error) => {
console.error(`promise: init EncryptDataRsa failed, ${JSON.stringify(error)}`);
})
/*
* 5. Call finishSession to obtain the ciphertext.
*/
await huks.finishSession(handle, options)
.then((data) => {
console.info(`promise: encrypt data success, data is ` + Uint8ArrayToString(data.outData as Uint8Array));
cipherData = data.outData as Uint8Array;
}).catch((error: Error) => {
console.error(`promise: encrypt data failed, ${JSON.stringify(error)}`);
})
}
async function DecryptData() {
/*
* Simulate the decryption scenario.
* 1. Obtain the key alias.
*/
/*
* 2. Obtain the ciphertext to be decrypted.
*/
/*
* 3. Obtain the algorithm parameters for decryption.
*/
let decryptOptions = GetRsaDecryptProperties()
let options: huks.HuksOptions = {
properties: decryptOptions,
inData: cipherData
}
/*
* 4. Call initSession to obtain a session handle.
*/
await huks.initSession(rsaKeyAlias, options)
.then((data) => {
handle = data.handle;
}).catch((error: Error) => {
console.error(`promise: init DecryptDataRsa failed, ${JSON.stringify(error)}`);
})
/*
* 5. Call finishSession to obtain the decrypted data.
*/
await huks.finishSession(handle, options)
.then((data) => {
console.info(`promise: decrypt data success, data is ` + Uint8ArrayToString(data.outData as Uint8Array));
}).catch((error: Error) => {
console.error(`promise: decrypt data failed, ${JSON.stringify(error)}`);
})
}
async function DeleteKey() {
/*
* Simulate the key deletion scenario.
* 1. Obtain the key alias.
*/
let emptyOptions: huks.HuksOptions = {
properties: []
}
/*
* 2. Call deleteKeyItem to delete the key.
*/
await huks.deleteKeyItem(rsaKeyAlias, emptyOptions)
.then((data) => {
console.info(`promise: delete data success`);
}).catch((error: Error) => {
console.error(`promise: delete data failed, ${JSON.stringify(error)}`);
})
}
RSA/ECB/OAEP/SHA256
/*
* The following uses RSA/ECB/OAEP/SHA256 with promise-based APIs.
*/
import { huks } from '@kit.UniversalKeystoreKit';
let rsaKeyAlias = 'test_rsaKeyAlias';
let handle: number;
let plainText = '123456';
let cipherData: Uint8Array;
function StringToUint8Array(str: String) {
let arr: number[] = new Array();
for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
return new Uint8Array(arr);
}
function Uint8ArrayToString(fileData: Uint8Array) {
let dataString = '';
for (let i = 0; i < fileData.length; i++) {
dataString += String.fromCharCode(fileData[i]);
}
return dataString;
}
function GetRsaGenerateProperties() {
let properties: Array<huks.HuksParam> = [{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
}, {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
}, {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT|
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
}];
return properties;
}
function GetRsaEncryptProperties() {
let properties: Array<huks.HuksParam> = [{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
}, {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
}, {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
}, {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_OAEP
}, {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB
}, {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
}];
return properties;
}
function GetRsaDecryptProperties() {
let properties: Array<huks.HuksParam> = [{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_RSA
}, {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048
}, {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
}, {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_OAEP
}, {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_ECB
}, {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256
}];
return properties;
}
async function GenerateRsaKey() {
/*
* Simulate the key generation scenario.
* 1. Set the key alias.
*/
/*
* 2. Obtain the parameters for key generation.
*/
let genProperties = GetRsaGenerateProperties();
let options: huks.HuksOptions = {
properties: genProperties
}
/*
* 3. Call generateKeyItem.
*/
await huks.generateKeyItem(rsaKeyAlias, options)
.then((data) => {
console.info(`promise: generate RSA Key success, data = ${JSON.stringify(data)}`);
}).catch((error: Error) => {
console.error(`promise: generate RSA Key failed, ${JSON.stringify(error)}`);
})
}
async function EncryptData() {
/*
* Simulate the encryption scenario.
* 1. Obtain the key alias.
*/
/*
* 2. Obtain the data to be encrypted.
*/
/*
* 3. Obtain the algorithm parameters for encryption.
*/
let encryptProperties = GetRsaEncryptProperties();
let options: huks.HuksOptions = {
properties: encryptProperties,
inData: StringToUint8Array(plainText)
}
/*
* 4. Call initSession to obtain a session handle.
