diff --git a/en/application-dev/security/cryptoFramework-guidelines.md b/en/application-dev/security/cryptoFramework-guidelines.md
index 5da4bc32d6ecb1951d067da0cd4369569e4d80d4..717d8ab7709aa0c5232d3875fd9c6fe53b37c8aa 100644
--- a/en/application-dev/security/cryptoFramework-guidelines.md
+++ b/en/application-dev/security/cryptoFramework-guidelines.md
@@ -4,27 +4,27 @@
>
> This guide applies to JS development using OpenHarmony API version 9 and SDK version 3.2.7 or later.
-## Generating and Converting a Key
+## Key Generation and Conversion
-**When to Use**
+### When to Use
Typical key generation operations involve the following:
-1. Randomly create a key instance for subsequent encryption and decryption.
-2. Convert external or stored binary data into a key instance for subsequent encryption and decryption.
-3. Obtain the binary data of a key for storage or transmission.
-> **NOTE**
The key instance can be a symmetric key instance (**SymKey**) or an asymmetric key pair instance (**KeyPair**). The **KeyPair** instance consists a public key (**PubKey**) and a private key (**PriKey**). For details about the relationship between keys, see [Crypto Framework](../reference/apis/js-apis-cryptoFramework.md).
+1. Randomly create a key object for subsequent encryption and decryption.
+2. Convert external or internal binary data into a key object for subsequent encryption and decryption.
+3. Obtain the binary data of a key object for storage or transmission.
+> **NOTE**
+>
+> The key object can be a symmetric key object (**SymKey**) or an asymmetric key pair object (**KeyPair**). The **KeyPair** object consists a public key (**PubKey**) and a private key (**PriKey**). For details about the relationship between keys, see [Crypto Framework](../reference/apis/js-apis-cryptoFramework.md).
-**Available APIs**
-
-For details about the APIs, see [Crypto Framework](../reference/apis/js-apis-cryptoFramework.md).
+### Available APIs
-The table below describes the APIs used in this guide.
+The following table describes the APIs used in this guide. For details about the APIs, see [Crypto Framework](../reference/apis/js-apis-cryptoFramework.md).
|Instance|API|Description|
|---|---|---|
-|cryptoFramework|createAsyKeyGenerator(algName : string) : AsyKeyGenerator|Creates an **AsyKeyGenerator** instance.|
+|cryptoFramework|createAsyKeyGenerator(algName : string) : AsyKeyGenerator|Creates an **AsyKeyGenerator** instance based on the asymmetric key pair specifications specified by **algName**.|
|cryptoFramework|createSymKeyGenerator(algName : string) : SymKeyGenerator|Creates a **SymKeyGenerator** instance.|
|AsyKeyGenerator|generateKeyPair(callback : AsyncCallback\) : void|Generates an asymmetric key pair randomly. This API uses an asynchronous callback to return the result.|
|AsyKeyGenerator|generateKeyPair() : Promise\|Generates an asymmetric key pair randomly. This API uses a promise to return the result.|
@@ -36,17 +36,17 @@ The table below describes the APIs used in this guide.
| SymKeyGenerator |convertKey(pubKey : DataBlob, priKey : DataBlob) : Promise\| Converts binary data into a symmetric key. This API uses a promise to return the result.|
| Key | getEncoded() : DataBlob; | Obtains the binary data of a key. (The child class instances of **Key** include **SymKey**, **PubKey**, and **PriKey**.)|
-**How to Develop**
+### How to Develop
-Example 1: Randomly generate an asymmetric key pair and obtain its binary data.
+Randomly generate an asymmetric key pair and obtain its binary data.
1. Create an **AsyKeyGenerator** instance.
2. Randomly generate an asymmetric key pair using **AsyKeyGenerator**.
-3. Obtain binary data of the key pair generated.
+3. Obtain the binary data of the key pair generated.
-The following sample code demonstrates how to randomly generate an RSA key (1024 bits and two primes) using promise-based APIs.
+Example: Randomly generate an RSA key (1024 bits and two primes) in promise mode.
-```javascript
+```js
import cryptoFramework from '@ohos.security.cryptoFramework';
function generateAsyKey() {
@@ -67,15 +67,15 @@ function generateAsyKey() {
}
```
-Example 2: Randomly generate a symmetric key and obtain its binary data.
+Randomly generate a symmetric key and obtain its binary data.
1. Create a **SymKeyGenerator** instance.
2. Randomly generate a symmetric key using **SymKeyGenerator**.
-3. Obtain binary data of the key generated.
+3. Obtain the binary data of the key generated.
-The following example demonstrates how to randomly generate a 256-bit AES key using promise-based APIs.
+Example: Randomly generate an AES key (256 bits) in promise mode.
-```javascript
+```js
import cryptoFramework from '@ohos.security.cryptoFramework';
// Output the byte streams in hexadecimal format.
@@ -98,12 +98,12 @@ function testGenerateAesKey() {
}
```
-Example 3: Generate an asymmetric key pair from the binary RSA key data.
+Generate an RSA asymmetric key pair from the binary data.
1. Obtain the binary data of the RSA public or private key. The public key must comply with the ASN.1 syntax, X.509 specifications, and DER encoding format. The private key must comply with the ASN.1 syntax, PKCS #8 specifications, and DER encoding format.
-2. Create an **AsyKeyGenerator** instance and call **convertKey()** to convert the key binary data (data of the private or public key, or both) into a **KeyPair** instance.
+2. Create an **AsyKeyGenerator** instance, and use **convertKey()** to convert the key binary data (data of the private or public key, or both) into a **KeyPair** instance.
-```javascript
+```js
import cryptoFramework from '@ohos.security.cryptoFramework';
function convertAsyKey() {
@@ -121,14 +121,14 @@ function convertAsyKey() {
> **NOTE**
>
-> The public key material to be converted in **convertKey()** must be in the DER format complying with X.509 specifications, and the private key material must be in the DER format complying with PKCS #8 specifications.
+> The public key binary data to be converted by **convertKey()** must be in the DER format complying with X.509 specifications, and the private key binary data must be in the DER format complying with PKCS #8 specifications.
-Example 4: Generate an asymmetric key pair from the binary ECC key data.
+Generate an ECC asymmetric key pair from the binary key data.
1. Obtain the ECC binary key data and encapsulate it into a **DataBlob** instance.
-2. Call **convertKey()** to convert the key binary data (data of the private or public key, or both) into a **KeyPair** instance.
+2. Call **convertKey()** to convert the binary data (data of the private or public key, or both) into a **KeyPair** instance.
-```javascript
+```js
import cryptoFramework from "@ohos.security.cryptoFramework"
function convertEccAsyKey() {
@@ -146,15 +146,15 @@ function convertEccAsyKey() {
}
```
-Example 5: Generate a symmetric key from binary data.
+Generate a symmetric key from the binary key data.
1. Create a **SymKeyGenerator** instance.
-2. Generate a symmetric key from the binary data passed in.
-3. Obtain binary data of the key generated.
+2. Generate a symmetric key from the binary data.
+3. Obtain the binary data of the key generated.
-The following example demonstrates how to generate a 3DES key (192 bits only) using callback-based APIs.
+Example: Generate a 3DES key (192 bits only) in callback mode.
-```javascript
+```js
import cryptoFramework from '@ohos.security.cryptoFramework';
// Output the byte streams in hexadecimal format.
@@ -189,26 +189,27 @@ function testConvertAesKey() {
let encodedKey = key.getEncoded(); // Obtain the binary data of the symmetric key and output a 192-bit byte stream.
console.info('key getEncoded hex: ' + uint8ArrayToShowStr(encodedKey.data));
})
- } catch (error) { // Throw an exception immediately in synchronous mode when an error is detected during the parameter check.
+ } catch (error) { // Throw an exception immediately after an error is detected during the parameter check.
console.error(`convertKey failed, ${error.code}, ${error.message}`);
return;
}
}
```
-## Encrypting and Decrypting Data
+## Encryption and Decryption
-**When to Use**
+### When to Use
Important data needs to be encrypted in data storage or transmission for security purposes. Typical encryption and decryption operations involve the following:
+
1. Encrypt and decrypt data using a symmetric key.
2. Encrypt and decrypt data using an asymmetric key pair.
-**Available APIs**
+### Available APIs
-For details about the APIs, see [Crypto Framework](../reference/apis/js-apis-cryptoFramework.md).
Due to the complexity of cryptographic algorithms, the implementation varies depending on the specifications and parameters you use, and cannot be enumerated by sample code. Before you start, understand the APIs in the API reference to ensure correct use of these APIs.
+The following table describes the APIs used in this guide. For details about the APIs, see [Crypto Framework](../reference/apis/js-apis-cryptoFramework.md).
-The table below describes the APIs used in this guide.
+Due to complexity of cryptographic algorithms, the implementation varies depending on the specifications and parameters you use, and cannot be enumerated by sample code. Before you start, understand the APIs to ensure correct use of these APIs.
|Instance|API|Description|
|---|---|---|
@@ -220,16 +221,16 @@ The table below describes the APIs used in this guide.
|Cipher|doFinal(data : DataBlob, callback : AsyncCallback\) : void|Finalizes the encryption or decryption. This API uses an asynchronous callback to return the result.|
|Cipher|doFinal(data : DataBlob) : Promise\|Finalizes the encryption or decryption. This API uses a promise to return the result.|
-**How to Develop**
+### How to Develop
-Example 1: Encrypt and decrypt data using a symmetric key.
+Encrypt and decrypt data using a symmetric key.
1. Create a **SymKeyGenerator** instance.
2. Use the key generator to generate a symmetric key.
3. Create a **Cipher** instance.
4. Encrypt or decrypt data.
-The following example demonstrates how to use the AES-GCM to encrypt and decrypt data with promise-based APIs.
