51CTO首页
AI.x社区
博客
学堂
精品班
软考社区
免费课
企业培训
鸿蒙开发者社区
信创认证
公众号矩阵
移动端
视频课免费课排行榜短视频直播课软考学堂
全部课程软考信创认证华为认证厂商认证IT技术PMP项目管理免费题库
在线学习
文章资源问答课堂专栏直播
51CTO
鸿蒙开发者社区
51CTO技术栈
51CTO官微
51CTO学堂
51CTO博客
CTO训练营
鸿蒙开发者社区订阅号
51CTO软考
51CTO学堂APP
51CTO学堂企业版APP
鸿蒙开发者社区视频号
51CTO软考题库
活动 短视频 专栏 极客Show 鸿蒙技术特刊

HUKS对于超过100k的明文数据加解密的处理

再加解密中,如果需要加密的明文超过一定的限制(超出100k),此时用常规的加解密已经不可以满足,需要使用分段加解密去处理。

HarmonyOS
她是猫鳄鱼
2024-05-28 21:21:48
浏览
收藏 0
回答 1
待解决
回答 1
按赞同
/
按时间
kersin
kersin

使用的核心API

@ohos.security.huks

核心代码解释

private static DEF_KEY_ALIAS = "phx_def_alias";//密钥别名 
  //每次分段的长度设置 
  const MAX_UPDATE_SESSION_LENGTH = 1024; 
  //使用GCM模式需要配置tag里的的三个必要参数 
  private static AAD_LENGTH = 16; 
  private static AEAD_LENGTH = 16; 
  private static NONCE_LENGTH = 12; 
/** 
   * 分段加密 
   * 
   * @param content 明文内容 
   * @param keyAlias 秘钥别名,不传则使用默认别名 
   * @returns 密文 + aead + nonce + aad 
   */ 
  public static updateEncrypt(content: string, keyAlias?: string): Promise<string> { 
    return new Promise(async (resolve, reject) => { 
      if (!keyAlias) { 
        keyAlias = PhxAesGcmHuks.DEF_KEY_ALIAS; 
      } 
      const genProperties = PhxAesGcmHuks.GetAesGenerateProperties(); 
      const genOptions = { 
        properties: genProperties 
      } 
      await huks.generateKeyItem(keyAlias, genOptions).then(() => { 
        console.log("generateKeyItem success") 
      }).catch((err) => { 
        console.log("generateKeyItem,code:" + err.code + ", msg:" + err.message) 
        reject(err) 
      }) 
      let handle; 
      // 长度16 
      const aeadArray = stringToUint8Array(encryptNapi.OhGenRandomNapi(PhxAesGcmHuks.AEAD_LENGTH / 2)); 
      // 长度12 
      const nonceArray = stringToUint8Array(encryptNapi.OhGenRandomNapi(PhxAesGcmHuks.NONCE_LENGTH / 2)); 
      // 长度16 
      const aadArray = stringToUint8Array(encryptNapi.OhGenRandomNapi(PhxAesGcmHuks.AAD_LENGTH / 2)); 
      const startTime = Date.now(); 
      const encryptProperties = PhxAesGcmHuks.getAesGcmProperties(true, nonceArray, aeadArray,  
aadArray); 
      const options: huks.HuksOptions = { 
        properties: encryptProperties, 
        inData: new Uint8Array(0) 
      } 
      await huks.initSession(keyAlias, options).then((data) => { 
        handle = data.handle; 
      }).catch(async (err) => { 
        console.log("encrypt init, code:" + err.code + ", msg:" + err.message); 
        reject(err); 
      }) 
      //分段加解密 
      let resultTemp = new Uint8Array(0); 
      let contentTemp = content; 
      while (contentTemp.length > 0) { 
    // 超过长度会取最长 
        const contentCurr = contentTemp.substring(0, MAX_UPDATE_SESSION_LENGTH);  
    // 起始点大于长度会返回"" 
       contentTemp = contentTemp.substring(MAX_UPDATE_SESSION_LENGTH, contentTemp.length);  
        options.inData = stringToUint8Array(contentCurr); 
        await huks.updateSession(handle, options).then((data) => { 
          const mergeText = new Uint8Array(resultTemp.length + data.outData.length); 
          mergeText.set(resultTemp); 
          mergeText.set(data.outData, resultTemp.length); 
          resultTemp = mergeText; 
        }).catch(async (err) => { 
          console.log("encrypt updateSession, code:" + err.code + ", msg:" + err.message); 
          reject(err); 
        }) 
      } 
      //分段加解密时,传入finishSession的inData要设置为空的 
      options.inData = new Uint8Array(0); 
      await huks.finishSession(handle, options).then((data) => { 
        const endTime = Date.now(); 
        console.log("encrypt success, useTime:" + (endTime - startTime)); 
        const result = new Uint8Array(resultTemp.length + data.outData.length +  
nonceArray.length + aadArray.length); 
        result.set(resultTemp); 
        result.set(data.outData, resultTemp.length); 
        result.set(nonceArray, resultTemp.length + data.outData.length); 
        result.set(aadArray, resultTemp.length + data.outData.length + nonceArray.length); 
        resolve(new util.Base64Helper().encodeToStringSync(result)); 
      }).catch((err) => { 
        console.log("encrypt fail, code:" + err.code + ", msg:" + err.message); 
        reject(err); 
      }) 
    }); 
  } 
/** 
   * 
   * 分段解密 
   * 
   * @param content 密文内容 
   * @param keyAlias 秘钥别名,不传则使用默认别名 
   * @returns 明文 
   */ 
  public static updateDecrypt(content: string, keyAlias?: string): Promise<string> { 
