HarmonyOS 鸿蒙Next使用服务端下发的PEM编码的RSA公钥对明文数据进行加密
HarmonyOS 鸿蒙Next使用服务端下发的PEM编码的RSA公钥对明文数据进行加密
PEM编码参考:https://blog.csdn.net/qq_39385118/article/details/107510032 找到对应的编码格式,如PKCS#1格式如下:
const publicKey = "-----BEGIN RSA PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtTrS+vmd2Q8aRsUkANRIww8xu\nGbWy44UB6eTsodWzHsGj0vy8Yf35D47mK29zUxwqh2wKwWrin84JfL0jfvLvNL0N\nuxbXeeujTjsIutO1nlKwoQTXKR6RfaXzr4PqE5DEmm8t8PN8hDqA45DiI9ILuPiM\ntzO/b9EpLDwth/42cQIDAQAB\n-----END RSA PUBLIC KEY-----\n"
在Android代码中,你可能会正则去除开始与结尾的label以及换行符,然后使用类似以下的代码重新编码:
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKeyEncodeBytes);
KeyFactory kf = KeyFactory.getInstance(RSA);
PublicKey publicKey = kf.generatePublic(keySpec);
而在鸿蒙中,PEM 格式的公钥,有对应的 api 进行转换: https://developer.huawei.com/consumer/cn/doc/harmonyos-references-V5/js-apis-cryptoframework-V5#convertpemkey12
转换代码如下:
const rsaGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024')
// 注意,该 publicKey 不需要经过正则去除 label、换行等信息,直接透传即可(前提是符合标准PEM格式)
const keyPair = await rsaGenerator.convertPemKey(publicKey, null)
其中,RSA1024 为公钥对应的 base64 长度,根据服务端下发的公钥对比后填写对应长度,对应关系如下:
完整代码参考:
export async function rsaEncrypt(publicKey: string, painText: string | undefined): Promise<string> {
const rsaGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024')
const keyPair = await rsaGenerator.convertPemKey(publicKey, null)
const cipher = cryptoFramework.createCipher('RSA1024|PKCS1_OAEP|SHA256|MGF1_SHA256')
await cipher.init(cryptoFramework.CryptoMode.ENCRYPT_MODE, keyPair.pubKey, null)
const plainTextBlob: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(painText, 'utf-8').buffer) }
const encryptBlob = await cipher.doFinal(plainTextBlob)
const base64Helper = new util.Base64Helper()
return base64Helper.encodeToStringSync(encryptBlob.data)
}
>