+Example: Use AES GCM to encrypt and decrypt data in promise mode.
```js
import cryptoFramework from '@ohos.security.cryptoFramework';
@@ -291,7 +292,7 @@ function genKeyMaterialBlob() {
}
-// Automatically generate a key in AES GCM mode and return the result in a promise.
+// Automatically generate an AES GCM key in promise mode.
function testAesGcm() {
return new Promise((resolve, reject) => {
setTimeout(() => {
@@ -308,7 +309,7 @@ function testAesGcm() {
console.info(`symKeyGenerator algName: ${symKeyGenerator.algName}`);
// Use the key generator to randomly generate a 128-bit symmetric key.
let promiseSymKey = symKeyGenerator.generateSymKey();
- // Constructor
+ // Generate GCM parameter specifications.
globalGcmParams = genGcmParamsSpec();
// Create a Cipher instance.
@@ -327,7 +328,7 @@ function testAesGcm() {
globalKey = key;
return key;
}).then(key => {
- // Initialize the cipher environment and start encryption.
+ // Initialize the Cipher instance and start encryption.
let mode = cryptoFramework.CryptoMode.ENCRYPT_MODE;
let promiseInit = globalCipher.init(mode, key, globalGcmParams); // init
return promiseInit;
@@ -344,7 +345,7 @@ function testAesGcm() {
globalGcmParams.authTag = authTag;
return;
}).then(() => {
- // Initialize the cipher environment and start decryption.
+ // Initialize the Cipher instance and start decryption.
let mode = cryptoFramework.CryptoMode.DECRYPT_MODE;
let promiseInit = globalCipher.init(mode, globalKey, globalGcmParams); // init
return promiseInit;
@@ -365,7 +366,7 @@ function testAesGcm() {
}
```
-The following example demonstrates how to use the the 3DES ECB to convert existing data into a key and encrypt and decrypt data using callback-based APIs.
+Example: Generate a key from the existing data to encrypt and decrypt data using 3DES ECB in callback mode.
```js
import cryptoFramework from '@ohos.security.cryptoFramework';
@@ -409,7 +410,7 @@ function genKeyMaterialBlob() {
return {data : keyMaterial};
}
-// Use the 3DES ECB to Generate a key from the existing data and encrypt and decrypt data using callback-based APIs.
+// Generate a 3DES ECB key from the existing data in callback mode.
function test3DesEcb() {
// Create a SymKeyGenerator instance.
let symAlgName = '3DES192';
@@ -444,7 +445,7 @@ function test3DesEcb() {
console.info('key getEncoded hex: ' + uint8ArrayToShowStr(encodedKey.data));
globalKey = key;
- // Initialize the cipher environment and start encryption.
+ // Initialize the Cipher instance and start encryption.
let mode = cryptoFramework.CryptoMode.ENCRYPT_MODE;
// init
globalCipher.init(mode, key, null, (err, ) => {
@@ -465,7 +466,7 @@ function test3DesEcb() {
globalCipherText = new Uint8Array(globalCipherText);
globalCipherText = {data : globalCipherText};
}
- // Initialize the cipher environment and start decryption.
+ // Initialize the Cipher instance and start decryption.
let mode = cryptoFramework.CryptoMode.DECRYPT_MODE;
// init
globalCipher.init(mode, globalKey, null, (err, ) => {
@@ -490,9 +491,10 @@ function test3DesEcb() {
}
}
```
-The following example demonstrates how to call **update()** multiple times to implement AES GCM encryption and decryption by using promise-based APIs.
-```javascript
+Example: Encrypt and decrypt a large amount in AES GCM mode by calling **update()** multiple times in promise mode.
+
+```js
import cryptoFramework from '@ohos.security.cryptoFramework';
var globalCipher;
@@ -550,7 +552,7 @@ function testAesMultiUpdate() {
console.info(`symKeyGenerator algName: ${symKeyGenerator.algName}`);
// Use the key generator to randomly generate a 128-bit symmetric key.
let promiseSymKey = symKeyGenerator.generateSymKey();
- // Constructor
+ // Generate GCM parameter specifications.
globalGcmParams = genGcmParamsSpec();
// Create a Cipher instance.
@@ -569,12 +571,12 @@ function testAesMultiUpdate() {
globalKey = key;
return key;
}).then(key => {
- // Initialize the cipher environment and start encryption.
+ // Initialize the Cipher instance and start encryption.
let mode = cryptoFramework.CryptoMode.ENCRYPT_MODE;
let promiseInit = globalCipher.init(mode, key, globalGcmParams); // init
return promiseInit;
}).then(async () => {
- let plainText = "aaaaa.....bbbbb.....ccccc.....ddddd.....eee"; // Assume that the plaintext contains 43 bytes.
+ let plainText = "aaaaa.....bbbbb.....ccccc.....ddddd.....eee"; // Assume that the plaintext is of 43 bytes.
let messageArr = [];
let updateLength = 20; // Pass in 20 bytes by update() each time.
globalCipherText = [];
@@ -602,7 +604,7 @@ function testAesMultiUpdate() {
globalGcmParams.authTag = authTag;
return;
}).then(() => {
- // Initialize the cipher environment and start decryption.
+ // Initialize the Cipher instance and start decryption.
let mode = cryptoFramework.CryptoMode.DECRYPT_MODE;
let promiseInit = globalCipher.init(mode, globalKey, globalGcmParams); // init
return promiseInit;
@@ -614,7 +616,7 @@ function testAesMultiUpdate() {
let messageArr = globalCipherText.slice(i * updateLength, (i + 1) * updateLength);
let message = new Uint8Array(messageArr);
let messageBlob = { data : message };
- let updateOutput = await globalCipher.update(messageBlob); // Pass in data by segment.
+ let updateOutput = await globalCipher.update(messageBlob); // Update by segment.
globalPlainText += uint8ArrayToString(updateOutput.data); // Restore the original plaintext.
}
return;
@@ -632,13 +634,13 @@ function testAesMultiUpdate() {
}
```
-Example 2: Encrypt and decrypt data using an asymmetric key pair.
+Encrypt and decrypt data using an asymmetric key pair.
1. Generate an RSA key pair.
Call **createAsyKeyGenerator()** to create an **AsyKeyGenerator** instance and generate an RSA asymmetric key pair.
2. Create a **Cipher** instance.
Call **createCipher()** to create a **Cipher** instance, and set the key and encryption/decryption mode.
-3. Perform encryption and decryption operations.
Call **doFinal()** provided by the **Cipher** instance to encrypt data or decrypt data.
+3. Encrypt and decrypt data.
Call **doFinal()** provided by the **Cipher** instance to encrypt data or decrypt data.
-```javascript
+```js
import cryptoFramework from "@ohos.security.cryptoFramework"
let plan = "This is cipher test.";
@@ -738,8 +740,10 @@ function decryptMessageCallback() {
});
}
```
-The following example demonstrates how to implement RSA asymmetric encryption and decryption (**doFinal()** is called multiple times).
-```javascript
+
+Example: Use an RSA asymmetric key pair to encrypt and decrypt data. In this example, **doFinal()** is called multiple times to process data by segment.
+
+```js
import cryptoFramework from "@ohos.security.cryptoFramework"
function stringToUint8Array(str) {
@@ -784,9 +788,9 @@ function encryptLongMessagePromise() {
resolve("testRsaMultiDoFinal");
}, 10);
}).then(() => {
- return asyKeyGenerator.generateKeyPair(); // Generate an RSA key.
+ return asyKeyGenerator.generateKeyPair(); // Generate an RSA key pair.
}).then(keyPair => {
- globalKeyPair = keyPair; // Save the key to global variables.
+ globalKeyPair = keyPair; // Save the key pair as a global variable.
return cipher.init(cryptoFramework.CryptoMode.ENCRYPT_MODE, globalKeyPair.pubKey, null);
}).then(async () => {
globalCipherOutput = [];
@@ -825,21 +829,22 @@ function encryptLongMessagePromise() {
> **NOTE**
>
-> - In RSA encryption and decryption, **init()** cannot be repeatedly called to initialize the **Cipher** instance. You must create a **Cipher** instance for each encryption and decryption.
-> - The RSA encryption has a limit on the length of the plaintext to be encrypted. For details, see "Basic Concepts" in [Cryptographic Framework Overview](cryptoFramework-overview.md).
-> - In RSA decryption, the length of the ciphertext to be decrypted each time is the number of bits of the RSA key divided by 8.
+> 1. In RSA encryption and decryption, **init()** cannot be repeatedly called to initialize a **Cipher** instance. You must create a **Cipher** instance for each encryption and decryption.
+> 2. The RSA encryption has a limit on the length of the plaintext to be encrypted. For details, see "Basic Concepts" in [Cryptographic Framework Overview](cryptoFramework-overview.md).
+> 3. In RSA decryption, the length of the ciphertext to be decrypted each time is the number of bits of the RSA key divided by 8.
-## Generating and Verifying a Signature
+## Signing and Signature Verification
-**When to Use**
+### When to Use
A digital signature can be used to verify the authenticity of a message. Typical signing and signature verification operations involve the following:
-- Use the RSA to generate and verify a signature.
-- Use the ECC to generate and verify a signature.
-**Available APIs**
+1. Use RSA to generate a signature and verify the signature.
+2. Use ECC to generate a signature and verify the signature.
+
+### Available APIs
-For details about the APIs, see [Crypto Framework](../reference/apis/js-apis-cryptoFramework.md).
Due to the complexity of cryptographic algorithms, the implementation varies depending on the specifications and parameters you use, and cannot be enumerated by sample code. Before you start, understand the APIs in the API reference to ensure correct use of these APIs.