    return new Promise(async (resolve, reject) => { 
      const enData = new util.Base64Helper().decodeSync(content); 
      const cipherData = enData.subarray(0, enData.length - PhxAesGcmHuks.AAD_LENGTH - 
 PhxAesGcmHuks.AEAD_LENGTH - PhxAesGcmHuks.NONCE_LENGTH) 
      let handle; 
      // 长度16 
      const aeadArray = enData.subarray(cipherData.length, enData.length -  
PhxAesGcmHuks.NONCE_LENGTH - PhxAesGcmHuks.AAD_LENGTH); 
      // 长度12 
      const nonceArray = enData.subarray(cipherData.length + PhxAesGcmHuks.AEAD_LENGTH, 
 enData.length - PhxAesGcmHuks.AAD_LENGTH); 
      // 长度16 
      const aadArray = enData.subarray(cipherData.length + PhxAesGcmHuks.AEAD_LENGTH +  
PhxAesGcmHuks.NONCE_LENGTH, enData.length); 
      if (!keyAlias) { 
        keyAlias = PhxAesGcmHuks.DEF_KEY_ALIAS; 
      } 
      const decryptOptions = PhxAesGcmHuks.getAesGcmProperties(false, nonceArray, aeadArray, aadArray) 
      const options = { 
        properties: decryptOptions, 
        inData: cipherData 
      } 
      await huks.initSession(keyAlias, options).then((data) => { 
        handle = data.handle; 
      }).catch((err) => { 
        console.log("decrypt init, code:" + err.code + ", msg:" + err.message) 
        reject(err) 
      }) 
      let resultTemp = new Uint8Array(0); 
      let contentTemp = cipherData; 
      while (contentTemp.length > 0) { 
        const contentCurr = contentTemp.slice(0, MAX_UPDATE_SESSION_LENGTH); // 超过长度会取最长 
        contentTemp = contentTemp.slice(MAX_UPDATE_SESSION_LENGTH, contentTemp.length);  
        options.inData = contentCurr; 
        await huks.updateSession(handle, options).then((data) => { 
          const mergeText = new Uint8Array(resultTemp.length + data.outData.length); 
          mergeText.set(resultTemp); 
          mergeText.set(data.outData, resultTemp.length); 
          resultTemp = mergeText; 
        }).catch(async (err) => { 
          console.log("encrypt updateSession, code:" + err.code + ", msg:" + err.message); 
          reject(err); 
        }) 
      } 
      options.inData = new Uint8Array(0); 
      await huks.finishSession(handle, options).then(() => { 
        const endTime = Date.now() 
        console.log(uint8ArrayToString(resultTemp)) 
        resolve(uint8ArrayToString(resultTemp)); 
      }).catch((err) => { 
        console.log("decrypt fail, code:" + err.code + ", msg:" + err.message) 
        reject(err) 
      }) 
    }); 
  } 
/** 
   * 加密 
   * 
   * @param content 明文内容 
   * @param keyAlias 秘钥别名,不传则使用默认别名 
   * @returns 密文 + aead + nonce + aad 
   */ 
  public static encrypt(content: string, keyAlias?: string): Promise<string> { 
    return new Promise(async (resolve, reject) => { 
      if (!keyAlias) { 
        keyAlias = PhxAesGcmHuks.DEF_KEY_ALIAS; 
      } 
      const genProperties = PhxAesGcmHuks.GetAesGenerateProperties(); 
      const genOptions = { 
        properties: genProperties 
      } 
      await huks.generateKeyItem(keyAlias, genOptions).then(() => { 
        console.log("generateKeyItem success") 
      }).catch((err) => { 
        console.log("generateKeyItem,code:" + err.code + ", msg:" + err.message) 
        reject(err) 
      }) 
      let handle; 
      // 长度16 
      const aeadArray = stringToUint8Array(encryptNapi.OhGenRandomNapi(PhxAesGcmHuks.AEAD_LENGTH / 2)); 
      // 长度12 
      const nonceArray = stringToUint8Array(encryptNapi.OhGenRandomNapi(PhxAesGcmHuks.NONCE_LENGTH / 2)); 
      // 长度16 
      const aadArray = stringToUint8Array(encryptNapi.OhGenRandomNapi(PhxAesGcmHuks.AAD_LENGTH / 2)); 
      const startTime = Date.now(); 
      const encryptProperties = PhxAesGcmHuks.getAesGcmProperties(true,  
nonceArray, aeadArray, aadArray); 
      const options: huks.HuksOptions = { 
        properties: encryptProperties, 
        inData: stringToUint8Array(content) 
      } 
      await huks.initSession(keyAlias, options).then((data) => { 
        handle = data.handle; 
      }).catch(async (err) => { 
        console.log("encrypt init, code:" + err.code + ", msg:" + err.message); 
        reject(err); 
      }) 
      await huks.finishSession(handle, options).then((data) => { 
        const endTime = Date.now(); 
        console.log("encrypt success, useTime:" + (endTime - startTime)); 
