1e41f4b71Sopenharmony_ci# Encryption and Decryption with an SM2 Asymmetric Key Pair 2e41f4b71Sopenharmony_ci 3e41f4b71Sopenharmony_ci 4e41f4b71Sopenharmony_ciFor details about the algorithm specifications, see [SM2](crypto-asym-encrypt-decrypt-spec.md#sm2). 5e41f4b71Sopenharmony_ci 6e41f4b71Sopenharmony_ci 7e41f4b71Sopenharmony_ci**Encryption** 8e41f4b71Sopenharmony_ci 9e41f4b71Sopenharmony_ci 10e41f4b71Sopenharmony_ci1. Use [cryptoFramework.createAsyKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateasykeygenerator) and [AsyKeyGenerator.generateKeyPair](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatekeypair-1) to create a 256-bit SM2 asymmetric key pair (**KeyPair**). The **KeyPair** object includes a public key (**PubKey**) and a private key (**PriKey**). 11e41f4b71Sopenharmony_ci 12e41f4b71Sopenharmony_ci In addition to the example in this topic, [SM2](crypto-asym-key-generation-conversion-spec.md#sm2) and [Randomly Generating an Asymmetric Key Pair](crypto-generate-asym-key-pair-randomly.md) may help you better understand how to generate an SM2 asymmetric key pair. Note that the input parameters in the reference documents may be different from those in the example below. 13e41f4b71Sopenharmony_ci 14e41f4b71Sopenharmony_ci2. Use [cryptoFramework.createCipher](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatecipher) with the string parameter **'SM2_256|SM3'** to create a **Cipher** instance. The key type is **SM2_256**, and the MD algorithm is **SM3**. 15e41f4b71Sopenharmony_ci 16e41f4b71Sopenharmony_ci3. Use [Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1) to initialize the **Cipher** instance. In **Cipher.init**, set **opMode** to **CryptoMode.ENCRYPT_MODE** (encryption) and **key** to **KeyPair.PubKey** (the key used for encryption). 17e41f4b71Sopenharmony_ci 18e41f4b71Sopenharmony_ci No encryption parameter is required for asymmetric key pairs. Therefore, pass in **null** in **params**. 19e41f4b71Sopenharmony_ci 20e41f4b71Sopenharmony_ci4. Use [Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1) to pass in the plaintext and encrypt it. 21e41f4b71Sopenharmony_ci 22e41f4b71Sopenharmony_ci - The output of **Cipher.doFinal** may be **null**. To avoid exceptions, always check whether the result is **null** before accessing specific data. 23e41f4b71Sopenharmony_ci - If a large amount of data is to be encrypted, you can call **Cipher.doFinal** multiple times to pass in the data by segment. 24e41f4b71Sopenharmony_ci 25e41f4b71Sopenharmony_ci 26e41f4b71Sopenharmony_ci**Decryption** 27e41f4b71Sopenharmony_ci 28e41f4b71Sopenharmony_ci 29e41f4b71Sopenharmony_ci1. If SM2 is used, the **Cipher** instance cannot be initialized repeatedly. Use [cryptoFramework.createCipher](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatecipher) to create a new **Cipher** instance. 30e41f4b71Sopenharmony_ci 31e41f4b71Sopenharmony_ci2. Use [Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1) to initialize the **Cipher** instance. In **Cipher.init**, set **opMode** to **CryptoMode.DECRYPT_MODE** (decryption) and **key** to **KeyPair.PriKey** (the key used for decryption). If SM2 is used, no decryption parameter is required. Therefore, pass in **null** in **params**. 32e41f4b71Sopenharmony_ci 33e41f4b71Sopenharmony_ci3. Use [Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1) to pass in the ciphertext and decrypt it. 34e41f4b71Sopenharmony_ci 35e41f4b71Sopenharmony_ci 36e41f4b71Sopenharmony_ci- Example (using asynchronous APIs): 37e41f4b71Sopenharmony_ci 38e41f4b71Sopenharmony_ci ```ts 39e41f4b71Sopenharmony_ci import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 40e41f4b71Sopenharmony_ci import { buffer } from '@kit.ArkTS'; 41e41f4b71Sopenharmony_ci 42e41f4b71Sopenharmony_ci // Encrypt the message. 