1e41f4b71Sopenharmony_ci# Signing and Signature Verification with an RSA Key Pair (PKCS1 Mode) (ArkTS) 2e41f4b71Sopenharmony_ci 3e41f4b71Sopenharmony_ci 4e41f4b71Sopenharmony_ciFor details about the algorithm specifications, see [RSA](crypto-sign-sig-verify-overview.md#rsa). 5e41f4b71Sopenharmony_ci 6e41f4b71Sopenharmony_ci 7e41f4b71Sopenharmony_ci**Signing** 8e41f4b71Sopenharmony_ci 9e41f4b71Sopenharmony_ci 10e41f4b71Sopenharmony_ci1. Use [cryptoFramework.createAsyKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateasykeygenerator) and [AsyKeyGenerator.generateKeyPair](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatekeypair-1) to generate a 1024-bit RSA key pair (**KeyPair**) with two primes. The **KeyPair** instance consists of a public key (**PubKey**) and a private key (**PriKey**). 11e41f4b71Sopenharmony_ci 12e41f4b71Sopenharmony_ci In addition to the example in this topic, [RSA](crypto-asym-key-generation-conversion-spec.md#rsa) and [Randomly Generating an Asymmetric Key Pair](crypto-generate-asym-key-pair-randomly.md) may help you better understand how to generate an RSA asymmetric key pair. Note that the input parameters in the reference documents may be different from those in the example below. 13e41f4b71Sopenharmony_ci 14e41f4b71Sopenharmony_ci2. Use [cryptoFramework.createSign](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatesign) with the string parameter **'RSA1024|PKCS1|SHA256'** to create a **Sign** instance. The key type is RSA1024, the padding mode is **PKCS1**, and the MD algorithm is **SHA256**. 15e41f4b71Sopenharmony_ci 16e41f4b71Sopenharmony_ci3. Use [Sign.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-3) to initialize the **Sign** instance with the private key (**PriKey**). 17e41f4b71Sopenharmony_ci 18e41f4b71Sopenharmony_ci4. Use [Sign.update](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#update-3) to pass in the data to be signed. 19e41f4b71Sopenharmony_ci 20e41f4b71Sopenharmony_ci Currently, the amount of data to be passed in by a single **update()** is not limited. You can determine how to pass in data based on the data volume. 21e41f4b71Sopenharmony_ci 22e41f4b71Sopenharmony_ci - If the data to be signed is short, call **sign()** immediately after **init()**. 23e41f4b71Sopenharmony_ci - If a large amount of data is to be signed, call **update()** multiple times to [pass in data by segment](crypto-rsa-sign-sig-verify-pkcs1-by-segment.md). 24e41f4b71Sopenharmony_ci 25e41f4b71Sopenharmony_ci5. Use [Sign.sign](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#sign-2) to generate a signature. 26e41f4b71Sopenharmony_ci 27e41f4b71Sopenharmony_ci 28e41f4b71Sopenharmony_ci**Signature Verification** 29e41f4b71Sopenharmony_ci 30e41f4b71Sopenharmony_ci 31e41f4b71Sopenharmony_ci1. Use [cryptoFramework.createVerify](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateverify) with the string parameter **'RSA1024|PKCS1|SHA256'** to create a **Verify** instance. The string parameter must be the same as that used to create the **Sign** instance. 32e41f4b71Sopenharmony_ci 33e41f4b71Sopenharmony_ci2. Use [Verify.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-5) to initialize the **Verify** instance using the public key (**PubKey**). 34e41f4b71Sopenharmony_ci 35e41f4b71Sopenharmony_ci3. Use [Verify.update](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#update-5) to pass in the data to be verified. 36e41f4b71Sopenharmony_ci 37e41f4b71Sopenharmony_ciCurrently, the amount of data to be passed in by a single **update()** is not limited. You can determine how to pass in data based on the data volume. 38e41f4b71Sopenharmony_ci 39e41f4b71Sopenharmony_ci - If the data to be verified is short, call **verify()** immediately after **init()**. 40e41f4b71Sopenharmony_ci- If a large amount of data is to be verified, call **update()** multiple times to [pass in data by segment](crypto-rsa-sign-sig-verify-pkcs1-by-segment.md). 41e41f4b71Sopenharmony_ci 42e41f4b71Sopenharmony_ci4. Use [Verify.verify](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#verify-2) to verify the data signature. 43e41f4b71Sopenharmony_ci 44e41f4b71Sopenharmony_ci 45e41f4b71Sopenharmony_ci- Example (using asynchronous APIs): 46e41f4b71Sopenharmony_ci 47e41f4b71Sopenharmony_ci ```ts 48e41f4b71Sopenharmony_ci import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 49e41f4b71Sopenharmony_ci import { buffer } from '@kit.ArkTS'; 50e41f4b71Sopenharmony_ci // The plaintext is split into input1 and input2. 