harmony 鸿蒙使用SM2非对称密钥加解密(ArkTS)

  • 2025-06-16
  • 浏览 (3)

使用SM2非对称密钥加解密(ArkTS)

对应的算法规格请查看非对称密钥加解密算法规格:SM2

加密

  1. 调用cryptoFramework.createAsyKeyGeneratorAsyKeyGenerator.generateKeyPair,生成RSA密钥类型为SM2_256的非对称密钥对(KeyPair)。KeyPair对象中包括公钥PubKey、私钥PriKey。

如何生成SM2非对称密钥对,开发者可参考下文示例,并结合非对称密钥生成和转换规格:SM2随机生成非对称密钥对理解,参考文档与当前示例可能存在入参差异,请在阅读时注意区分。

  1. 调用cryptoFramework.createCipher,指定字符串参数’SM2_256|SM3’,创建非对称密钥类型为SM2_256、摘要算法为SM3的Cipher实例,用于完成加解密操作。

  2. 调用Cipher.init,设置模式为加密(CryptoMode.ENCRYPT_MODE),指定加密密钥(KeyPair.PubKey),初始化加密Cipher实例。

非对称密钥无加密参数,直接传入null。

  1. 调用Cipher.doFinal,传入明文,获取加密后的数据。

    • doFinal输出结果可能为null,在访问具体数据前,需要先判断结果是否为null,避免产生异常。
    • 当数据量较大时,可以多次调用doFinal,即分段加解密。

解密

  1. 由于SM2算法的Cipher实例不支持重复init操作,需要调用cryptoFramework.createCipher,重新生成Cipher实例。

  2. 调用Cipher.init,设置模式为解密(CryptoMode.DECRYPT_MODE),指定解密密钥(KeyPair.PriKey)初始化解密Cipher实例。SM2无加密参数,直接传入null。

  3. 调用Cipher.doFinal,传入密文,获取解密后的数据。

  4. 异步方法示例:

  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
  import { buffer } from '@kit.ArkTS';

  // 加密消息。
  async function encryptMessagePromise(publicKey: cryptoFramework.PubKey, plainText: cryptoFramework.DataBlob) {
    let cipher = cryptoFramework.createCipher('SM2_256|SM3');
    await cipher.init(cryptoFramework.CryptoMode.ENCRYPT_MODE, publicKey, null);
    let encryptData = await cipher.doFinal(plainText);
    return encryptData;
  }
  // 解密消息。
  async function decryptMessagePromise(privateKey: cryptoFramework.PriKey, cipherText: cryptoFramework.DataBlob) {
    let decoder = cryptoFramework.createCipher('SM2_256|SM3');
    await decoder.init(cryptoFramework.CryptoMode.DECRYPT_MODE, privateKey, null);
    let decryptData = await decoder.doFinal(cipherText);
    return decryptData;
  }
  // 生成SM2密钥对。
  async function genKeyPairByData(pubKeyData: Uint8Array, priKeyData: Uint8Array) {
    let pubKeyBlob: cryptoFramework.DataBlob = { data: pubKeyData };
    let priKeyBlob: cryptoFramework.DataBlob = { data: priKeyData };
    let sm2Generator = cryptoFramework.createAsyKeyGenerator('SM2_256');
    let keyPair = await sm2Generator.convertKey(pubKeyBlob, priKeyBlob);
    console.info('convertKey success');
    return keyPair;
  }
  async function main() {
    let pkData = new Uint8Array([48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 129, 28, 207, 85, 1, 130, 45, 3, 66, 0, 4, 90, 3, 58, 157, 190, 248, 76, 7, 132, 200, 151, 208, 112, 230, 96, 140, 90, 238, 211, 155, 128, 109, 248, 40, 83, 214, 78, 42, 104, 106, 55, 148, 249, 35, 61, 32, 221, 135, 143, 100, 45, 97, 194, 176, 52, 73, 136, 174, 40, 70, 70, 34, 103, 103, 161, 99, 27, 187, 13, 187, 109, 244, 13, 7]);
    let skData = new Uint8Array([48, 49, 2, 1, 1, 4, 32, 54, 41, 239, 240, 63, 188, 134, 113, 31, 102, 149, 203, 245, 89, 15, 15, 47, 202, 170, 60, 38, 154, 28, 169, 189, 100, 251, 76, 112, 223, 156, 159, 160, 10, 6, 8, 42, 129, 28, 207, 85, 1, 130, 45]);
    let keyPair = await genKeyPairByData(pkData, skData);
    let pubKey = keyPair.pubKey;
    let priKey = keyPair.priKey;
    let message = 'This is a test';
    // 把字符串按utf-8解码为Uint8Array。
    let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) };
    let encryptText = await encryptMessagePromise(pubKey, plainText);
    let decryptText = await decryptMessagePromise(priKey, encryptText);
    if (plainText.data.toString() === decryptText.data.toString()) {
      console.info('decrypt ok');
      // 把Uint8Array按utf-8编码为字符串。
      let messageDecrypted = buffer.from(decryptText.data).toString('utf-8');
      console.info('decrypted result string:' + messageDecrypted);
    } else {
      console.error('decrypt failed');
    }
  }
  • 同步方法示例:
  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
  import { buffer } from '@kit.ArkTS';