*/
await huks.initSession(rsaKeyAlias, options)
.then((data) => {
handle = data.handle;
}).catch((error: Error) => {
console.error(`promise: init EncryptDataRsa failed, ${JSON.stringify(error)}`);
})
/*
* 5. Call finishSession to obtain the ciphertext.
*/
await huks.finishSession(handle, options)
.then((data) => {
console.info(`promise: encrypt data success, data is ` + Uint8ArrayToString(data.outData as Uint8Array));
cipherData = data.outData as Uint8Array;
}).catch((error: Error) => {
console.error(`promise: encrypt data failed, ${JSON.stringify(error)}`);
})
}
async function DecryptData() {
/*
* Simulate the decryption scenario.
* 1. Obtain the key alias.
*/
/*
* 2. Obtain the ciphertext to be decrypted.
*/
/*
* 3. Obtain the algorithm parameters for decryption.
*/
let decryptOptions = GetRsaDecryptProperties()
let options: huks.HuksOptions = {
properties: decryptOptions,
inData: cipherData
}
/*
* 4. Call initSession to obtain a session handle.
*/
await huks.initSession(rsaKeyAlias, options)
.then((data) => {
handle = data.handle;
}).catch((error: Error) => {
console.error(`promise: init DecryptDataRsa failed, ${JSON.stringify(error)}`);
})
/*
* 5. Call finishSession to obtain the decrypted data.
*/
await huks.finishSession(handle, options)
.then((data) => {
console.info(`promise: decrypt data success, data is ` + Uint8ArrayToString(data.outData as Uint8Array));
}).catch((error: Error) => {
console.error(`promise: decrypt data failed, ${JSON.stringify(error)}`);
})
}
async function DeleteKey() {
/*
* Simulate the key deletion scenario.
* 1. Obtain the key alias.
*/
let emptyOptions: huks.HuksOptions = {
properties: []
}
/*
* 2. Call deleteKeyItem to delete the key.
*/
await huks.deleteKeyItem(rsaKeyAlias, emptyOptions)
.then((data) => {
console.info(`promise: delete data success`);
}).catch((error: Error) => {
console.error(`promise: delete data failed, ${JSON.stringify(error)}`);
})
}
SM2
/*
* The following uses SM2 with promise-based APIs.
*/
import { huks } from '@kit.UniversalKeystoreKit';
let sm2KeyAlias = 'test_sm2KeyAlias';
let handle: number;
let plainText = '123456';
let cipherData: Uint8Array;
function StringToUint8Array(str: String) {
let arr: number[] = new Array();
for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
return new Uint8Array(arr);
}
function Uint8ArrayToString(fileData: Uint8Array) {
let dataString = '';
for (let i = 0; i < fileData.length; i++) {
dataString += String.fromCharCode(fileData[i]);
}
return dataString;
}
function GetSm2GenerateProperties() {
let properties: Array<huks.HuksParam> = [{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_SM2
}, {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_SM2_KEY_SIZE_256
}, {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT|
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
}];
return properties;
}
function GetSm2EncryptProperties() {
let properties: Array<huks.HuksParam> = [{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_SM2
}, {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_SM2_KEY_SIZE_256
}, {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
}, {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SM3
}];
return properties;
}
function GetSm2DecryptProperties() {
let properties: Array<huks.HuksParam> = [{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_SM2
}, {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_SM2_KEY_SIZE_256
}, {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
}, {
tag: huks.HuksTag.HUKS_TAG_DIGEST,
value: huks.HuksKeyDigest.HUKS_DIGEST_SM3
}];
return properties;
}
async function GenerateSm2Key() {
/*
* Simulate the key generation scenario.
* 1. Set the key alias.
*/
/*
* 2. Obtain the parameters for key generation.
*/
let genProperties = GetSm2GenerateProperties();
let options: huks.HuksOptions = {
properties: genProperties
}
/*
* 3. Call generateKeyItem.
*/
await huks.generateKeyItem(sm2KeyAlias, options)
.then((data) => {
console.info(`promise: generate SM2 Key success, data = ${JSON.stringify(data)}`);
}).catch((error: Error) => {
console.error(`promise: generate SM2 Key failed, ${JSON.stringify(error)}`);
})
}
async function EncryptDataSm2() {
/*
* Simulate the encryption scenario.
* 1. Obtain the key alias.