51e41f4b71Sopenharmony_ci let input1: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from("This is Sign test plan1", 'utf-8').buffer) }; 52e41f4b71Sopenharmony_ci let input2: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from("This is Sign test plan2", 'utf-8').buffer) }; 53e41f4b71Sopenharmony_ci async function signMessagePromise(priKey: cryptoFramework.PriKey) { 54e41f4b71Sopenharmony_ci let signAlg = "RSA1024|PKCS1|SHA256"; 55e41f4b71Sopenharmony_ci let signer = cryptoFramework.createSign(signAlg); 56e41f4b71Sopenharmony_ci await signer.init(priKey); 57e41f4b71Sopenharmony_ci await signer.update(input1); // If the plaintext is short, you can use sign() to pass in the full data at a time. 58e41f4b71Sopenharmony_ci let signData = await signer.sign(input2); 59e41f4b71Sopenharmony_ci return signData; 60e41f4b71Sopenharmony_ci } 61e41f4b71Sopenharmony_ci async function verifyMessagePromise(signMessageBlob: cryptoFramework.DataBlob, pubKey: cryptoFramework.PubKey) { 62e41f4b71Sopenharmony_ci let verifyAlg = "RSA1024|PKCS1|SHA256"; 63e41f4b71Sopenharmony_ci let verifier = cryptoFramework.createVerify(verifyAlg); 64e41f4b71Sopenharmony_ci await verifier.init(pubKey); 65e41f4b71Sopenharmony_ci await verifier.update(input1); // If the plaintext is short, you can use verify() to pass in the full data at a time. 66e41f4b71Sopenharmony_ci let res = await verifier.verify(input2, signMessageBlob); 67e41f4b71Sopenharmony_ci console.info("verify result is " + res); 68e41f4b71Sopenharmony_ci return res; 69e41f4b71Sopenharmony_ci } 70e41f4b71Sopenharmony_ci async function main() { 71e41f4b71Sopenharmony_ci let keyGenAlg = "RSA1024"; 72e41f4b71Sopenharmony_ci let generator = cryptoFramework.createAsyKeyGenerator(keyGenAlg); 73e41f4b71Sopenharmony_ci let keyPair = await generator.generateKeyPair(); 74e41f4b71Sopenharmony_ci let signData = await signMessagePromise(keyPair.priKey); 75e41f4b71Sopenharmony_ci let verifyResult = await verifyMessagePromise(signData, keyPair.pubKey); 76e41f4b71Sopenharmony_ci if (verifyResult == true) { 77e41f4b71Sopenharmony_ci console.info('verify success'); 78e41f4b71Sopenharmony_ci } else { 79e41f4b71Sopenharmony_ci console.error('verify failed'); 80e41f4b71Sopenharmony_ci } 81e41f4b71Sopenharmony_ci } 82e41f4b71Sopenharmony_ci ``` 83e41f4b71Sopenharmony_ci 84e41f4b71Sopenharmony_ci- Example (using synchronous APIs): 85e41f4b71Sopenharmony_ci 86e41f4b71Sopenharmony_ci ```ts 87e41f4b71Sopenharmony_ci import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 88e41f4b71Sopenharmony_ci import { buffer } from '@kit.ArkTS'; 89e41f4b71Sopenharmony_ci // The plaintext is split into input1 and input2. 90e41f4b71Sopenharmony_ci let input1: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from("This is Sign test plan1", 'utf-8').buffer) }; 91e41f4b71Sopenharmony_ci let input2: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from("This is Sign test plan2", 'utf-8').buffer) }; 92e41f4b71Sopenharmony_ci function signMessagePromise(priKey: cryptoFramework.PriKey) { 93e41f4b71Sopenharmony_ci let signAlg = "RSA1024|PKCS1|SHA256"; 94e41f4b71Sopenharmony_ci let signer = cryptoFramework.createSign(signAlg); 95e41f4b71Sopenharmony_ci signer.initSync(priKey); 96e41f4b71Sopenharmony_ci signer.updateSync(input1); // If the plaintext is short, you can use sign() to pass in the full data at a time. 97e41f4b71Sopenharmony_ci let signData = signer.signSync(input2); 98e41f4b71Sopenharmony_ci return signData; 99e41f4b71Sopenharmony_ci } 100e41f4b71Sopenharmony_ci function verifyMessagePromise(signMessageBlob: cryptoFramework.DataBlob, pubKey: cryptoFramework.PubKey) { 101e41f4b71Sopenharmony_ci let verifyAlg = "RSA1024|PKCS1|SHA256"; 102e41f4b71Sopenharmony_ci let verifier = cryptoFramework.createVerify(verifyAlg); 103e41f4b71Sopenharmony_ci verifier.initSync(pubKey); 104e41f4b71Sopenharmony_ci verifier.updateSync(input1); // If the plaintext is short, you can use verify() to pass in the full data at a time. 105e41f4b71Sopenharmony_ci let res = verifier.verifySync(input2, signMessageBlob); 106e41f4b71Sopenharmony_ci console.info("verify result is " + res); 107e41f4b71Sopenharmony_ci return res; 108e41f4b71Sopenharmony_ci } 109e41f4b71Sopenharmony_ci function main() { 110e41f4b71Sopenharmony_ci let keyGenAlg = "RSA1024"; 111e41f4b71Sopenharmony_ci let generator = cryptoFramework.createAsyKeyGenerator(keyGenAlg); 112e41f4b71Sopenharmony_ci let keyPair = generator.generateKeyPairSync(); 113e41f4b71Sopenharmony_ci let signData = signMessagePromise(keyPair.priKey); 114e41f4b71Sopenharmony_ci let verifyResult = verifyMessagePromise(signData, keyPair.pubKey); 115e41f4b71Sopenharmony_ci if (verifyResult == true) { 116e41f4b71Sopenharmony_ci console.info('verify success'); 117e41f4b71Sopenharmony_ci } else { 118e41f4b71Sopenharmony_ci console.error('verify failed'); 119e41f4b71Sopenharmony_ci } 120e41f4b71Sopenharmony_ci } 121e41f4b71Sopenharmony_ci ``` 122