43e41f4b71Sopenharmony_ci async function encryptMessagePromise(publicKey: cryptoFramework.PubKey, plainText: cryptoFramework.DataBlob) { 44e41f4b71Sopenharmony_ci let cipher = cryptoFramework.createCipher('SM2_256|SM3'); 45e41f4b71Sopenharmony_ci await cipher.init(cryptoFramework.CryptoMode.ENCRYPT_MODE, publicKey, null); 46e41f4b71Sopenharmony_ci let encryptData = await cipher.doFinal(plainText); 47e41f4b71Sopenharmony_ci return encryptData; 48e41f4b71Sopenharmony_ci } 49e41f4b71Sopenharmony_ci // Decrypt the message. 50e41f4b71Sopenharmony_ci async function decryptMessagePromise(privateKey: cryptoFramework.PriKey, cipherText: cryptoFramework.DataBlob) { 51e41f4b71Sopenharmony_ci let decoder = cryptoFramework.createCipher('SM2_256|SM3'); 52e41f4b71Sopenharmony_ci await decoder.init(cryptoFramework.CryptoMode.DECRYPT_MODE, privateKey, null); 53e41f4b71Sopenharmony_ci let decryptData = await decoder.doFinal(cipherText); 54e41f4b71Sopenharmony_ci return decryptData; 55e41f4b71Sopenharmony_ci } 56e41f4b71Sopenharmony_ci // Generate an SM2 key pair. 57e41f4b71Sopenharmony_ci async function genKeyPairByData(pubKeyData: Uint8Array, priKeyData: Uint8Array) { 58e41f4b71Sopenharmony_ci let pubKeyBlob: cryptoFramework.DataBlob = { data: pubKeyData }; 59e41f4b71Sopenharmony_ci let priKeyBlob: cryptoFramework.DataBlob = { data: priKeyData }; 60e41f4b71Sopenharmony_ci let sm2Generator = cryptoFramework.createAsyKeyGenerator('SM2_256'); 61e41f4b71Sopenharmony_ci let keyPair = await sm2Generator.convertKey(pubKeyBlob, priKeyBlob); 62e41f4b71Sopenharmony_ci console.info('convertKey success'); 63e41f4b71Sopenharmony_ci return keyPair; 64e41f4b71Sopenharmony_ci } 65e41f4b71Sopenharmony_ci async function main() { 66e41f4b71Sopenharmony_ci let pkData = new Uint8Array([48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 129, 28, 207, 85, 1, 130, 45, 3, 66, 0, 4, 90, 3, 58, 157, 190, 248, 76, 7, 132, 200, 151, 208, 112, 230, 96, 140, 90, 238, 211, 155, 128, 109, 248, 40, 83, 214, 78, 42, 104, 106, 55, 148, 249, 35, 61, 32, 221, 135, 143, 100, 45, 97, 194, 176, 52, 73, 136, 174, 40, 70, 70, 34, 103, 103, 161, 99, 27, 187, 13, 187, 109, 244, 13, 7]); 67e41f4b71Sopenharmony_ci let skData = new Uint8Array([48, 49, 2, 1, 1, 4, 32, 54, 41, 239, 240, 63, 188, 134, 113, 31, 102, 149, 203, 245, 89, 15, 15, 47, 202, 170, 60, 38, 154, 28, 169, 189, 100, 251, 76, 112, 223, 156, 159, 160, 10, 6, 8, 42, 129, 28, 207, 85, 1, 130, 45]); 68e41f4b71Sopenharmony_ci let keyPair = await genKeyPairByData(pkData, skData); 69e41f4b71Sopenharmony_ci let pubKey = keyPair.pubKey; 70e41f4b71Sopenharmony_ci let priKey = keyPair.priKey; 71e41f4b71Sopenharmony_ci let message = 'This is a test'; 72e41f4b71Sopenharmony_ci // Decode the string into a Uint8Array in UTF-8 format. 73e41f4b71Sopenharmony_ci let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) }; 74e41f4b71Sopenharmony_ci let encryptText = await encryptMessagePromise(pubKey, plainText); 75e41f4b71Sopenharmony_ci let decryptText = await decryptMessagePromise(priKey, encryptText); 76e41f4b71Sopenharmony_ci if (plainText.data.toString() === decryptText.data.toString()) { 77e41f4b71Sopenharmony_ci console.info('decrypt ok'); 78e41f4b71Sopenharmony_ci // Encode the Uint8Array into a string in UTF-8 format. 79e41f4b71Sopenharmony_ci let messageDecrypted = buffer.from(decryptText.data).toString('utf-8'); 80e41f4b71Sopenharmony_ci console.info('decrypted result string:' + messageDecrypted); 81e41f4b71Sopenharmony_ci } else { 82e41f4b71Sopenharmony_ci console.error('decrypt failed'); 83e41f4b71Sopenharmony_ci } 84e41f4b71Sopenharmony_ci } 85e41f4b71Sopenharmony_ci ``` 86e41f4b71Sopenharmony_ci 87e41f4b71Sopenharmony_ci- Example (using synchronous APIs): 88e41f4b71Sopenharmony_ci 89e41f4b71Sopenharmony_ci ```ts 90e41f4b71Sopenharmony_ci import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 91e41f4b71Sopenharmony_ci import { buffer } from '@kit.ArkTS'; 92e41f4b71Sopenharmony_ci 93e41f4b71Sopenharmony_ci // Encrypt the message. 