1# Encryption and Decryption with an AES Symmetric Key (CBC Mode) (ArkTS)
2
3
4For details about the algorithm specifications, see [AES](crypto-sym-encrypt-decrypt-spec.md#aes).
5
6
7**Encryption**
8
9
101. Use [cryptoFramework.createSymKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatesymkeygenerator) and [SymKeyGenerator.generateSymKey](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatesymkey-1) to generate a 128-bit AES symmetric key (**SymKey**).
11   
12   In addition to the example in this topic, [AES](crypto-sym-key-generation-conversion-spec.md#aes) and [Randomly Generating a Symmetric Key](crypto-generate-sym-key-randomly.md) may help you better understand how to generate an AES symmetric key. Note that the input parameters in the reference documents may be different from those in the example below.
13
142. Use [cryptoFramework.createCipher](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatecipher) with the string parameter **'AES128|CBC|PKCS7'** to create a **Cipher** instance. The key type is **AES128**, block cipher mode is **CBC**, and the padding mode is **PKCS7**.
15
163. Use [Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1) to initialize the **Cipher** instance. In the **Cipher.init** API, set **opMode** to **CryptoMode.ENCRYPT_MODE** (encryption), **key** to **SymKey** (the key for encryption), and **params** to **IvParamsSpec** corresponding to the CBC mode.
17
184. If the data to be encrypted is short, you can use [Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1) after **Cipher.init** to obtain the encrypted data.
19
20
21**Decryption**
22
23
241. Use [Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1) to initialize the **Cipher** instance. In the **Cipher.init** API, set **opMode** to **CryptoMode.DECRYPT_MODE** (decryption), **key** to **SymKey** (the key for decryption), and **params** to **IvParamsSpec** corresponding to the CBC mode.
25
262. If the data to be decrypted is short, you can use [Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1) after **Cipher.init** to obtain the decrypted data.
27
28
29- Example (using asynchronous APIs):
30
31  ```ts
32  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
33  import { buffer } from '@kit.ArkTS';
34
35  function genIvParamsSpec() {
36    let arr = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; // 16 bytes
37    let dataIv = new Uint8Array(arr);
38    let ivBlob: cryptoFramework.DataBlob = { data: dataIv };
39    let ivParamsSpec: cryptoFramework.IvParamsSpec = {
40      algName: "IvParamsSpec",
41      iv: ivBlob
42    };
43    return ivParamsSpec;
44  }
45  // Encrypt the message.
46  async function encryptMessagePromise(symKey: cryptoFramework.SymKey, plainText: cryptoFramework.DataBlob) {
47    let cipher = cryptoFramework.createCipher('AES128|CBC|PKCS7');
48    let iv = genIvParamsSpec();
49    await cipher.init(cryptoFramework.CryptoMode.ENCRYPT_MODE, symKey, iv);
50    let cipherData = await cipher.doFinal(plainText);
51    return cipherData;
52  }
53  // Decrypt the message.
54  async function decryptMessagePromise(symKey: cryptoFramework.SymKey, cipherText: cryptoFramework.DataBlob) {
55    let decoder = cryptoFramework.createCipher('AES128|CBC|PKCS7');
56    let iv = genIvParamsSpec();
57    await decoder.init(cryptoFramework.CryptoMode.DECRYPT_MODE, symKey, iv);
58    let decryptData = await decoder.doFinal(cipherText);
59    return decryptData;
60  }
61
62  async function genSymKeyByData(symKeyData: Uint8Array) {
63    let symKeyBlob: cryptoFramework.DataBlob = { data: symKeyData };
64    let aesGenerator = cryptoFramework.createSymKeyGenerator('AES128');
65    let symKey = await aesGenerator.convertKey(symKeyBlob);
66    console.info('convertKey success');
67    return symKey;
68  }
69
70  async function aesCBC() {
71    try {
72      let keyData = new Uint8Array([83, 217, 231, 76, 28, 113, 23, 219, 250, 71, 209, 210, 205, 97, 32, 159]);
73      let symKey = await genSymKeyByData(keyData);
74      let message = "This is a test";
75      let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) };
76      let encryptText = await encryptMessagePromise(symKey, plainText);
77      let decryptText = await decryptMessagePromise(symKey, encryptText);
78      if (plainText.data.toString() === decryptText.data.toString()) {
79        console.info('decrypt ok');
80        console.info('decrypt plainText: ' + buffer.from(decryptText.data).toString('utf-8'));
81      } else {
82        console.error('decrypt failed');
83      }
84    } catch (error) {
85      console.error(`AES CBC "${error}", error code: ${error.code}`);
86    }
87  }
88  ```
89
90- Example (using synchronous APIs):
91
92  ```ts
93  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
94  import { buffer } from '@kit.ArkTS';
95
96  function genIvParamsSpec() {
97    let arr = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; // 16 bytes
98    let dataIv = new Uint8Array(arr);
99    let ivBlob: cryptoFramework.DataBlob = { data: dataIv };
100    let ivParamsSpec: cryptoFramework.IvParamsSpec = {
101      algName: "IvParamsSpec",
102      iv: ivBlob
103    };
104    return ivParamsSpec;
105  }
106  // Encrypt the message.
107  function encryptMessage(symKey: cryptoFramework.SymKey, plainText: cryptoFramework.DataBlob) {
108    let cipher = cryptoFramework.createCipher('AES128|CBC|PKCS7');
109    let iv = genIvParamsSpec();
110    cipher.initSync(cryptoFramework.CryptoMode.ENCRYPT_MODE, symKey, iv);
111    let cipherData = cipher.doFinalSync(plainText);
112    return cipherData;
113  }
114  // Decrypt the message.
115  function decryptMessage(symKey: cryptoFramework.SymKey, cipherText: cryptoFramework.DataBlob) {
116    let decoder = cryptoFramework.createCipher('AES128|CBC|PKCS7');
117    let iv = genIvParamsSpec();
118    decoder.initSync(cryptoFramework.CryptoMode.DECRYPT_MODE, symKey, iv);
119    let decryptData = decoder.doFinalSync(cipherText);
120    return decryptData;
121  }
122
123  async function genSymKeyByData(symKeyData: Uint8Array) {
124    let symKeyBlob: cryptoFramework.DataBlob = { data: symKeyData };
125    let aesGenerator = cryptoFramework.createSymKeyGenerator('AES128');
126    let symKey = await aesGenerator.convertKey(symKeyBlob);
127    console.info('convertKey success');
128    return symKey;
129  }
130
131  async function main() {
132    try {
133      let keyData = new Uint8Array([83, 217, 231, 76, 28, 113, 23, 219, 250, 71, 209, 210, 205, 97, 32, 159]);
134      let symKey = await genSymKeyByData(keyData);
135      let message = "This is a test";
136      let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) };
137      let encryptText = encryptMessage(symKey, plainText);
138      let decryptText = decryptMessage(symKey, encryptText);
139      if (plainText.data.toString() === decryptText.data.toString()) {
140        console.info('decrypt ok');
141        console.info('decrypt plainText: ' + buffer.from(decryptText.data).toString('utf-8'));
142      } else {
143        console.error('decrypt failed');
144      }
145    } catch (error) {
146      console.error(`AES CBC "${error}", error code: ${error.code}`);
147    }
148  }
149  ```
150