
回复
本文旨在深入探讨华为鸿蒙HarmonyOS Next系统(截止目前API12)在移动应用安全通信体系构建中加解密算法的实战应用,基于实际开发经验进行总结。主要作为技术分享与交流载体,难免错漏,欢迎各位同仁提出宝贵意见和问题,以便共同进步。本文为原创内容,任何形式的转载必须注明出处及原作者。
在移动应用中,用户的个人信息、交易数据等在网络传输过程中面临诸多风险。防止信息泄露是至关重要的,例如用户登录时的账号密码、支付时的银行卡信息等,一旦泄露可能导致用户遭受经济损失和隐私侵犯。同时,防范中间人攻X也不容忽视,攻X者可能在用户与服务器之间窃取或篡改数据,破坏通信的保密性、完整性和真实性。
import { cryptoFramework } from '@kit.CryptoArchitectureKit';
async function generateAESKey() {
let aesGenerator = cryptoFramework.createSymKeyGenerator('AES128');
let keyBlob = { data: new Uint8Array([83, 217, 231, 76, 28, 113, 23, 219, 250, 71, 209, 210, 205, 97, 32, 159]) };
return await aesGenerator.convertKey(keyBlob);
}
import { cryptoFramework } from '@kit.CryptoArchitectureKit';
import { buffer } from '@kit.ArkTS';
// 生成AES对称密钥
async function generateAESKey() {
let aesGenerator = cryptoFramework.createSymKeyGenerator('AES128');
let keyBlob = { data: new Uint8Array([83, 217, 231, 76, 28, 113, 23, 219, 250, 71, 209, 210, 205, 97, 32, 159]) };
return await aesGenerator.convertKey(keyBlob);
}
// 加密函数
async function encryptData(symKey, plainText) {
let cipher = cryptoFramework.createCipher('AES128|CBC|PKCS7');
let iv = new Uint8Array(16); // 生成16字节的随机IV
let params = {
iv: { data: iv }
};
await cipher.init(cryptoFramework.CryptoMode.ENCRYPT_MODE, symKey, params);
let encryptData = await cipher.doFinal(plainText);
return encryptData;
}
async function main() {
try {
let symKey = await generateAESKey();
let message = "This is a test message for mobile app.";
let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) };
let encryptedData = await encryptData(symKey, plainText);
console.log('Encrypted data:', encryptedData);
} catch (error) {
console.error('Encryption failed:', error);
}
}
main();
- 首先生成AES128对称密钥,然后创建CBC模式的Cipher实例,传入随机生成的IV进行初始化。接着使用 Cipher.doFinal
方法对数据进行加密,得到加密后的密文。
3. 解密过程(假设接收方收到密文后进行解密)
// 解密函数
async function decryptData(symKey, cipherText, iv) {
let decoder = cryptoFramework.createCipher('AES128|CBC|PKCS7');
let params = {
iv: { data: iv }
};
await decoder.init(cryptoFramework.CryptoMode.DECRYPT_MODE, symKey, params);
return await decoder.doFinal(cipherText);
}
async function main() {
try {
let symKey = await generateAESKey();
// 假设接收到的密文和IV
let encryptedData = new Uint8Array([...]);
let iv = new Uint8Array([...]);
let decryptedText = await decryptData(symKey, encryptedData, iv);
console.log('Decrypted data:', buffer.from(decryptedText.data).toString('utf-8'));
} catch (error) {
console.error('Decryption failed:', error);
}
}
import { cryptoFramework } from '@kit.CryptoArchitectureKit';
import { buffer } from '@kit.ArkTS';
// 假设已经获取到服务器证书中的公钥(这里简化为直接生成一个公钥示例)
async function getServerPublicKey() {
let keyGenAlg = "RSA1024";
let generator = cryptoFramework.createAsyKeyGenerator(keyGenAlg);
let keyPair = await generator.generateKeyPair();
return keyPair.pubKey;
}
// 验证服务器证书签名
async function verifyServerCertificate(pubKey, certificateData, signature) {
let verifyAlg = "RSA1024|PKCS1|SHA256";
let verifier = cryptoFramework.createVerify(verifyAlg);
await verifier.init(pubKey);
await verifier.update({ data: new Uint8Array(buffer.from(certificateData, 'utf-8').buffer) });
return await verifier.verify(signature);
}
async function main() {
try {
let pubKey = await getServerPublicKey();
let certificateData = "This is a sample server certificate data.";
let signature = new Uint8Array([...]); // 假设获取到服务器证书的签名
let result = await verifyServerCertificate(pubKey, certificateData, signature);
if (result) {
console.info('Server certificate verification successful');
} else {
console.error('Server certificate verification failed');
}
} catch (error) {
console.error('Server certificate verification failed:', error);
}
}
main();
- 移动应用获取服务器证书中的公钥,然后使用该公钥对服务器证书数据的签名进行验证。如果验证成功,说明服务器身份可信。
2. 数据签名验签(在数据传输过程中确保数据完整性和来源可靠)
// 数据签名
async function signData(priKey, data) {
let signAlg = "RSA1024|PKCS1|SHA256";
let signer = cryptoFramework.createSign(signAlg);
await signer.init(priKey);
await signer.update({ data: new Uint8Array(buffer.from(data, 'utf-8').buffer) });
return await signer.sign(null);
}
// 数据验签
async function verifyData(pubKey, data, signData) {
let verifyAlg = "RSA1024|PKCS1|SHA256";
let verifier = cryptoFramework.createVerify(verifyAlg);
await verifier.init(pubKey);
await verifier.update({ data: new Uint8Array(buffer.from(data, 'utf-8').buffer) });
return await verifier.verify(signData);
}
async function main() {
try {
let keyPair = await generateRSAKeyPair();
let data = "This is a test data for mobile app.";
let signData = await signData(keyPair.priKey, data);
let result = await verifyData(keyPair.pubKey, data, signData);
if (result) {
console.info('Data verification successful');
} else {
console.error('Data verification failed');
}
} catch (error) {
console.error('Data signing/verifying failed:', error);
}
}