数字签名算法结合了非对称加密算法和摘要算法,使用私钥对数据进行签名,使用公钥对签名数据进行验证,用于验证数据的来源和完整性。常见的数字签名算法包括:
RSA with SHA-256:结合RSA非对称加密算法和SHA-256摘要算法,用于数字签名和验证。
SM2 with SM3:结合SM2非对称加密算法和SM3摘要算法,用于数字签名和验证。
1 签名验签流程
-
生成非对称密钥。通过createAsyKeyGenerator接口创建AsyKeyGenerator对象,并生成RSA或SM2非对称密钥。
-
生成Sign对象。通过createSign接口创建Sign对象,执行初始化操作并设置签名私钥。
-
执行签名操作。通过Sign类提供的init、sign 接口直接完成签名;也可以调用update接口,添加签名数据,并调用doFinal接口生成数据的签名。
-
生成Verify对象。通过createVerify接口创建Verify对象,执行初始化操作并设置验签公钥。
-
执行验签操作。通过Verify类提供的init、verify接口直接完成验签;也可以调用update接口,添加签名数据,并调用doFinal接口传入签名进行验签。
2 签名验签功能
生成密钥功能:
密钥算法可传入:
-
RSA2048|PRIMES_2
-
SM2_256
/**
* 生成非对称密钥对
* @param algName 密钥算法
* @returns 密钥
*/
function generateKeyPromise(algName: string): Promise<cryptoFramework.KeyPair> {
return new Promise((resolve, reject) => {
let rsaGenerator = cryptoFramework.createAsyKeyGenerator(algName);
let keyGenPromise = rsaGenerator.generateKeyPair();
keyGenPromise.then(key => resolve(key))
.catch((error: BusinessError) => reject(error));
});
}
签名功能:
签名算法可传入:
-
RSA2048|PKCS1|SHA256
-
SM2_256|SM3
/**
* 签名(Promise方式)
* @param algName 签名算法
* @param plainDataBlob 数据原文
* @param rsaKeyPair 密钥
* @returns
*/
function signPromise(algName: string, plainDataBlob: cryptoFramework.DataBlob,
keyPair: cryptoFramework.KeyPair): Promise<cryptoFramework.DataBlob> {
return new Promise((resolve, reject) => {
let signer = cryptoFramework.createSign(algName);
let cipherText: cryptoFramework.DataBlob;
signer.init(keyPair.priKey)
.then(() => {
return signer.sign(plainDataBlob);
})
.then((updateOutput) => {
cipherText = updateOutput;
resolve(cipherText);
})
.catch((error: BusinessError) => reject(error));
});
}
验签功能:
/**
* 验签(Promise方式)
* @param algName 验签算法
* @param plainDataBlob 数据原文
* @param signDataBlob 签名数据
* @param rsaKeyPair 密钥
* @returns 验签结果
*/
function verifyPromise(algName: string, plainDataBlob: cryptoFramework.DataBlob,
signDataBlob: cryptoFramework.DataBlob, keyPair: cryptoFramework.KeyPair): Promise<boolean> {
return new Promise((resolve, reject) => {
let verify = cryptoFramework.createVerify(algName);
verify.init(keyPair.pubKey)
.then(() => {
return verify.verify(plainDataBlob, signDataBlob);
})
.then((res) => {
resolve(res);
})
.catch((error: BusinessError) => reject(error));
});
}
3 完整示例代码
import cryptoFramework from '@ohos.security.cryptoFramework';
import { BusinessError } from '@ohos.base';
import Logger from '../utils/Logger';
import util from '@ohos.util';
const TAG = '[SignaturePage]';
// 生成的密钥
let key: cryptoFramework.KeyPair;
@Entry
@Component
struct SignaturePage {
@State message: string = '你好';
signBase64: string = "";
// 密钥算法
// algName: string = 'RSA2048|PRIMES_2';
algName: string = 'SM2_256';
// 签名算法
// signAlgName: string = 'RSA2048|PKCS1|SHA256';
signAlgName: string = 'SM2_256|SM3';
build() {
Row() {
Column({ space: 12 }) {
Text(this.message)
.fontSize(30)
Button('生成秘钥').onClick(() => {
let array = stringToUint8Array(this.message);
let str = uint8ArrayToString(array);
Logger.info(TAG, "str: " + str);
generateKeyPromise(this.algName).then((keyPair: cryptoFramework.KeyPair) => {
key = keyPair;
Logger.info(TAG, "生成秘钥了")
let that = new util.Base64Helper();
let pubKeyBase64 = that.encodeToStringSync(keyPair.pubKey.getEncoded().data);
Logger.info(TAG, "generateKey success, pubKeyBase64: " + pubKeyBase64);
let priKeyBase64 = that.encodeToStringSync(keyPair.priKey.getEncoded().data);
Logger.info(TAG, "generateKey success, priKeyBase64: " + priKeyBase64);
// 根据指定的非对称密钥二进制数据,生成KeyPair对象
let generator = cryptoFramework.createAsyKeyGenerator(this.algName);
// 公钥
let pubKeyUint8Array = keyPair.pubKey.getEncoded().data
let pubKeyBlob: cryptoFramework.DataBlob = { data: pubKeyUint8Array };
// 私钥
let priKeyUint8Array = keyPair.priKey.getEncoded().data
let priKeyBlob: cryptoFramework.DataBlob = { data: priKeyUint8Array };
// 生成KeyPair对象
generator.convertKey(pubKeyBlob, priKeyBlob, (err, keyPair) => {