94e41f4b71Sopenharmony_ci function encryptMessage(publicKey: cryptoFramework.PubKey, plainText: cryptoFramework.DataBlob) { 95e41f4b71Sopenharmony_ci let cipher = cryptoFramework.createCipher('SM2_256|SM3'); 96e41f4b71Sopenharmony_ci cipher.initSync(cryptoFramework.CryptoMode.ENCRYPT_MODE, publicKey, null); 97e41f4b71Sopenharmony_ci let encryptData = cipher.doFinalSync(plainText); 98e41f4b71Sopenharmony_ci return encryptData; 99e41f4b71Sopenharmony_ci } 100e41f4b71Sopenharmony_ci // Decrypt the message. 101e41f4b71Sopenharmony_ci function decryptMessage(privateKey: cryptoFramework.PriKey, cipherText: cryptoFramework.DataBlob) { 102e41f4b71Sopenharmony_ci let decoder = cryptoFramework.createCipher('SM2_256|SM3'); 103e41f4b71Sopenharmony_ci decoder.initSync(cryptoFramework.CryptoMode.DECRYPT_MODE, privateKey, null); 104e41f4b71Sopenharmony_ci let decryptData = decoder.doFinalSync(cipherText); 105e41f4b71Sopenharmony_ci return decryptData; 106e41f4b71Sopenharmony_ci } 107e41f4b71Sopenharmony_ci // Generate an SM2 key pair. 108e41f4b71Sopenharmony_ci async function genKeyPairByData(pubKeyData: Uint8Array, priKeyData: Uint8Array) { 109e41f4b71Sopenharmony_ci let pubKeyBlob: cryptoFramework.DataBlob = { data: pubKeyData }; 110e41f4b71Sopenharmony_ci let priKeyBlob: cryptoFramework.DataBlob = { data: priKeyData }; 111e41f4b71Sopenharmony_ci let sm2Generator = cryptoFramework.createAsyKeyGenerator('SM2_256'); 112e41f4b71Sopenharmony_ci let keyPair = await sm2Generator.convertKey(pubKeyBlob, priKeyBlob); 113e41f4b71Sopenharmony_ci console.info('convertKey success'); 114e41f4b71Sopenharmony_ci return keyPair; 115e41f4b71Sopenharmony_ci } 116e41f4b71Sopenharmony_ci async function main() { 117e41f4b71Sopenharmony_ci let pkData = new Uint8Array([48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 129, 28, 207, 85, 1, 130, 45, 3, 66, 0, 4, 90, 3, 58, 157, 190, 248, 76, 7, 132, 200, 151, 208, 112, 230, 96, 140, 90, 238, 211, 155, 128, 109, 248, 40, 83, 214, 78, 42, 104, 106, 55, 148, 249, 35, 61, 32, 221, 135, 143, 100, 45, 97, 194, 176, 52, 73, 136, 174, 40, 70, 70, 34, 103, 103, 161, 99, 27, 187, 13, 187, 109, 244, 13, 7]); 118e41f4b71Sopenharmony_ci let skData = new Uint8Array([48, 49, 2, 1, 1, 4, 32, 54, 41, 239, 240, 63, 188, 134, 113, 31, 102, 149, 203, 245, 89, 15, 15, 47, 202, 170, 60, 38, 154, 28, 169, 189, 100, 251, 76, 112, 223, 156, 159, 160, 10, 6, 8, 42, 129, 28, 207, 85, 1, 130, 45]); 119e41f4b71Sopenharmony_ci let keyPair = await genKeyPairByData(pkData, skData); 120e41f4b71Sopenharmony_ci let pubKey = keyPair.pubKey; 121e41f4b71Sopenharmony_ci let priKey = keyPair.priKey; 122e41f4b71Sopenharmony_ci let message = 'This is a test'; 123e41f4b71Sopenharmony_ci // Decode the string into a Uint8Array in UTF-8 format. 124e41f4b71Sopenharmony_ci let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) }; 125e41f4b71Sopenharmony_ci let encryptText = encryptMessage(pubKey, plainText); 126e41f4b71Sopenharmony_ci let decryptText = decryptMessage(priKey, encryptText); 127e41f4b71Sopenharmony_ci if (plainText.data.toString() === decryptText.data.toString()) { 128e41f4b71Sopenharmony_ci console.info('decrypt ok'); 129e41f4b71Sopenharmony_ci // Encode the Uint8Array into a string in UTF-8 format. 130e41f4b71Sopenharmony_ci let messageDecrypted = buffer.from(decryptText.data).toString('utf-8'); 131e41f4b71Sopenharmony_ci console.info('decrypted result string:' + messageDecrypted); 132e41f4b71Sopenharmony_ci } else { 133e41f4b71Sopenharmony_ci console.error('decrypt failed'); 134e41f4b71Sopenharmony_ci } 135e41f4b71Sopenharmony_ci } 136e41f4b71Sopenharmony_ci ``` 137