+For details about the APIs, see [Crypto Framework](../reference/apis/js-apis-cryptoFramework.md).
Due to complexity of cryptographic algorithms, the implementation varies depending on the specifications and parameters you use, and cannot be enumerated by sample code. Before you start, understand the APIs to ensure correct use of these APIs.
|Instance|API|Description|
|---|---|---|
@@ -855,27 +860,29 @@ For details about the APIs, see [Crypto Framework](../reference/apis/js-apis-cry
|Verify|init(priKey : PriKey) : Promise\|Sets a key and initializes the **Verify** instance. This API uses a promise to return the result.|
|Verify|update(data : DataBlob, callback : AsyncCallback\) : void|Updates the data for signature verification. This API uses an asynchronous callback to return the result.|
|Verify|update(data : DataBlob) : Promise\|Updates the data for signature verification. This API uses a promise to return the result.|
-|Verify|verify(data : DataBlob, signatureData : DataBlob, callback : AsyncCallback\) : void|Verifies the signature. This API uses an asynchronous callback to return the result.|
-|Verify|verify(data : DataBlob, signatureData : DataBlob) : Promise\|Verifies the signature. This API uses a promise to return the result.|
+|Verify|verify(data : DataBlob, signatureData : DataBlob, callback : AsyncCallback\) : void|Verifies a signature. This API uses an asynchronous callback to return the result.|
+|Verify|verify(data : DataBlob, signatureData : DataBlob) : Promise\|Verifies a signature. This API uses a promise to return the result.|
-**How to Develop**
+### How to Develop
+
+Use RSA to sign data and verify the signature.
-Example 1: Use the RSA to generate and verify a signature.
1. Generate an RSA key pair.
Call **createAsyKeyGenerator()** to create an **AsyKeyGenerator** instance and generate an RSA asymmetric key pair.
2. Create a **Sign** instance.
Call **createSign()** to create a **Sign** instance, initialize the **Sign** instance, and set a private key for signing.
-3. Generate a signature.
Call **update()** provided by the **Sign** class to add the data for signing and call **sign()** to generate a signature.
+3. Generate a signature.
Call **update()** provided by the **Sign** class to pass in the data for signing and call **sign()** to generate a signature.
4. Create a **Verify** instance.
Call **createVerify()** to create a **Verify** instance, initialize the instance, and set a public key for signature verification.
-5. Verify the signature.
Call **update()** provided by the **Verify** class to add signature data and call **verify()** to verify the signature.
-```javascript
+5. Verify the signature.
Call **update()** provided by the **Verify** class to pass in the signature data and call **verify()** to verify the signature.
+
+```js
import cryptoFramework from "@ohos.security.cryptoFramework"
function stringToUint8Array(str) {
- var arr = [];
- for (var i = 0, j = str.length; i < j; ++i) {
- arr.push(str.charCodeAt(i));
- }
- var tmpArray = new Uint8Array(arr);
- return tmpArray;
+ var arr = [];
+ for (var i = 0, j = str.length; i < j; ++i) {
+ arr.push(str.charCodeAt(i));
+ }
+ var tmpArray = new Uint8Array(arr);
+ return tmpArray;
}
let globalKeyPair;
@@ -944,23 +951,24 @@ function verifyMessageCallback() {
}
```
-Example 2: Use the ECDSA to generate and verify a signature.
+Use ECDSA to sign data and verify the signature.
+
1. Generate an ECC key.
Call **createAsyKeyGenerator()** to create an **AsyKeyGenerator** instance and generate an ECC asymmetric key pair.
2. Create a **Sign** instance.
Call **createSign()** to create a **Sign** instance, initialize the **Sign** instance, and set a private key for signing.
-3. Generate a signature.
Call **update()** provided by the **Sign** class to add the data for signing and call **doFinal()** to generate a signature.
+3. Generate a signature.
Call **update()** provided by the **Sign** class to pass in the data for signing and call **doFinal()** to generate a signature.
4. Create a **Verify** instance.
Call **createVerify()** to create a **Verify** instance, initialize the instance, and set a public key for signature verification.
-5. Verify the signature.
Call **update()** provided by the **Verify** class to add signature data and call **doFinal()** to verify the signature.
+5. Verify the signature.
Call **update()** provided by the **Verify** class to pass in the signature data and call **doFinal()** to verify the signature.
-```javascript
+```js
import cryptoFramework from "@ohos.security.cryptoFramework"
function stringToUint8Array(str) {
- var arr = [];
- for (var i = 0, j = str.length; i < j; ++i) {
- arr.push(str.charCodeAt(i));
- }
- var tmpArray = new Uint8Array(arr);
- return tmpArray;
+ var arr = [];
+ for (var i = 0, j = str.length; i < j; ++i) {
+ arr.push(str.charCodeAt(i));
+ }
+ var tmpArray = new Uint8Array(arr);
+ return tmpArray;
}
let globalKeyPair;
@@ -1028,8 +1036,10 @@ function verifyMessageCallback() {
})
}
```
-The following example demonstrates how to call **update()** multiple times to implement signing and signature verification.
-```javascript
+
+The following example presents how to call **update()** multiple times to implement signing and signature verification.
+
+```js
import cryptoFramework from "@ohos.security.cryptoFramework"
function stringToUint8Array(str) {
@@ -1056,16 +1066,16 @@ function signLongMessagePromise() {
let cipherAlgName = "RSA1024|PKCS1|SHA256";
let globalKeyPair;
let asyKeyGenerator = cryptoFramework.createAsyKeyGenerator(keyGenName); // Create an AsyKeyGenerator object.
- let signer = cryptoFramework.createSign(cipherAlgName); //Create a cipher object for encryption.
- let verifier = cryptoFramework.createVerify(cipherAlgName); // Create a Decoder object for decryption.
+ let signer = cryptoFramework.createSign(cipherAlgName); //Create a Sign object for signing.
+ let verifier = cryptoFramework.createVerify(cipherAlgName); // Create a Verify object for signature verification.
return new Promise((resolve, reject) => {
setTimeout(() => {
resolve("testRsaMultiUpdate");
}, 10);
}).then(() => {
- return asyKeyGenerator.generateKeyPair(); // Generate an RSA key.
+ return asyKeyGenerator.generateKeyPair(); // Generate an RSA key pair.
}).then(keyPair => {
- globalKeyPair = keyPair; // Save the key to global variables.
+ globalKeyPair = keyPair; // Save the key pair as a global variable.
return signer.init(globalKeyPair.priKey);
}).then(async () => {
// If the plaintext is too large, split the plaintext based on the specified length and cyclically call update() to pass in the plaintext.
@@ -1095,11 +1105,11 @@ function signLongMessagePromise() {
}
```
-## Generating a Digest
+## Message Digest
-**When to Use**
+### When to Use
-A message digest (MD) is a fixed size numeric representation of the content of a message, computed by a has function. It is sent with the message. The receiver can generate a digest for the message and compare it with the digest received. If the two digests are the same, the message integrity is verified.
+A message digest (MD) is a fixed size numeric representation of the content of a message, computed by a hash function. It is sent with the message. The receiver can generate a digest for the message and compare it with the digest received. If the two digests are the same, the message integrity is verified.
Typical MD operations involve the following:
@@ -1108,7 +1118,7 @@ Typical MD operations involve the following:
3. Compute a digest.
4. Obtain the algorithm and length of a digest.
-**Available APIs**
+### Available APIs
For details about the APIs, see [Crypto Framework](../reference/apis/js-apis-cryptoFramework.md).
@@ -1122,162 +1132,153 @@ For details about the APIs, see [Crypto Framework](../reference/apis/js-apis-cry
| Md | getMdLength() : number; | Obtains the digest length based on the specified digest algorithm. |
| Md | readonly algName : string; | Obtains the digest algorithm. |
-**How to Develop**
+### How to Develop
-1. Call **createMd()** to create an **Md** instance.
-2. Call **update()** to pass in the data for computing a digest. **update()** can be called multiple times to pass in the data by segment.
-3. Call **digest()** to compute a digest.
+1. Use **createMd()** to create an **Md** instance.
+2. Use **update()** to update the data for computing a digest. **update()** can be called multiple times to update the data by segment.
+3. Use **digest()** to compute a digest.
4. Obtain the digest algorithm and length of the digest generated.
-```javascript
+```js
import cryptoFramework from "@ohos.security.cryptoFramework"
-// Convert string into uint8Arr.
+// Convert strings in plaintext into byte streams.
function stringToUint8Array(str) {
- var arr = [];
- for (var i = 0, j = str.length; i < j; ++i) {
- arr.push(str.charCodeAt(i));
- }
- var tmpUint8Array = new Uint8Array(arr);
- return tmpUint8Array;
-}
-
-// Generate a dataBlob of the given length.
-function GenDataBlob(dataBlobLen) {
- var dataBlob;
- if (dataBlobLen == 12) {
- dataBlob = {data: stringToUint8Array("my test data")};
- } else {
- console.error("GenDataBlob: dataBlobLen is invalid");
- dataBlob = {data: stringToUint8Array("my test data")};
+ let arr = [];
+ for (let i = 0, j = str.length; i < j; ++i) {
+ arr.push(str.charCodeAt(i));
}
- return dataBlob;
+ return new Uint8Array(arr);
}
-// Compute an MD using promise-based APIs.
-function doMdByPromise(algName) {
- var md;
+// Generate a digest in promise mode.
+function doMdByPromise() {
+ let mdAlgName = "SHA256"; // Digest algorithm name.
+ let message = "mdTestMessgae"; // Data to be digested.