        const result = new Uint8Array(data.outData.length + nonceArray.length + aadArray.length); 
        result.set(data.outData); 
        result.set(nonceArray, data.outData.length) 
        result.set(aadArray, data.outData.length + nonceArray.length) 
        resolve(new util.Base64Helper().encodeToStringSync(result)) 
      }).catch((err) => { 
        console.log("encrypt fail, code:" + err.code + ", msg:" + err.message); 
        reject(err); 
      }) 
    }); 
  } 
  /** 
   * 
   * 解密 
   * 
   * @param content 密文内容 
   * @param keyAlias 秘钥别名,不传则使用默认别名 
   * @returns 明文 
   */ 
  public static decrypt(content: string, keyAlias?: string): Promise<string> { 
    return new Promise(async (resolve, reject) => { 
      const enData = new util.Base64Helper().decodeSync(content); 
      const cipherData = enData.subarray(0,  
enData.length - PhxAesGcmHuks.AAD_LENGTH - PhxAesGcmHuks.AEAD_LENGTH - PhxAesGcmHuks.NONCE_LENGTH) 
      let handle; 
      // 长度16 
      const aeadArray = enData.subarray(cipherData.length,  
enData.length - PhxAesGcmHuks.NONCE_LENGTH - PhxAesGcmHuks.AAD_LENGTH); 
      // 长度12 
      const nonceArray = enData.subarray(cipherData.length + PhxAesGcmHuks.AEAD_LENGTH,  
enData.length - PhxAesGcmHuks.AAD_LENGTH); 
      // 长度16 
      const aadArray = enData.subarray(cipherData.length + PhxAesGcmHuks.AEAD_LENGTH +  
PhxAesGcmHuks.NONCE_LENGTH, enData.length); 
      if (!keyAlias) { 
        keyAlias = PhxAesGcmHuks.DEF_KEY_ALIAS; 
      } 
      const decryptOptions = PhxAesGcmHuks.getAesGcmProperties(false, nonceArray, aeadArray, aadArray) 
      const options = { 
        properties: decryptOptions, 
        inData: cipherData 
      } 
      await huks.initSession(keyAlias, options).then((data) => { 
        handle = data.handle; 
      }).catch((err) => { 
        console.log("decrypt init, code:" + err.code + ", msg:" + err.message) 
        reject(err) 
      }) 
      await huks.finishSession(handle, options).then((data) => { 
        console.log(uint8ArrayToString(data.outData)) 
        resolve(uint8ArrayToString(data.outData)); 
      }).catch((err) => { 
        console.log("decrypt fail, code:" + err.code + ", msg:" + err.message) 
        reject(err) 
      }) 
    }); 
  } 
  /** 
   * huks gcm 加解密参数 
   */ 
  private static getAesGcmProperties(isencryptProperties: boolean, nonceStr: Uint8Array,  
aeadStr: Uint8Array, aadStr: Uint8Array) { 
    const properties = []; 
    let index = 0; 
    properties[index++] = { 
      tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 
      value: huks.HuksKeyAlg.HUKS_ALG_AES 
    }; 
    properties[index++] = { 
      tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 
      value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128 
    }; 
    properties[index++] = { 
      tag: huks.HuksTag.HUKS_TAG_PURPOSE, 
      value: isencryptProperties ? huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT :  
huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 
    } 
    properties[index++] = { 
      tag: huks.HuksTag.HUKS_TAG_PADDING, 
      value: huks.HuksKeyPadding.HUKS_PADDING_NONE 
    } 
    properties[index++] = { 
      tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 
      // GCM 模式 
      value: huks.HuksCipherMode.HUKS_MODE_GCM 
    } 
    properties[index++] = { 
      tag: huks.HuksTag.HUKS_TAG_NONCE, 
      value: nonceStr 
    } 
    properties[index++] = { 
      tag: huks.HuksTag.HUKS_TAG_AE_TAG, 
      value: aeadStr 
    } 
    properties[index++] = { 
      tag: huks.HuksTag.HUKS_TAG_ASSOCIATED_DATA, 
      value: aadStr 
    } 
    return properties; 
  } 
  /** 
   * huks 生成秘钥参数 
   */ 
  public static GetAesGenerateProperties() { 
    const properties = []; 
    let index = 0; 
    properties[index++] = { 
      tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 
      value: huks.HuksKeyAlg.HUKS_ALG_AES 
    }; 
    properties[index++] = { 
      tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 
      value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 
    }; 
    properties[index++] = { 
      tag: huks.HuksTag.HUKS_TAG_PURPOSE, 
      value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | 
      huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 
    } 
    return properties; 
  }

