通过 SubtleCrypto 对象可以使用公钥算法用私钥生成签名,或者用公钥验证签名。这两种操作 分别通过 SubtleCrypto.sign()和 SubtleCrypto.verify()方法完成。 22
签名消息需要传入参数对象以指定算法和必要的值、CryptoKey 和要签名的 ArrayBuffer 或 ArrayBufferView。下面的例子会生成一个椭圆曲线密钥对,并使用私钥签名消息:
(async function() {
const keyParams = {
name: 'ECDSA',
namedCurve: 'P-256'
};
onst keyUsages = ['sign', 'verify'];
const {publicKey, privateKey} = await crypto.subtle.generateKey(keyParams, true, keyUsages);
const message = (new TextEncoder()).encode('I am Satoshi Nakamoto');
const signParams = {
name: 'ECDSA',
hash: 'SHA-256'
};
const signature = await crypto.subtle.sign(signParams, privateKey, message);
console.log(new Uint32Array(signature));
// Uint32Array(16) [2202267297, 698413658, 1501924384, 691450316, 778757775, ... ] })();
希望通过这个签名验证消息的人可以使用公钥和 SubtleCrypto.verify()方法。这个方法的签名 几乎与 sign()相同,只是必须提供公钥以及签名。下面的例子通过验证生成的签名扩展了前面的例子:
const keyParams = {
name: 'ECDSA',
namedCurve: 'P-256'
};
const keyUsages = ['sign', 'verify'];
const {publicKey, privateKey} = await crypto.subtle.generateKey(keyParams, true, keyUsages);
const message = (new TextEncoder()).encode('I am Satoshi Nakamoto');
const signParams = {
name: 'ECDSA',
hash: 'SHA-256'
};
const signature = await crypto.subtle.sign(signParams, privateKey, message);
const verified = await crypto.subtle.verify(signParams, publicKey, signature, message);
console.log(verified); // true
})();
使用对称密钥加密和解密
SubtleCrypto 对象支持使用公钥和对称算法加密和解密消息。这两种操作分别通过 SubtleCrypto.
encrypt()和 SubtleCrypto.decrypt()方法完成。 加密消息需要传入参数对象以指定算法和必要的值、加密密钥和要加密的数据。下面的例子会生成
对称 AES-CBC 密钥,用它加密消息,最后解密消息: (async function() {
const algoIdentifier = 'AES-CBC';
const keyParams = {
name: algoIdentifier,
length: 256
};
const keyUsages = ['encrypt', 'decrypt'];
const key = await crypto.subtle.generateKey(keyParams, true,
keyUsages);
const originalPlaintext = (new TextEncoder()).encode('I am Satoshi Nakamoto');
const encryptDecryptParams = {
name: algoIdentifier,
iv: crypto.getRandomValues(new Uint8Array(16))
};
const ciphertext = await crypto.subtle.encrypt(encryptDecryptParams, key, originalPlaintext);
console.log(ciphertext);
// ArrayBuffer(32) {}
const decryptedPlaintext = await crypto.subtle.decrypt(encryptDecryptParams, key, ciphertext);
console.log(key); 25 // CryptoKey {type: "secret", extractable: true, algorithm: {...}, usages: Array(1)}
console.log((new TextDecoder()).decode(decryptedPlaintext));
// I am Satoshi Nakamoto
})();