*/
/*
* 2. Obtain the data to be encrypted.
*/
/*
* 3. Obtain the algorithm parameters for encryption.
*/
let encryptProperties = GetSm2EncryptProperties();
let options: huks.HuksOptions = {
properties: encryptProperties,
inData: StringToUint8Array(plainText)
}
/*
* 4. Call initSession to obtain a session handle.
*/
await huks.initSession(sm2KeyAlias, options)
.then((data) => {
handle = data.handle;
}).catch((error: Error) => {
console.error(`promise: init EncryptDataSm2 failed, ${JSON.stringify(error)}`);
})
/*
* 5. Call finishSession to obtain the ciphertext.
*/
await huks.finishSession(handle, options)
.then((data) => {
console.info(`promise: encrypt data success, data is ` + Uint8ArrayToString(data.outData as Uint8Array));
cipherData = data.outData as Uint8Array;
}).catch((error: Error) => {
console.error(`promise: encrypt data failed, ${JSON.stringify(error)}`);
})
}
async function DecryptDataSm2() {
/*
* Simulate the decryption scenario.
* 1. Obtain the key alias.
*/
/*
* 2. Obtain the ciphertext to be decrypted.
*/
/*
* 3. Obtain the algorithm parameters for decryption.
*/
let decryptOptions = GetSm2DecryptProperties()
let options: huks.HuksOptions = {
properties: decryptOptions,
inData: cipherData
}
/*
* 4. Call initSession to obtain a session handle.
*/
await huks.initSession(sm2KeyAlias, options)
.then((data) => {
handle = data.handle;
}).catch((error: Error) => {
console.error(`promise: init DecryptDataSm2 failed, ${JSON.stringify(error)}`);
})
/*
* 5. Call finishSession to obtain the decrypted data.
*/
await huks.finishSession(handle, options)
.then((data) => {
console.info(`promise: decrypt data success, data is ` + Uint8ArrayToString(data.outData as Uint8Array));
}).catch((error: Error) => {
console.error(`promise: decrypt data failed, ${JSON.stringify(error)}`);
})
}
async function DeleteKey() {
/*
* Simulate the key deletion scenario.
* 1. Obtain the key alias.
*/
let emptyOptions: huks.HuksOptions = {
properties: []
}
/*
* 2. Call deleteKeyItem to delete the key.
*/
await huks.deleteKeyItem(sm2KeyAlias, emptyOptions)
.then((data) => {
console.info(`promise: delete data success`);
}).catch((error: Error) => {
console.error(`promise: delete data failed, ${JSON.stringify(error)}`);
})
}
DES/CBC/NoPadding
/*
* The following uses DES/CBC/NoPadding with promise-based APIs as an example.
*/
import { huks } from '@kit.UniversalKeystoreKit';
let desKeyAlias = 'test_desKeyAlias';
let handle: number;
let plainText = '12345678';
let IV = '12345678';
let cipherData: Uint8Array;
function StringToUint8Array(str: String) {
let arr: number[] = new Array();
for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
return new Uint8Array(arr);
}
function Uint8ArrayToString(fileData: Uint8Array) {
let dataString = '';
for (let i = 0; i < fileData.length; i++) {
dataString += String.fromCharCode(fileData[i]);
}
return dataString;
}
function GetDesGenerateProperties() {
let properties: Array<huks.HuksParam> = [{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_DES
}, {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_DES_KEY_SIZE_64
}, {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT|
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
}];
return properties;
}
function GetDesEncryptProperties() {
let properties: Array<huks.HuksParam> = [{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_DES
}, {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_DES_KEY_SIZE_64
}, {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT
}, {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_NONE
}, {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_CBC
}, {
tag: huks.HuksTag.HUKS_TAG_IV,
value: StringToUint8Array(IV)
}];
return properties;
}
function GetDesDecryptProperties() {
let properties: Array<huks.HuksParam> = [{
tag: huks.HuksTag.HUKS_TAG_ALGORITHM,
value: huks.HuksKeyAlg.HUKS_ALG_DES
}, {
tag: huks.HuksTag.HUKS_TAG_KEY_SIZE,
value: huks.HuksKeySize.HUKS_DES_KEY_SIZE_64
}, {
tag: huks.HuksTag.HUKS_TAG_PURPOSE,
value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT
}, {
tag: huks.HuksTag.HUKS_TAG_PADDING,
value: huks.HuksKeyPadding.HUKS_PADDING_NONE
}, {
tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE,
value: huks.HuksCipherMode.HUKS_MODE_CBC
}, {
tag: huks.HuksTag.HUKS_TAG_IV,
value: StringToUint8Array(IV)
}];
return properties;
}
async function GenerateDesKey() {
/*
* Simulate the key generation scenario.