适配的版本信息

  • IDE:DevEco Studio 4.1.3.220
  • SDK:HarmoneyOS 4.1.2.1
分享
微博
QQ
微信
回复
2024-05-29 22:29:28
如何写精华回答,获更多曝光?
发布
相关问题
如何使用HUKS处理超过100k明文数据加解密
1954浏览 • 1回复 待解决
HUKSRSA加解密,关于RSA加解密代码示例
2225浏览 • 1回复 待解决
HUKS解密时,明文包含中文字符,解密明文与原明文不一致
3219浏览 • 1回复 待解决
HUKS解密时,若明文包含中文字符,则解密明文与原明文不一致
3637浏览 • 1回复 待解决
HarmonyOS NAPI层中,huks加解密并没有返回 加密后密文长度和解密明文长度,示例代码中是定值
1075浏览 • 1回复 待解决
HarmonyOSuserid 0 进程调用huks加解密时失败
891浏览 • 1回复 待解决
HUKSSM4加解密,判断密钥存在以及删除密钥
2357浏览 • 1回复 待解决
有没有高性能AES加解密组件,使用ohos/crypto-js解密比较大数据(约300K)时会卡死?
1270浏览 • 1回复 待解决
HarmonyOSmd5加解密 rsa加解密 md5加解密等有公共方法么?
1960浏览 • 1回复 待解决
HarmonyOS DEC加解密支持
1182浏览 • 1回复 待解决
加解密问题定位指导
1569浏览 • 1回复 待解决
HarmonyOS Next加解密框架是如何保存密钥?如何优雅使用加解密框架?
1503浏览 • 1回复 待解决
HarmonyOS 关于DES加解密疑问
1116浏览 • 1回复 待解决
HarmonyOS 加解密咨询
1161浏览 • 1回复 待解决
HarmonyOS 加解密 demo
1651浏览 • 1回复 待解决
现有数据加解密如下:HarmonyOS中如何实现?
1114浏览 • 1回复 待解决
HarmonyOS 加解密问题
1246浏览 • 1回复 待解决
HarmonyOS 是否有rsa加解密例子?
883浏览 • 1回复 待解决
基于加解密算法框架规格问题
1902浏览 • 1回复 待解决
HarmonyOS huks对文件进行加密和解密具体流程
1144浏览 • 1回复 待解决
HarmonyOS 请提供RAS加解密文档
1233浏览 • 1回复 待解决
HarmonyOS 加解密算法匹配
1214浏览 • 1回复 待解决
HarmonyOS AES加解密咨询
1505浏览 • 1回复 待解决
HarmonyOS AES加解密问题
1305浏览 • 1回复 待解决
AES分段加解密,分组模式采用CBC,填充方式采用PKCS7,对超大量数据进行分段加解密
4153浏览 • 1回复 待解决
提问
该提问已有0人参与 ,帮助了0人
相关讨论帖
HarmonyOS Next加解密算法中的分段处理技巧 0回复
Spring Boot 接口数据加解密,so easy! 0回复
Spring Boot 接口数据加解密就该这样设计~ 0回复
基于加解密算法框架的常见规格问题 0回复
#HarmonyOS NEXT体验官# 数据加密 4.加解密之一 1回复