+ let md;
+ let mdOutput;
try {
- md = cryptoFramework.createMd(algName);
+ md = cryptoFramework.createMd(mdAlgName);
} catch (error) {
console.error("[Promise]: error code: " + error.code + ", message is: " + error.message);
+ return;
}
- console.error("[Promise]: Md algName is: " + md.algName);
- // Initial update().
- var promiseMdUpdate = md.update(GenDataBlob(12));
+ console.info("[Promise]: Md algName is: " + md.algName);
+ // If the data volume is small, you can use update() once to pass in all data. There is no limit on the length of the input parameter.
+ let promiseMdUpdate = md.update({ data: stringToUint8Array(message) });
promiseMdUpdate.then(() => {
- // Call update() multiple times based on service requirements.
- promiseMdUpdate = md.update(GenDataBlob(12));
- return promiseMdUpdate;
- }).then(mdOutput => {
- var PromiseMdDigest = md.digest();
+ // Call digest() to return the result.
+ let PromiseMdDigest = md.digest();
return PromiseMdDigest;
- }).then(mdOutput => {
- console.error("[Promise]: MD result: " + mdOutput.data);
- var mdLen = md.getMdLength();
- console.error("[Promise]: MD len: " + mdLen);
+ }).then(digestOutput => {
+ mdOutput = digestOutput;
+ console.info("[Promise]: MD result: " + mdOutput.data);
+ let mdLen = md.getMdLength();
+ console.info("[Promise]: MD len: " + mdLen);
}).catch(error => {
console.error("[Promise]: error: " + error.message);
});
}
-// Compute an MD using callback-based APIs.
-function doMdByCallback(algName) {
- var md;
+// Generate a digest in callback mode.
+function doMdByCallback() {
+ let mdAlgName = "SHA256"; // Digest algorithm name.
+ let message = "mdTestMessgae"; // Data to be digested.
+ let md;
+ let mdOutput;
try {
- md = cryptoFramework.createMd(algName);
+ md = cryptoFramework.createMd(mdAlgName);
} catch (error) {
console.error("[Callback]: error code: " + error.code + ", message is: " + error.message);
}
- console.error("[Callback]: Md algName is: " + md.algName);
- // Initial update().
- md.update(GenDataBlob(12), (err,) => {
+ console.info("[Callback]: Md algName is: " + md.algName);
+ // If the data volume is small, you can use update() once to pass in all data. There is no limit on the length of the input parameter.
+ md.update({ data: stringToUint8Array(message) }, (err,) => {
if (err) {
console.error("[Callback]: err: " + err.code);
}
- // Call update() multiple times based on service requirements.
- md.update(GenDataBlob(12), (err1,) => {
+ md.digest((err1, digestOutput) => {
if (err1) {
console.error("[Callback]: err: " + err1.code);
+ } else {
+ mdOutput = digestOutput;
+ console.info("[Callback]: MD result: " + mdOutput.data);
+ let mdLen = md.getMdLength();
+ console.info("[Callback]: MD len: " + mdLen);
}
- md.digest((err2, mdOutput) => {
- if (err2) {
- console.error("[Callback]: err: " + err2.code);
- } else {
- console.error("[Callback]: MD result: " + mdOutput.data);
- var mdLen = md.getMdLength();
- console.error("[Callback]: MD len: " + mdLen);
- }
- });
});
});
}
```
-The following example demonstrates how to call **update()** multiple times to update the MD.
-```javascript
-import cryptoFramework from "@ohos.security.cryptoFramework"
-async function updateData(index, obj, data) {
- console.error("update " + (index + 1) + " MB data...");
- return obj.update(data);
-}
+The following example presents how to call **update()** multiple times to update the MD.
+```js
+import cryptoFramework from "@ohos.security.cryptoFramework"
+
+// Convert strings in plaintext into byte streams.
function stringToUint8Array(str) {
- var arr = [];
- for (var i = 0, j = str.length; i < j; ++i) {
+ let arr = [];
+ for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
- var tmpUint8Array = new Uint8Array(arr);
- return tmpUint8Array;
+ return new Uint8Array(arr);
}
-function GenDataBlob(dataBlobLen) {
- var dataBlob;
- if (dataBlobLen == 12) {
- dataBlob = {data: stringToUint8Array("my test data")};
- } else {
- console.error("GenDataBlob: dataBlobLen is invalid");
- dataBlob = {data: stringToUint8Array("my test data")};
- }
- return dataBlob;
-}
-function LoopMdPromise(algName, loopSize) {
- var md;
+// Generate a digest by segment in promise mode.
+async function doLoopMdPromise() {
+ let mdAlgName = "SHA256"; // Digest algorithm name.
+ let md;
+ let mdOutput;
try {
- md = cryptoFramework.createMd(algName);
+ md = cryptoFramework.createMd(mdAlgName);
} catch (error) {
console.error("[Promise]: error code: " + error.code + ", message is: " + error.message);
return;
}
- console.error("[Promise]: Md algName is: " + md.algName);
- var promiseMdUpdate = md.update(GenDataBlob(12));
- promiseMdUpdate.then(() => {
- var PromiseMdDigest = md.digest();
- return PromiseMdDigest;
- }).then(async () => {
- for (var i = 0; i < loopSize; i++) {
- await updateData(i, md, GenDataBlob(12));
+ console.info("[Promise]: Md algName is: " + md.algName);
+ let messageText = "aaaaa.....bbbbb.....ccccc.....ddddd.....eee"; // Assume that the message is of 43 bytes.
+ let messageArr = [];
+ let updateLength = 20; // For example, pass in 20 bytes in each update().
+
+ for (let i = 0; i <= messageText.length; i++) {
+ if ((i % updateLength == 0 || i == messageText.length) && messageArr.length != 0) {
+ let message = new Uint8Array(messageArr);
+ let messageBlob = { data : message };
+ // Use await to process the update() in the for() loop.
+ try {
+ await md.update (messageBlob); // Use update() to process data by segment.
+ } catch (error) {
+ console.error("await update error code: " + error.code + ", message is: " + error.message);
+ return;
+ }
+ messageArr = [];
}
- var PromiseMdDigest = md.digest();
- return PromiseMdDigest;
- }).then(mdOutput => {
- console.error("[Promise]: MD result: " + mdOutput.data);
- var mdLen = md.getMdLength();
- console.error("[Promise]: MD len: " + mdLen);
+ // Pad messageArr based on the segment length.
+ if (i < messageText.length) {
+ messageArr.push(messageText.charCodeAt(i));
+ }
+ }
+ let PromiseMdDigest = md.digest();
+ PromiseMdDigest.then(digestOutput => {
+ mdOutput = digestOutput;
+ console.info("[Promise]: MD result: " + mdOutput.data);
+ let mdLen = md.getMdLength();
+ console.info("[Promise]: MD len: " + mdLen);
}).catch(error => {
console.error("[Promise]: error: " + error.message);
});
}
```
-## Performing Key Agreement
+## Key Agreement
-**When to Use**
+### When to Use
Key agreement allows two parties to establish a shared secret over an insecure channel.
-**Available APIs**
+### Available APIs
For details about the APIs, see [Crypto Framework](../reference/apis/js-apis-cryptoFramework.md).
@@ -1287,12 +1288,12 @@ For details about the APIs, see [Crypto Framework](../reference/apis/js-apis-cry
|KeyAgreement|generateSecret(priKey : PriKey, pubKey : PubKey, callback : AsyncCallback\) : void|Generates a shared secret. This API uses an asynchronous callback to return the result.|
|KeyAgreement|generateSecret(priKey : PriKey, pubKey : PubKey) : Promise\|Generates a shared secret. This API uses a promise to return the result.|
-**How to Develop**
+### How to Develop
-1. Use **createKeyAgreement()** to create a **KeyAgreement** object for subsequent key agreement operations.
+1. Use **createKeyAgreement()** to create a **KeyAgreement** instance for subsequent key agreement operations.
2. Use **generateSecret()** provided by **KeyAgreement** to pass in the peer ECC public key object and the ECC private key object generated locally.
-```javascript
+```js
import cryptoFramework from "@ohos.security.cryptoFramework"
let globalSelfPriKey;
@@ -1337,27 +1338,27 @@ function ecdhCallback() {
}
```
-## Generating a MAC
+## HMAC
-**When to Use**
+### When to Use
-A message authentication code (MAC) can be used to verify both the integrity and authenticity of a message using a shared secret.
+A hash-based message authentication code (HMAC) can be used to verify both the integrity and authenticity of a message using a shared secret.
Typical MAC operations involve the following:
1. Create a **Mac** instance.
-2. Initialize the **Mac** instance, add one or more segments of data for generating a MAC, and generate a MAC.
-3. Obtain the algorithm and length of a MAC.
+2. Initialize the **Mac** instance, add one or more segments of data for generating a MAC, and generate an HMAC.
+3. Obtain the algorithm and length of an HMAC.