if (err) {
AlertDialog.show({ message: 'Convert keyPair fail' });
return;
}
AlertDialog.show({ message: 'Convert keyPair success' });
let pubKeyBase64 = that.encodeToStringSync(keyPair.pubKey.getEncoded().data);
Logger.info(TAG, "rsaGenerator.convertKey success, pubKeyBase64: " + pubKeyBase64);
let priKeyBase64 = that.encodeToStringSync(keyPair.priKey.getEncoded().data);
Logger.info(TAG, "generateKey success, priKeyBase64: " + priKeyBase64);
})
}).catch((error: BusinessError) => {
Logger.error(TAG, 'Error:' + error);
});
});
Button('签名').onClick(() => {
let input: cryptoFramework.DataBlob = { data: stringToUint8Array(this.message) };
signPromise(this.signAlgName, input, key).then((data: cryptoFramework.DataBlob) => {
Logger.info(TAG, "签名成功了")
AlertDialog.show({ message: 'signPromise success' });
// 签名后的数据转化为base64
let base64 = new util.Base64Helper();
this.signBase64 = base64.encodeToStringSync(data.data);
Logger.info(TAG, "signBase64:" + this.signBase64);
}).catch((error: BusinessError) => {
Logger.error(TAG, 'Error:' + error);
});
});
Button('验签').onClick(() => {
// 签名后的数据从base64转化为dataBlob
let base64 = new util.Base64Helper();
let uint8Array = base64.decodeSync(this.signBase64);
let dataBlob: cryptoFramework.DataBlob = { data: uint8Array };
let input: cryptoFramework.DataBlob = { data: stringToUint8Array(this.message) };
verifyPromise(this.signAlgName, input, dataBlob, key).then((data: boolean) => {
Logger.info(TAG, "验签成功了,结果为:" + data)
AlertDialog.show({ message: 'verifyPromise result: ' + data });
}).catch((error: BusinessError) => {
Logger.error(TAG, 'Error:' + error);
});
});
}
.width('100%')
}
.height('100%')
}
}
// 可理解的字符串转成字节流
function stringToUint8Array(str: string): Uint8Array {
let textEncoder = new util.TextEncoder("utf-8");
return textEncoder.encodeInto(str);
}
// 字节流转成可理解的字符串
function uint8ArrayToString(array: Uint8Array) {
let textDecoder = util.TextDecoder.create('utf-8', { ignoreBOM: true })
return textDecoder.decodeWithStream(array);
}
/**
* 生成非对称密钥对
* @param algName 密钥算法
* @returns 密钥
*/
function generateKeyPromise(algName: string): Promise<cryptoFramework.KeyPair> {
return new Promise((resolve, reject) => {
let rsaGenerator = cryptoFramework.createAsyKeyGenerator(algName);
let keyGenPromise = rsaGenerator.generateKeyPair();
keyGenPromise.then(key => resolve(key))
.catch((error: BusinessError) => reject(error));
});
}
/**
* 签名(Promise方式)
* @param algName 签名算法
* @param plainDataBlob 数据原文
* @param rsaKeyPair 密钥
* @returns
*/
function signPromise(algName: string, plainDataBlob: cryptoFramework.DataBlob,
keyPair: cryptoFramework.KeyPair): Promise<cryptoFramework.DataBlob> {
return new Promise((resolve, reject) => {
let signer = cryptoFramework.createSign(algName);
let cipherText: cryptoFramework.DataBlob;
signer.init(keyPair.priKey)
.then(() => {
return signer.sign(plainDataBlob);
})
.then((updateOutput) => {
cipherText = updateOutput;
resolve(cipherText);
})
.catch((error: BusinessError) => reject(error));
});
}
/**
* 验签(Promise方式)
* @param algName 验签算法
* @param plainDataBlob 数据原文
* @param signDataBlob 签名数据
* @param rsaKeyPair 密钥
* @returns 验签结果
*/
function verifyPromise(algName: string, plainDataBlob: cryptoFramework.DataBlob,
signDataBlob: cryptoFramework.DataBlob, keyPair: cryptoFramework.KeyPair): Promise<boolean> {
return new Promise((resolve, reject) => {
let verify = cryptoFramework.createVerify(algName);
verify.init(keyPair.pubKey)
.then(() => {
return verify.verify(plainDataBlob, signDataBlob);
})
.then((res) => {
resolve(res);
})
.catch((error: BusinessError) => reject(error));
});
}
最后,为了能够让大家跟上互联网时代的技术迭代,赶上互联网开发人员寒冬期间一波红利,在这里跟大家分享一下我自己近期学习心得以及参考网上资料整理出的一份最新版的鸿蒙学习提升资料,有需要的小伙伴自行领取,限时开源,先到先得~无套路领取!!!
🚀写在最后
- 如果你觉得这篇内容对你还蛮有帮助,我想邀请你帮我三个小忙:
- 点赞,转发,有你们的 『点赞和评论』,才是我创造的动力。
- 关注小编,同时可以期待后续文章ing🚀,不定期分享原创知识。
- 想要获取更多完整鸿蒙最新VIP学习资料,请点击→纯血版全套鸿蒙HarmonyOS学习资料