* 1. Set the key alias.
*/
/*
* 2. Obtain the parameters for key generation.
*/
let genProperties = GetDesGenerateProperties();
let options: huks.HuksOptions = {
properties: genProperties
}
/*
* 3. Call generateKeyItem.
*/
await huks.generateKeyItem(desKeyAlias, options)
.then((data) => {
console.info(`promise: generate DES Key success, data = ${JSON.stringify(data)}`);
}).catch((error: Error) => {
console.error(`promise: generate DES Key failed, ${JSON.stringify(error)}`);
})
}
async function EncryptData() {
/*
* Simulate the encryption scenario.
* 1. Obtain the key alias.
*/
/*
* 2. Obtain the data to be encrypted.
*/
/*
* 3. Obtain the algorithm parameters for encryption.
*/
let encryptProperties = GetDesEncryptProperties();
let options: huks.HuksOptions = {
properties: encryptProperties,
inData: StringToUint8Array(plainText)
}
/*
* 4. Call initSession to obtain a session handle.
*/
await huks.initSession(desKeyAlias, options)
.then((data) => {
handle = data.handle;
}).catch((error: Error) => {
console.error(`promise: init EncryptData failed, ${JSON.stringify(error)}`);
})
/*
* 5. Call finishSession to obtain the ciphertext.
*/
await huks.finishSession(handle, options)
.then((data) => {
console.info(`promise: encrypt data success, data is ` + Uint8ArrayToString(data.outData as Uint8Array));
cipherData = data.outData as Uint8Array;
}).catch((error: Error) => {
console.error(`promise: encrypt data failed, ${JSON.stringify(error)}`);
})
}
async function DecryptData() {
/*
* Simulate the decryption scenario.
* 1. Obtain the key alias.
*/
/*
* 2. Obtain the ciphertext to be decrypted.
*/
/*
* 3. Obtain the algorithm parameters for decryption.
*/
let decryptOptions = GetDesDecryptProperties()
let options: huks.HuksOptions = {
properties: decryptOptions,
inData: cipherData
}
/*
* 4. Call initSession to obtain a session handle.
*/
await huks.initSession(desKeyAlias, options)
.then((data) => {
handle = data.handle;
}).catch((error: Error) => {
console.error(`promise: init DecryptData failed, ${JSON.stringify(error)}`);
})
/*
* 5. Call finishSession to obtain the decrypted data.
*/
await huks.finishSession(handle, options)
.then((data) => {
console.info(`promise: decrypt data success, data is ` + Uint8ArrayToString(data.outData as Uint8Array));
}).catch((error: Error) => {
console.error(`promise: decrypt data failed, ${JSON.stringify(error)}`);
})
}
async function DeleteKey() {
/*
* Simulate the key deletion scenario.
* 1. Obtain the key alias.
*/
let emptyOptions: huks.HuksOptions = {
properties: []
}
/*
* 2. Call deleteKeyItem to delete the key.
*/
await huks.deleteKeyItem(desKeyAlias, emptyOptions)
.then((data) => {
console.info(`promise: delete data success`);
}).catch((error: Error) => {
console.error(`promise: delete data failed, ${JSON.stringify(error)}`);
})
}
你可能感兴趣的鸿蒙文章
harmony 鸿蒙Universal Keystore Kit (Key Management Service)
harmony 鸿蒙Specifying the User for Key Operations (for System Applications Only)
harmony 鸿蒙Checking a Key (ArkTS)
harmony 鸿蒙Checking a Key (C/C++)
harmony 鸿蒙Basic Concepts of HUKS
harmony 鸿蒙Deleting a Key (ArkTS)
harmony 鸿蒙Deleting a Key (C/C++)
harmony 鸿蒙Encryption and Decryption (C/C++)
harmony 鸿蒙Encryption and Decryption Overview and Algorithm Specifications
0
赞
- 所属分类: 后端技术
- 本文标签:
热门推荐
-
2、 - 优质文章
-
3、 gate.io
-
8、 golang
-
9、 openharmony
-
10、 Vue中input框自动聚焦