-**Available APIs**
+### Available APIs
For details about the APIs, see [Crypto Framework](../reference/apis/js-apis-cryptoFramework.md).
| Instance | API | Description |
| --------------- | ------------------------------------------------------------ | --------------------------------------------------- |
| cryptoFramework | function createMac(algName : string) : Mac; | Creates a **Mac** instance. |
-| Mac | init(key : SymKey, callback : AsyncCallback\) : void; | Initializes the MAC operation. This API uses an asynchronous callback to return the result.|
-| Mac | init(key : SymKey) : Promise\; | Initializes the MAC operation. This API uses a promise to return the result. |
+| Mac | init(key : SymKey, callback : AsyncCallback\) : void; | Initializes the **Mac** instance. This API uses an asynchronous callback to return the result.|
+| Mac | init(key : SymKey) : Promise\; | Initializes the **Mac** instance. This API uses a promise to return the result. |
| Mac | update(input : DataBlob, callback : AsyncCallback\) : void; | Updates the data for the MAC operation. This API uses an asynchronous callback to return the result. |
| Mac | update(input : DataBlob) : Promise\; | Updates the data for the MAC operation. This API uses a promise to return the result. |
| Mac | doFinal(callback : AsyncCallback\) : void; | Finalizes the MAC operation to generate a MAC. This API uses an asynchronous callback to return the result. |
@@ -1365,7 +1366,7 @@ For details about the APIs, see [Crypto Framework](../reference/apis/js-apis-cry
| Mac | getMacLength() : number; | Obtains the length of the MAC based on the specified algorithm. |
| Mac | readonly algName : string; | Obtains the digest algorithm. |
-**How to Develop**
+### How to Develop
1. Call **createMac()** to create a **Mac** instance.
2. Call **init()** to initialize the **Mac** instance with the symmetric key passed in.
@@ -1373,80 +1374,75 @@ For details about the APIs, see [Crypto Framework](../reference/apis/js-apis-cry
4. Call **doFinal()** to generate a MAC.
5. Obtain the algorithm and length of the MAC.
-```javascript
+```js
import cryptoFramework from "@ohos.security.cryptoFramework"
-// Convert string into uint8Arr.
+// Convert strings in plaintext into byte streams.
function stringToUint8Array(str) {
- var arr = [];
- for (var i = 0, j = str.length; i < j; ++i) {
- arr.push(str.charCodeAt(i));
- }
- var tmpUint8Array = new Uint8Array(arr);
- return tmpUint8Array;
-}
-
-// Generate a blob.
-function GenDataBlob(dataBlobLen) {
- var dataBlob;
- if (dataBlobLen == 12) {
- dataBlob = {data: stringToUint8Array("my test data")};
- } else {
- console.error("GenDataBlob: dataBlobLen is invalid");
- dataBlob = {data: stringToUint8Array("my test data")};
+ let arr = [];
+ for (let i = 0, j = str.length; i < j; ++i) {
+ arr.push(str.charCodeAt(i));
}
- return dataBlob;
+ return new Uint8Array(arr);
}
-function doHmacByPromise(algName) {
- var mac;
+// Generate an HMAC in promise mode.
+function doHmacByPromise() {
+ let macAlgName = "SHA256"; // Digest algorithm name.
+ let message = "hmacTestMessgae"; // Data used to generate an HMAC.
+ let macOutput;
+ let mac;
try {
- mac = cryptoFramework.createMac(algName);
+ mac = cryptoFramework.createMac(macAlgName);
} catch (error) {
console.error("[Promise]: error code: " + error.code + ", message is: " + error.message);
}
- console.error("[Promise]: Mac algName is: " + mac.algName);
- var KeyBlob = {
+ console.info("[Promise]: Mac algName is: " + mac.algName);
+ let KeyBlob = {
+ // 128-bit key
data : stringToUint8Array("12345678abcdefgh")
}
- var symKeyGenerator = cryptoFramework.createSymKeyGenerator("AES128");
- var promiseConvertKey = symKeyGenerator.convertKey(KeyBlob);
+ let symKeyGenerator = cryptoFramework.createSymKeyGenerator("AES128");
+ // Convert the binary data into a key.
+ let promiseConvertKey = symKeyGenerator.convertKey(KeyBlob);
promiseConvertKey.then(symKey => {
- var promiseMacInit = mac.init(symKey);
+ let promiseMacInit = mac.init(symKey);
return promiseMacInit;
}).then(() => {
- // Initial update().
- var promiseMacUpdate = mac.update(GenDataBlob(12));
- return promiseMacUpdate;
- }).then(() => {
- // Call update() multiple times based on service requirements.
- var promiseMacUpdate = mac.update(GenDataBlob(12));
+ // If the data volume is small, you can use update() once to pass in all data. There is no limit on the length of the input parameter.
+ let promiseMacUpdate = mac.update({ data: stringToUint8Array(message) });
return promiseMacUpdate;
}).then(() => {
- var PromiseMacDoFinal = mac.doFinal();
+ let PromiseMacDoFinal = mac.doFinal();
return PromiseMacDoFinal;
- }).then(macOutput => {
- console.error("[Promise]: HMAC result: " + macOutput.data);
- var macLen = mac.getMacLength();
- console.error("[Promise]: MAC len: " + macLen);
+ }).then(output => {
+ macOutput = output;
+ console.info("[Promise]: HMAC result: " + macOutput.data);
+ let macLen = mac.getMacLength();
+ console.info("[Promise]: MAC len: " + macLen);
}).catch(error => {
console.error("[Promise]: error: " + error.message);
});
}
-// Generate a MAC using callback-based APIs.
-function doHmacByCallback(algName) {
- var mac;
+// Generate an HMAC in callback mode.
+function doHmacByCallback() {
+ let macAlgName = "SHA256"; // Digest algorithm name.
+ let message = "hmacTestMessgae"; // Data used to generate an HMAC.
+ let macOutput;
+ let mac;
try {
- mac = cryptoFramework.createMac(algName);
+ mac = cryptoFramework.createMac(macAlgName);
} catch (error) {
- AlertDialog.show({message: "[Callback]: error code: " + error.code + ", message is: " + error.message});
console.error("[Callback]: error code: " + error.code + ", message is: " + error.message);
}
- var KeyBlob = {
+ console.info("[Promise]: Mac algName is: " + mac.algName);
+ let KeyBlob = {
+ // 128-bit key
data : stringToUint8Array("12345678abcdefgh")
}
- var symKeyGenerator = cryptoFramework.createSymKeyGenerator("AES128");
+ let symKeyGenerator = cryptoFramework.createSymKeyGenerator("AES128");
+ // Convert the binary data into a key.
symKeyGenerator.convertKey(KeyBlob, (err, symKey) => {
if (err) {
console.error("[Callback]: err: " + err.code);
@@ -1455,107 +1451,109 @@ function doHmacByCallback(algName) {
if (err1) {
console.error("[Callback]: err: " + err1.code);
}
- // Initial update().
- mac.update(GenDataBlob(12), (err2, ) => {
+ // If the data volume is small, you can use update() once to pass in all data. There is no limit on the length of the input parameter.
+ mac.update({ data: stringToUint8Array(message) }, (err2, ) => {
if (err2) {
console.error("[Callback]: err: " + err2.code);
}
- // Call update() multiple times based on service requirements.
- mac.update(GenDataBlob(12), (err3, ) => {
+ mac.doFinal((err3, output) => {
if (err3) {
console.error("[Callback]: err: " + err3.code);
+ } else {
+ macOutput = output;
+ console.info("[Callback]: HMAC result: " + macOutput.data);
+ let macLen = mac.getMacLength();
+ console.info("[Callback]: MAC len: " + macLen);
}
- mac.doFinal((err4, macOutput) => {
- if (err4) {
- console.error("[Callback]: err: " + err4.code);
- } else {
- console.error("[Callback]: HMAC result: " + macOutput.data);
- var macLen = mac.getMacLength();
- console.error("[Callback]: MAC len: " + macLen);
- }
- });
});
});
});
});
}
```
-The following example demonstrates how to call **update()** multiple times to update the MAC.
-```javascript
-import cryptoFramework from "@ohos.security.cryptoFramework"
-async function updateData(index, obj, data) {
- console.error("update " + (index + 1) + " MB data...");
- return obj.update(data);
-}
+Generate an HMAC by segment.
+
+```js
+import cryptoFramework from "@ohos.security.cryptoFramework"
function stringToUint8Array(str) {
- var arr = [];
- for (var i = 0, j = str.length; i < j; ++i) {
+ let arr = [];
+ for (let i = 0, j = str.length; i < j; ++i) {
arr.push(str.charCodeAt(i));
}
- var tmpUint8Array = new Uint8Array(arr);
- return tmpUint8Array;
-}
-
-function GenDataBlob(dataBlobLen) {
- var dataBlob;
- if (dataBlobLen == 12) {
- dataBlob = {data: stringToUint8Array("my test data")};
- } else {
- console.error("GenDataBlob: dataBlobLen is invalid");
- dataBlob = {data: stringToUint8Array("my test data")};
- }
- return dataBlob;
+ return new Uint8Array(arr);
}
-function LoopHmacPromise(algName, loopSize) {
- var mac;
+function doLoopHmacPromise() {
+ let macAlgName = "SHA256"; // Digest algorithm name.
+ let macOutput;
+ let mac;
try {
- mac = cryptoFramework.createMac(algName);
+ mac = cryptoFramework.createMac(macAlgName);
} catch (error) {
console.error("[Promise]: error code: " + error.code + ", message is: " + error.message);
return;
}
- console.error("[Promise]: Mac algName is: " + mac.algName);
- var KeyBlob = {
+ console.info("[Promise]: Mac algName is: " + mac.algName);
+ let KeyBlob = {
+ // 128-bit key
data : stringToUint8Array("12345678abcdefgh")
}
- var symKeyGenerator = cryptoFramework.createSymKeyGenerator("AES128");
- var promiseConvertKey = symKeyGenerator.convertKey(KeyBlob);
+ let messageText = "aaaaa.....bbbbb.....ccccc.....ddddd.....eee"; // Assume that the message is of 43 bytes.
+ let updateLength = 20; // For example, pass in 20 bytes in each update().
+ let symKeyGenerator = cryptoFramework.createSymKeyGenerator("AES128");
+ // Convert the binary data into a key.
