1# 使用X25519进行密钥协商 2 3 4对应的算法规格请查看[密钥协商算法规格:X25519](crypto-key-agreement-overview.md#x25519)。 5 6 7## 开发步骤 8 91. 调用[cryptoFramework.createAsyKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateasykeygenerator)、[AsyKeyGenerator.generateKeyPair](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatekeypair-1)、[AsyKeyGenerator.convertKey](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#convertkey-3)生成密钥算法为X25519的非对称密钥(KeyPair)。 10 如何生成X25519非对称密钥,开发者可参考下文示例,并结合[非对称密钥生成和转换规格:X25519](crypto-asym-key-generation-conversion-spec.md#x25519)和[随机生成非对称密钥对](crypto-generate-asym-key-pair-randomly.md)理解,参考文档与当前示例可能存在入参差异,请在阅读时注意区分。 11 122. 调用[cryptoFramework.createKeyAgreement](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatekeyagreement),指定字符串参数'X25519',创建密钥算法为X25519的密钥协议生成器(KeyAgreement)。 13 143. 调用[KeyAgreement.generateSecret](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatesecret-1),基于传入的私钥(KeyPair.priKey)与公钥(KeyPair.pubKey)进行密钥协商,返回共享秘密。 15 16- 以使用await方式,完成密钥协商为例: 17 18 ```ts 19 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 20 21 async function x25519Await() { 22 // 假设此公私钥对数据为外部传入 23 let pubKeyArray = new Uint8Array([48, 42, 48, 5, 6, 3, 43, 101, 110, 3, 33, 0, 36, 98, 216, 106, 74, 99, 179, 203, 81, 145, 147, 101, 139, 57, 74, 225, 119, 196, 207, 0, 50, 232, 93, 147, 188, 21, 225, 228, 54, 251, 230, 52]); 24 let priKeyArray = new Uint8Array([48, 46, 2, 1, 0, 48, 5, 6, 3, 43, 101, 110, 4, 34, 4, 32, 112, 65, 156, 73, 65, 89, 183, 39, 119, 229, 110, 12, 192, 237, 186, 153, 21, 122, 28, 176, 248, 108, 22, 242, 239, 179, 106, 175, 85, 65, 214, 90]); 25 let keyGen = cryptoFramework.createAsyKeyGenerator('X25519'); 26 // 外部传入的公私钥对A 27 let keyPairA = await keyGen.convertKey({ data: pubKeyArray }, { data: priKeyArray }); 28 // 内部生成的公私钥对B 29 let keyPairB = await keyGen.generateKeyPair(); 30 let keyAgreement = cryptoFramework.createKeyAgreement('X25519'); 31 // 使用A的公钥和B的私钥进行密钥协商 32 let secret1 = await keyAgreement.generateSecret(keyPairB.priKey, keyPairA.pubKey); 33 // 使用A的私钥和B的公钥进行密钥协商 34 let secret2 = await keyAgreement.generateSecret(keyPairA.priKey, keyPairB.pubKey); 35 // 两种协商的结果应当一致 36 if (secret1.data.toString() == secret2.data.toString()) { 37 console.info('x25519 success'); 38 console.info('x25519 output is ' + secret1.data); 39 } else { 40 console.error('x25519 result is not equal'); 41 } 42 } 43 ``` 44 45- 同步方法示例: 46 47 ```ts 48 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 49 50 function x25519Await() { 51 // 假设此公私钥对数据为外部传入 52 let pubKeyArray = new Uint8Array([48, 42, 48, 5, 6, 3, 43, 101, 110, 3, 33, 0, 36, 98, 216, 106, 74, 99, 179, 203, 81, 145, 147, 101, 139, 57, 74, 225, 119, 196, 207, 0, 50, 232, 93, 147, 188, 21, 225, 228, 54, 251, 230, 52]); 53 let priKeyArray = new Uint8Array([48, 46, 2, 1, 0, 48, 5, 6, 3, 43, 101, 110, 4, 34, 4, 32, 112, 65, 156, 73, 65, 89, 183, 39, 119, 229, 110, 12, 192, 237, 186, 153, 21, 122, 28, 176, 248, 108, 22, 242, 239, 179, 106, 175, 85, 65, 214, 90]); 54 let keyGen = cryptoFramework.createAsyKeyGenerator('X25519'); 55 // 外部传入的公私钥对A 56 let keyPairA = keyGen.convertKeySync({ data: pubKeyArray }, { data: priKeyArray }); 57 // 内部生成的公私钥对B 58 let keyPairB = keyGen.generateKeyPairSync(); 59 let keyAgreement = cryptoFramework.createKeyAgreement('X25519'); 60 // 使用A的公钥和B的私钥进行密钥协商 61 let secret1 = keyAgreement.generateSecretSync(keyPairB.priKey, keyPairA.pubKey); 62 // 使用A的私钥和B的公钥进行密钥协商 63 let secret2 = keyAgreement.generateSecretSync(keyPairA.priKey, keyPairB.pubKey); 64 // 两种协商的结果应当一致 65 if (secret1.data.toString() == secret2.data.toString()) { 66 console.info('x25519 success'); 67 console.info('x25519 output is ' + secret1.data); 68 } else { 69 console.error('x25519 result is not equal'); 70 } 71 } 72 ``` 73