  // 加密消息。
  function encryptMessage(publicKey: cryptoFramework.PubKey, plainText: cryptoFramework.DataBlob) {
    let cipher = cryptoFramework.createCipher('SM2_256|SM3');
    cipher.initSync(cryptoFramework.CryptoMode.ENCRYPT_MODE, publicKey, null);
    let encryptData = cipher.doFinalSync(plainText);
    return encryptData;
  }
  // 解密消息。
  function decryptMessage(privateKey: cryptoFramework.PriKey, cipherText: cryptoFramework.DataBlob) {
    let decoder = cryptoFramework.createCipher('SM2_256|SM3');
    decoder.initSync(cryptoFramework.CryptoMode.DECRYPT_MODE, privateKey, null);
    let decryptData = decoder.doFinalSync(cipherText);
    return decryptData;
  }
  // 生成SM2密钥对。
  function genKeyPairByData(pubKeyData: Uint8Array, priKeyData: Uint8Array) {
    let pubKeyBlob: cryptoFramework.DataBlob = { data: pubKeyData };
    let priKeyBlob: cryptoFramework.DataBlob = { data: priKeyData };
    let sm2Generator = cryptoFramework.createAsyKeyGenerator('SM2_256');
    let keyPair = sm2Generator.convertKeySync(pubKeyBlob, priKeyBlob);
    console.info('convertKeySync success');
    return keyPair;
  }
  function main() {
    let pkData = new Uint8Array([48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 129, 28, 207, 85, 1, 130, 45, 3, 66, 0, 4, 90, 3, 58, 157, 190, 248, 76, 7, 132, 200, 151, 208, 112, 230, 96, 140, 90, 238, 211, 155, 128, 109, 248, 40, 83, 214, 78, 42, 104, 106, 55, 148, 249, 35, 61, 32, 221, 135, 143, 100, 45, 97, 194, 176, 52, 73, 136, 174, 40, 70, 70, 34, 103, 103, 161, 99, 27, 187, 13, 187, 109, 244, 13, 7]);
    let skData = new Uint8Array([48, 49, 2, 1, 1, 4, 32, 54, 41, 239, 240, 63, 188, 134, 113, 31, 102, 149, 203, 245, 89, 15, 15, 47, 202, 170, 60, 38, 154, 28, 169, 189, 100, 251, 76, 112, 223, 156, 159, 160, 10, 6, 8, 42, 129, 28, 207, 85, 1, 130, 45]);
    let keyPair = genKeyPairByData(pkData, skData);
    let pubKey = keyPair.pubKey;
    let priKey = keyPair.priKey;
    let message = 'This is a test';
    // 把字符串按utf-8解码为Uint8Array。
    let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) };
    let encryptText = encryptMessage(pubKey, plainText);
    let decryptText = decryptMessage(priKey, encryptText);
    if (plainText.data.toString() === decryptText.data.toString()) {
      console.info('decrypt ok');
      // 把Uint8Array按utf-8编码为字符串。
      let messageDecrypted = buffer.from(decryptText.data).toString('utf-8');
      console.info('decrypted result string:' + messageDecrypted);
    } else {
      console.error('decrypt failed');
    }
  }

你可能感兴趣的鸿蒙文章

harmony 鸿蒙Crypto Architecture Kit(加解密算法框架服务)

harmony 鸿蒙使用3DES对称密钥(ECB模式)加解密(C/C++)

harmony 鸿蒙使用3DES对称密钥(ECB模式)加解密(ArkTS)

harmony 鸿蒙使用AES对称密钥(CBC模式)加解密(C/C++)

harmony 鸿蒙使用AES对称密钥(CBC模式)加解密(ArkTS)

harmony 鸿蒙使用AES对称密钥(CCM模式)加解密(C/C++)

harmony 鸿蒙使用AES对称密钥(CCM模式)加解密(ArkTS)

harmony 鸿蒙使用AES对称密钥(ECB模式)加解密(C/C++)

harmony 鸿蒙使用AES对称密钥(ECB模式)加解密(ArkTS)

harmony 鸿蒙使用AES对称密钥(GCM模式)分段加解密(C/C++)

0  赞
  • 所属分类: 后端技术
  • 本文标签: 软件 鸿蒙
  • 版权声明: 原创文章如转载,请注明本文链接: https://m.seaxiang.com/blog/wOTvFF
热门推荐
标签云
Linux Java Spring Spring Boot docker 大数据 前端 生活 maven golang 软件 spring cloud fintech mac vscode 其他 区块链 以太坊 V神 开发者 技术 股票 git greenplum 分布式事务 chrome mysql flink kafka 设计模式 原理 鸿蒙 seo
最新文章
本文目录