+ let promiseConvertKey = symKeyGenerator.convertKey(KeyBlob);
promiseConvertKey.then(symKey => {
- var promiseMacInit = mac.init(symKey);
+ let promiseMacInit = mac.init(symKey);
return promiseMacInit;
}).then(async () => {
- for (var i = 0; i < loopSize; i++) {
- await updateData(i, mac, GenDataBlob(12));
+ let promiseMacUpdate;
+ let messageArr = [];
+ for (let i = 0; i <= messageText.length; i++) {
+ if ((i % updateLength == 0 || i == messageText.length) && messageArr.length != 0) {
+ let message = new Uint8Array(messageArr);
+ let messageBlob = { data : message };
+ // Use await to process the update() in the for() loop.
+ try {
+ promiseMacUpdate = await mac.update(messageBlob); // Invoke update() multiple times.
+ } catch (error) {
+ console.error("await update error code: " + error.code + ", message is: " + error.message);
+ return;
+ }
+ messageArr = [];
+ }
+ // Pad messageArr based on the segment length.
+ if (i < messageText.length) {
+ messageArr.push(messageText.charCodeAt(i));
+ }
}
- var promiseMacUpdate = mac.update(GenDataBlob(12));
return promiseMacUpdate;
}).then(() => {
- var PromiseMacDoFinal = mac.doFinal();
+ let PromiseMacDoFinal = mac.doFinal();
return PromiseMacDoFinal;
- }).then(macOutput => {
- console.error("[Promise]: HMAC result: " + macOutput.data);
- var macLen = mac.getMacLength();
- console.error("[Promise]: MAC len: " + macLen);
+ }).then(output => {
+ macOutput = output;
+ console.log("[Promise]: HMAC result: " + macOutput.data);
+ let macLen = mac.getMacLength();
+ console.log("[Promise]: MAC len: " + macLen);
}).catch(error => {
console.error("[Promise]: error: " + error.message);
});
}
```
+## Random Number
-## Generating a Random Number
-
-**When to Use**
+### When to Use
Typical random number operations involve the following:
-- Generate a random number.
-- Set a seed based on the random number generated.
+- 1. Generate a random number of the specified length.
+- 2. Set a seed based on the random number generated.
-**Available APIs**
+### Available APIs
For details about the APIs, see [Crypto Framework](../reference/apis/js-apis-cryptoFramework.md).
@@ -1566,16 +1564,16 @@ For details about the APIs, see [Crypto Framework](../reference/apis/js-apis-cry
| Random | generateRandom(len : number) : Promise\; | Generates a random number. This API uses a promise to return the result. |
| Random | setSeed(seed : DataBlob) : void; | Sets a seed. |
-**How to Develop**
+### How to Develop
1. Call **createRandom()** to create a **Random** instance.
2. Call **generateRandom()** to generate a random number of the given length.
3. Call **setSeed()** to set a seed.
-```javascript
+```js
import cryptoFramework from "@ohos.security.cryptoFramework"
-// Generate a random number and set a seed using promise-based APIs.
+// Generate a random number and set a seed in promise mode.
function doRandByPromise(len) {
var rand;
try {
@@ -1596,7 +1594,7 @@ function doRandByPromise(len) {
});
}
-// Generate a random number and set a seed using callback-based APIs.
+// Generate a random number and set a seed in callback mode.
function doRandByCallback(len) {
var rand;
try {
diff --git a/en/application-dev/security/cryptoFramework-overview.md b/en/application-dev/security/cryptoFramework-overview.md
index 72bbb1148908d177498d54cfc9585c12b3b1d73f..d11c6754a78da6803a9292300cf28f06f89468c9 100644
--- a/en/application-dev/security/cryptoFramework-overview.md
+++ b/en/application-dev/security/cryptoFramework-overview.md
@@ -1,125 +1,121 @@
# Crypto Framework Overview
-The cryptographic (crypto for shot) framework shields the implementation differences of third-party cryptographic algorithm libraries and implements encryption and decryption, signing and signature verification, and operations of the message authentication code (MAC), hashes, and secure random numbers. You can use the APIs provided by this framework to implement cipher development quickly.
+
+The Cryptographic (Crypto for shot) Framework shields the implementation differences of third-party cryptographic algorithm libraries and implements encryption and decryption, digital signature and signature verification, message authentication code (MAC) generation, hashes, and generation of secure random numbers. You can use the APIs provided by this framework to implement cipher development quickly.
> **NOTE**
>
-> The crypto framework provides cryptographic operations on keys, but not key management. It is used when the application keeps the key securely (for example, temporary session keys are used only in the memory or the application implements secure key storage). If the system is required to provide key management (such as key storage), use the [HUKS](huks-overview.md).
+> The Crypto Framework provides cryptographic operations, but not key management. It can be used when temporary session keys are used only in the memory or the applications implement secure key storage. If the system is required to provide key management (such as key storage), use the [HUKS](huks-overview.md).
## Working Principles
-The crypto framework provides components in the following layers:
+The Crypto Framework provides components in the following layers:
-- Interface layer: provides unified JS interface externally.
+- Interface layer: provides unified JavaScript interfaces externally.
- Plug-in layer: implements third-party algorithm libraries.
-- Framework layer: loads plug-ins at the plug-in layer to adapt to third-party algorithm libraries and shield implementation differences between these libraries.
+- Framework layer: flexibly loads plug-ins at the plug-in layer to adapt to third-party algorithm libraries and shield differences between these libraries.
## Basic Concepts
-**Symmetric Key**
+
+### Symmetric Key
A symmetric key is a key used both to encrypt and decrypt data. In symmetric encryption, the sender converts information in plaintext into ciphertext using a key and certain algorithm for security purposes. The receiver converts the ciphertext into plaintext using the same key and algorithm.
- AES
- Advanced Encryption Standard (AES) is the most common symmetric encryption algorithm. AES is a block cipher. A block cipher divides plaintext into fixed-length groups of bits, called blocks. A block is encrypted each time until the entire plaintext is encrypted. The block size in AES is 128 bits. That is, each block contains 16 bytes (8 bits/byte). The key length can be 128 bits, 192 bits, or 256 bits.
+ Advanced Encryption Standard (AES) is the most common symmetric encryption algorithm. AES is a block cipher, which divides plaintext into fixed-length groups of bits, called blocks. A block is encrypted each time until the entire plaintext is encrypted. The block size in AES is 128 bits. That is, each block contains 16 bytes (8 bits/byte). The AES key length can be 128 bits, 192 bits, or 256 bits.
+
- 3DES
- Triple Data Encryption Standard (3DES), also called 3DESede or Triple DES, applies the DES cipher three times to each data block. It uses three 64-bit keys to encrypt a data block three times. Compared with DES, 3DES provides higher security due to longer key length, but its processing speed is lower. The AES is faster and more secure than 3DES.
+ Triple Data Encryption Standard (3DES), also called 3DESede or Triple DES, applies the DES cipher three times to each data block. It uses three 64-bit keys to encrypt a data block three times. Compared with DES, 3DES provides higher security due to longer key length, but lower processing speed. AES is faster and more secure than 3DES.
-**Asymmetric Key**
+### Asymmetric Key
In the asymmetric cryptography, a private and public key pair is required. The private key is used to encrypt the plaintext, and the public key is used to decrypt the ciphertext. The public key is public and open to anyone in the system, while the private key is private. For signing and signature verification, the private key is used to sign the plaintext, and the public key is used to verify the signature data.
- RSA key
- The security of RSA relies on the factoring problem, that is, the difficulty of factoring the product of two large prime numbers. The keys for the RSA algorithm are generated as follows:
+ The security of RSA relies on the factoring problem, that is, the difficulty of factoring the product of two large prime numbers. The keys for the RSA algorithm are generated as follows:
- 1. Generate two large prime numbers **p** and **q**.
-
- 2. Compute **n** = **p** x **q**.
-
- **n** is used as the modulus for both the public and private keys, and is released as part of the public key.
-
- 3. Choose an integer **e** such that 1 < **e** < (**p** - 1) x (**q** - 1), that is, **e** and (**p** - 1) x (**q** - 1) are coprime.
-
+ 1. Generate two large prime numbers **p** and **q**.
+ 2. Compute **n** = **p** x **q**. **n** is used as the modulus for both the public and private keys, and is released as part of the public key.
+ 3. Choose an integer **e** such that 1 < **e** < (**p** - 1) x (**q** - 1), that is, **e** and (**p** - 1) x (**q** - 1) are coprime.
4. Compute **d**. **e** x **d** - 1 is a multiple of (**p** - 1) and (**q** - 1).
-
+
The public key consists of the modulus **n** and the public exponent **e**. The private key consists of **n** and the private exponent **d**.
-
- In addition to the default RSA key generation from two primes, the crypto framework provides key generation from multiple primes. You can set the **primes** parameter (PRIMES_2, PRIMES_3, PRIMES_4, PRIMES_5) to specify the number of primes during key generation. The keys generated from multiple primes help reduce the computation workload in decryption and signing (Chinese remainder theorem). However, such keys are weak. The algorithm library defines specifications based on the rules for using OpenSSL prime numbers. For details, see [**Constraints**](#constraints).
-
+
+ In addition to the default RSA key generation from two primes, the Crypto Framework provides key generation from multiple primes. You can set the **primes** parameter (PRIMES_2, PRIMES_3, PRIMES_4, PRIMES_5) to specify the number of primes during key generation. The keys generated from multiple primes help reduce the computation workload in decryption and signing (Chinese remainder theorem). However, such keys are weak. The algorithm library defines specifications based on the rules for using OpenSSL prime numbers. For details, see **Constraints**.
+
- ECC key
- Elliptic-Curve Cryptography (ECC) is a public-key encryption based on the algebraic structure of elliptic curve over finite fields. The crypto framework provides a variety of ECC key generation capabilities.
+ Elliptic-Curve Cryptography (ECC) is a public-key encryption based on the algebraic structure of elliptic curve over finite fields. The Crypto Framework provides a variety of ECC key generation capabilities.
-**Encryption and Decryption**
+### Encryption/Decryption
-- Symmetric AES encryption and decryption
+- **Symmetric AES encryption and decryption**
The algorithm library provides the following cipher modes of operation for AES: ECB, CBC, OFB, CFB, CTR, GCM, and CCM. AES is a block cipher, with a fixed block size of 128 bits. In actual applications, the last block of plaintext may be less than 128 bits and needs to be padded. The padding options are as follows:
- - **NoPadding**: no padding.
- - **PKCS5**: pads a block cipher with a block size of 8 bytes
- - **PKCS7**: The PKCS #7 padding scheme is the same as that of PKCS #5 padding except that PKCS #5 padding is defined for 8-byte block sizes, while PKCS #5 padding works for any block size from 1 to 255 bytes.
+ - **NoPadding**: no padding.
+ - **PKCS5**: pads a block cipher with a block size of 8 bytes.
+ - **PKCS7**: pads any block size from 1 to 255 bytes. The PKCS #7 padding scheme is the same as that of PKCS #5.
- > **NOTE**
In ECB and CBC, the plaintext must be padded if its length is not an integer multiple of 128 bits. Since the plaintext is padded to the block size, the PKCS #5 and PKCS #7 used in the algorithm library use the block size as the padding length. That is, data is padded to 16 bytes in AES encryption.
-
-- **Symmetric 3DES Encryption and Decryption**
+ > **NOTE**
+ >
+ > In ECB and CBC modes, the plaintext must be padded if its length is not an integer multiple of 128 bits.
+ > Since the plaintext is padded to the block size, the PKCS #5 and PKCS #7 used in the algorithm library use the block size as the padding length. That is, data is padded to 16 bytes in AES encryption.
+- **Symmetric 3DES encryption and decryption**
3DES encryption and decryption apply the DES cipher three times to each data block to obtain the ciphertext or plaintext.
The algorithm library provides the following cipher modes of operation for 3DES encryption and decryption: ECB, CBC, OFB, and CFB. DES is a block cipher, with a fixed block size of 64 bits. In actual applications, the last block of plaintext may be less than 64 bits and needs to be padded. The padding options are as follows:
- - **NoPadding**: no padding.
- - **PKCS5**: pads a block cipher with a block size of 8 bytes
- - **PKCS7**: The PKCS #7 padding scheme is the same as that of PKCS #5 padding except that PKCS #5 padding is defined for 8-byte block sizes, while PKCS #5 padding works for any block size from 1 to 255 bytes.
-
- > **NOTE**
In ECB and CBC, the plaintext must be padded if its length is not an integer multiple of 64 bits.
Since the plaintext is padded to the block size, the PKCS #5 and PKCS #7 used in the algorithm library use the block size as the padding length. That is, data is padded to 8 bytes in 3DES encryption.
-
-- **Asymmetric RSA Encryption and Decryption**
-
- After the RSA public key (n, e) and private key (n, d) are held, the RSA encryption process is as follows:
-
- Ciphertext = Plaintext ^ **e** mod **n**
-
- The decryption process is as follows:
-
- Plaintext = Ciphertext ^ **d** mod **n**
-
- The algorithm library provides the following modes of operation for RSA encryption and decryption: **PKCS1**, **PKCS1_ OAEP**, and **NoPadding**. RSA is a block cipher, with fixed-length blocks. In actual applications, diverse padding modes are used. The padding options are as follows:
-
- - **NoPadding**: No padding is required. The length of the input or output data must be the same as that of the RSA key modulus.
- - **PKCS1**: PKCS #1 v1.5 is the default padding mode for RSA encryption and decryption. The length of the input data must be less than or equal to the RSA key modulus minus 11, and the length of the output data must be the same as that of the RSA key modulus.
- - **PKCS1_OAEP**: The RSA_PKCS1_OAEP_PADDING is a new padding mode provided by PKCS #1. In this mode, two digests (**md** and **mgf1_md**) must be set. The length of the input data must be less than RSA key modulus length minus the **md** length, **mgf1_md** length, and two. The length of the output data must be the same as that of the RSA key modulus.
-
- > **NOTE**
- >
- > Length of the RSA key modulus = (Number of RSA bits + 7)/8
-
-**Signing and Signature Verification**
-
-- RSA signing and signature verification
-
- After the RSA public key (n, e) and private key (n, d) are held, the RSA signature is generated as follows:
-
+ - **NoPadding**: no padding.
+ - **PKCS5**: pads a block cipher with a block size of 8 bytes.
+ - **PKCS7**: pads any block size from 1 to 255 bytes. The PKCS #7 padding scheme is the same as that of PKCS #5.
+
+ > **NOTE**
+ >
+ > In ECB and CBC modes, the plaintext must be padded if its length is not an integer multiple of 64 bits.
+ > Since the plaintext is padded to the block size, the PKCS #5 and PKCS #7 used in the algorithm library use the block size as the padding length. That is, data is padded to 8 bytes in 3DES encryption.
+
+- **Asymmetric RSA encryption and decryption**
+
+ After the RSA public key (n, e) and private key (n, d) are held, the RSA encryption process is as follows:
Ciphertext = Plaintext ^ **e** mod **n**
The decryption process is as follows:
Plaintext = Ciphertext ^ **d** mod **n** The algorithm library provides the following modes of operation for RSA encryption and decryption: **PKCS1**, **PKCS1_ OAEP**, and **NoPadding**. RSA is a block cipher, with fixed-length blocks. In actual applications, diverse padding modes are used. The padding options are as follows:
+ - **NoPadding**: no padding. The length of the input or output data must be the same as that of the RSA key modulus.
+ - **PKCS1**: PKCS #1 v1.5 is the default padding mode for RSA encryption and decryption. The length of the input data must be less than or equal to the RSA key modulus minus 11, and the length of the output data must be the same as that of the RSA key modulus.
+ - **PKCS1_OAEP**: The RSA_PKCS1_OAEP_PADDING is a new padding mode provided by PKCS #1. In this mode, two digests (**md** and **mgf1_md**) must be set. The length of the input data must be less than RSA key modulus length minus the **md** length, **mgf1_md** length, and two. The length of the output data must be the same as that of the RSA key modulus.
+
+ > **NOTE**
+ >
+ > RSA key modulus = (RSA bits + 7)/8
+
+### Signing and Signature Verification
+
+- **RSA signing and signature verification**
+
+ After the RSA public key (n, e) and private key (n, d) are held, the RSA signature is generated as follows:
+
Signature = Message ^ **d** mod **n**
-
+
The signature verification process is as follows:
-
+
Message = Signature ^ **d** mod **n**
-
- The sender sends the message and the signature signed by the private key. The receiver decrypts the signature using the public key to verify the signature. Generally, the message sent is longer than the RSA key modulus. Therefore, the crypto framework provides two padding modes to extract the hash value of the message digest before signing the message. The crypto framework provides the following padding modes for signing and signature verification:
-
+
+ The sender sends the message and the signature signed by the private key. The receiver decrypts the signature using the public key to verify the signature. Generally, the message sent is longer than the RSA key modulus. Therefore, the Crypto Framework provides two padding modes to extract the hash value of the message digest before signing the message.
+
+ The Crypto Framework provides the following padding modes for signing and signature verification:
+
- **PKCS1**: PKCS #1 v1.5 is the default padding mode for RSA encryption and decryption. When this mode is used, the digest (**md**) must be set.
- **PSS**: The PSS mode is a padding algorithm based on the RSA algorithm. When it is used, the digest (**md**) and mask function (**mgf1_md**) are required.
-
-- ECDSA
- The Elliptic Curve Digital Signature Algorithm (ECDSA) is a Digital Signature Algorithm (DSA) that uses the ECC. Compared with the ordinary Discrete Logarithm Problem (DLP) and Integer Factorization Problem (IFP), the ECC provides a higher unit bit strength than other public-key cryptographic systems. The crypto framework provides the ECDSA that combines multiple elliptic curve and digest algorithms.
+- **ECDSA**
+
+ The Elliptic Curve Digital Signature Algorithm (ECDSA) is a Digital Signature Algorithm (DSA) that uses the ECC. Compared with the ordinary Discrete Logarithm Problem (DLP) and Integer Factorization Problem (IFP), the ECC provides a higher unit bit strength than other public-key cryptographic systems. The Crypto Framework provides the ECDSA that combines multiple elliptic curve and digest algorithms.
-**Key Agreement**
+### Key Agreement
- **ECDH**
- Elliptic Curve Diffie-Hellman (ECDH) allows two parties to establish a shared secret over an insecure channel. The crypto framework provides a variety of ECDH capabilities based on the open-source algorithm library.
+ Elliptic Curve Diffie-Hellman (ECDH) allows two parties to establish a shared secret over an insecure channel. The Crypto Framework provides a variety of ECDH capabilities based on the open-source algorithm library.
-**Digest**
+### Digest
The message digest algorithm allows a fixed-length digest to be generated from data of arbitrary size by using the hash algorithm. It is used for sensitive information encryption because it is infeasible to invert or reverse the computation. The MD algorithm is also referred to as a hash algorithm or a one-way hash algorithm.
When the same digest algorithm is used, the generated digest (hash value) has the following features:
@@ -128,32 +124,31 @@ When the same digest algorithm is used, the generated digest (hash value) has th
- The digest generated is of the fixed length no matter the length of messages. (The digest length is determined by the algorithm used).
- It is almost impossible to find two different messages with the same hash value. (The probability still exists, depending on the length of the digest.)
-There are three types of message digest algorithms: MD, SHA, and MAC. For details, see **HMAC**.
+There are three types of message digest algorithms: MD, SHA, and MAC. For details, see section **HMAC**.
MD algorithms include MD2, MD4, and MD5.
Major SHA algorithms include SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.
-**HMAC**
+### HMAC
Hash-based Message Authentication Code (HMAC) is a key-based message authentication code algorithm. HMAC provides authentication using a shared secret instead of using a digital signature. The MAC generated can be used to verify the integrity and authenticity of the message. The length of the MAC generated by HMAC is fixed. Compared with MAC, HMAC introduces the shared secret, which ensures data correctness.
-**Random Number**
+### Random Number
Random numbers are mainly used to generate temporary session keys or keys in asymmetric encryption. They are generated by a hardware random number generator or software-based pseudo-random number generator. In encryption and decryption, a secure random number generator must feature randomness, unrepeatability, and unpredictability. The random numbers generated by the Cryptography Secure Random Number Generator (CSPRNG) meet the requirements of cryptography security pseudo-randomness.
- Internal state
A value in the random number generator memory. The same internal state produces the same sequence of the random number.
- Seed
A number used to initialize the internal state of a pseudorandom number generator. The random number generator generates a series of random sequences based on the seeds.
-
## Constraints
-- The crypto framework does not support concurrent operations of multiple threads.
+- The Crypto Framework does not support concurrent operations of multiple threads.
- Currently, the algorithm library supports only OpenSSL.
-### Key Generation Specifications
+## Key Generation Specifications
**Symmetric Key Generation Specifications**
-- The following parameters are supported:
+- The following parameters are supported.
|Symmetric Key Algorithm|Key Length (Bit)|String Parameter|
|---|---|---|
@@ -162,12 +157,15 @@ Random numbers are mainly used to generate temporary session keys or keys in asy
|AES|192|AES192|
|AES|256|AES256|
- > **NOTE**
**String Parameter** is a combination of **Symmetric Key Algorithm** and **Key Length**. It specifies the key specifications when a symmetric key generator is created.
+ > **NOTE**
+ >
+ > As a combination of the symmetric key algorithm and the key length, the string parameter specifies the key specifications when a symmetric key generator is created.
**Asymmetric Key Generation Specifications**
+
- **RSA key generation**
- The following parameters are supported:
+ The following parameters are supported.
|Asymmetric Key Type|Number of Primes|String Parameter|
|---|---|---|
@@ -187,11 +185,13 @@ Random numbers are mainly used to generate temporary session keys or keys in asy
|RSA8192|4|RSA8192\|PRIMES_4|
|RSA8192|5|RSA8192\|PRIMES_5|
- > **NOTE**
When an RSA asymmetric key is generated, the default prime number is 2, and **PRIMES_2** is optional.
+ > **NOTE**
+ >
+ > When the RSA asymmetric key is generated, the default number of primes is 2 and the **PRIMES_2** parameter can be omitted.
- **ECC key generation**
- The following parameters are supported:
+ The following parameters are supported.
|Asymmetric Key Algorithm|Key Length|
|---|---|
@@ -200,13 +200,13 @@ Random numbers are mainly used to generate temporary session keys or keys in asy
|ECC|ECC384|
|ECC|ECC521|
-### Encryption and Decryption Specifications
+## Encryption and Decryption Specifications
**Symmetric Encryption and Decryption**
-- The following symmetric encryption algorithms are supported:
+- The following symmetric encryption algorithms are supported.
- |Algorithm|Block Cipher Mode| String Parameter |
+ |Symmetric Encryption and Decryption Algorithm |Block Cipher Mode| String Parameter |
|---|---|---|
|3DES|ECB|3DES192\|ECB\|[NoPadding\|PKCS5\|PKCS7]|
|3DES|CBC|3DES192\|CBC\|[NoPadding\|PKCS5\|PKCS7]|
@@ -220,14 +220,15 @@ Random numbers are mainly used to generate temporary session keys or keys in asy
|AES|GCM|AES[128\|192\|256]\|GCM\|[NoPadding\|PKCS5\|PKCS7]|
|AES|CCM|AES[128\|192\|256]\|CCM\|[NoPadding\|PKCS5\|PKCS7]|
-> **NOTE**
->
-> - The options included in the square brackets ([]) are mutually exclusive.
-> - **String Parameter** is a combination of **Algorithm** (including the key length), **Block Cipher Mode**, and padding mode. It specifies the symmetric encryption/decryption algorithm specifications when a symmetric encryption/decryption instance is created.
+ > **NOTE**
+ >
+ > - The options included in the square brackets ([]) are mutually exclusive.
+ > - As a combination of the algorithm (including the key length), block cipher mode, and padding mode, the string parameter specifies the symmetric encryption/decryption algorithm specifications when a symmetric encryption/decryption instance is created.
**Asymmetric RSA Encryption and Decryption**
-The crypto framework provides three padding modes for RSA encryption/decryption: **NoPadding**, **PKCS1**, and **PKCS1_OAEP**.
+The Crypto Framework provides three padding modes for RSA encryption/decryption: **NoPadding**, **PKCS1**, and **PKCS1_OAEP**.
+
- Parameters for **NoPadding**
|Asymmetric Key Type| Padding Mode| String Parameter|
@@ -253,10 +254,11 @@ The crypto framework provides three padding modes for RSA encryption/decryption:
|RSA8192|PKCS1|RSA8192\|PKCS1|
- Parameters for **PKCS1_OAEP**
+
> **NOTE**
- >
+ >
> - The options included in the square brackets ([]) are mutually exclusive. The options outside the square brackets are fixed values.
- > - Combine the asymmetric key type, padding mode, digest, and mask digest, with a vertical bar (|) in between. For example, **RSA2048|PKCS1_OAEP|SHA256|MGF1_SHA256**.
+ > - The string parameter is a combination of the asymmetric key type, padding mode, digest, and mask digest, with a vertical bar (|) in between. For example, **RSA2048|PKCS1_OAEP|SHA256|MGF1_SHA256**.
| Asymmetric Key Type| Padding Mode| Digest| Mask Digest|
|---|---|---|---|
@@ -301,13 +303,13 @@ The crypto framework provides three padding modes for RSA encryption/decryption:
|RSA8192|PKCS1_OAEP|SHA384|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]|
|RSA8192|PKCS1_OAEP|SHA512|[MGF1_MD5\|MGF1_SHA1\|MGF1_SHA224\|MGF1_SHA256\|MGF1_SHA384\|MGF1_SHA512]|
-
-### Signing and Signature Verification Specifications
+## Signing and Signature Verification Specifications
**RSA Signing and Signature Verification**
-The crypto framework provides two padding modes for RSA signing and signature verification: **PKCS1** and **PSS**.
-- Parameters for **PKCS1**
+The Crypto Framework provides two padding modes for RSA signing and signature verification: **PKCS1** and **PSS**.
+
+- Parameters for **PKCS1**
| Asymmetric Key Type| Padding Mode| Digest| String Parameter|
|---|---|---|---|
@@ -321,9 +323,9 @@ The crypto framework provides two padding modes for RSA signing and signature ve
- Parameters for **PSS**
> **NOTE**
- >
+ >
> - The options included in the square brackets ([]) are mutually exclusive. The options outside the square brackets are fixed values.
- > - Combine the asymmetric key type, padding mode, digest, and mask digest, with a vertical bar (|) in between. For example, **RSA2048|PSS|SHA256|MGF1_SHA256**.
+ > - The string parameter is a combination of the asymmetric key type, padding mode, digest, and mask digest, with a vertical bar (|) in between. For example, **RSA2048|PSS|SHA256|MGF1_SHA256**.
| Asymmetric Key Type| Padding Mode| Digest| Mask Digest|
|---|---|---|---|
@@ -370,7 +372,7 @@ The crypto framework provides two padding modes for RSA signing and signature ve
**ECDSA Signing and Signature Verification**
-- The following ECDSA parameters are supported:
+- The following ECDSA parameters are supported.
|Asymmetric Key Algorithm|Supported Type|
|---|---|
@@ -379,7 +381,7 @@ The crypto framework provides two padding modes for RSA signing and signature ve
|ECC|ECC384|
|ECC|ECC521|
- |Digest Algorithm|Supported Type|
+ |Digest Algorithm |Supported Type|
|---|---|
|HASH|SHA1|
|HASH|SHA224|
@@ -387,11 +389,11 @@ The crypto framework provides two padding modes for RSA signing and signature ve
|HASH|SHA384|
|HASH|SHA512|
-### Key Agreement Specifications
+## Key Agreement Specifications
**ECDH**
-- The following ECDH parameters are supported:
+- The following ECDH parameters are supported.
|Asymmetric Key Algorithm|Supported Type|
|---|---|
@@ -400,10 +402,11 @@ The crypto framework provides two padding modes for RSA signing and signature ve
|ECC|ECC384|
|ECC|ECC521|
-### MD Algorithm Specifications
-- The crypto framework supports the following MD algorithm parameters:
+## MD Algorithm Specifications
+
+- The Crypto Framework supports the following MD algorithm parameters.
- |Digest Algorithm|Supported Type|
+ |Digest Algorithm |Supported Type|
|---|---|
|HASH|SHA1|
|HASH|SHA224|
@@ -412,10 +415,11 @@ The crypto framework provides two padding modes for RSA signing and signature ve
|HASH|SHA512|
|HASH|MD5|
-### HMAC Algorithm Specifications
-- The crypto framework supports the following HMAC algorithm parameters:
+## HMAC Algorithm Specifications
+
+- The Crypto Framework supports the following HMAC algorithm parameters.
- |Digest Algorithm|Supported Type|
+ |Digest Algorithm |Supported Type|
|---|---|
|HASH|SHA1|
|HASH|SHA224|