Crypto类
在ECMAScript术语中,Crypto实际上是GlobalPlatform脚本语言的Native对象,此对象的常量始终可用,在Application、GPApplication和GPSecurityDomain类中也包含了Crypto的实例对象。在标准的GlobalPlatform脚本语言中,是不允许通过New的方式实例化Crypto对象的,但在本GPTS脚本语言系统中允许的。
Constants 常量
| Type | Name | Description |
|---|---|---|
| Number | RSA | RSA algorithm |
| Number | DES_CBC | Cipher Block Chaining encryption using DES |
| Number | DES_ECB | Electronic Cook Book encryption using DES |
| Number | SM4_CBC | Cipher Block Chaining encryption using SM4 |
| Number | SM4_ECB | Electronic Cook Book encryption using SM4 |
| Number | AES_CBC | Cipher Block Chaining encryption using AES |
| Number | AES_ECB | Electronic Cook Book encryption using AES |
| Number | AES_CTR | Segmented Integer Counter (CTR) encryption using AES |
| Number | AES_CMAC | Message Authentication Code (MAC) acccording to NIST Special Publication 800-38B |
| Number | MD5 | MD5 message digest algorithm |
| Number | SHA_1 | SHA-1 message digest algorithm |
| Number | DES_MAC | Message authentication code using 3DES for each block |
| Number | SM4_CMAC | Message authentication code using SM4 for each block |
| Number | DES_MAC_EMV | Message authentication code using DES for each block and 3DES for final block (Retail MAC) |
| Number | DES_CBC_LP | Variant of DES_CBC encryption used for wrap operations (Length Key ISOPadding) |
| Number | DES_CBC_P | Variant of DES_CBC encryption used for wrap operations (Key ISOPadding) |
| Number | DES_ECB_LP | Variant of DES_ECB encryption used for wrap operations (Length Key ISOPadding) |
| Number | DES_ECB_P | Variant of DES_ECB encryption used for wrap operations (Key ISOPadding) |
| Number | ISO9797_METHOD_1 | Padding method according to ISO 9797 with 8 byte block size |
| Number | ISO9797_METHOD_2 | Padding method according to ISO 9797 with 8 byte block size |
| Number | DES | Constant to denote a single length (56 bit) DES key in generateKey() |
Properties 成员属性
Crypto类没有属性。
Methods 成员方法
Crypto()
构造函数,通过设定属性创建一个Crypto对象。
Arguments参数
| None |
|---|
decrypt()
原型:
ByteString decrypt(Key value, Number mech, ByteString data)
ByteString decrypt(Key value, Number mech, ByteString data, ByteString iv)
使用密钥对数据执行指定算法的解密运算,如果mech指定的算法是Crypto.DES_CBC,那么iv参数必须是传入一个初始向量,其它算法可以忽略。根据加密设备的不同,由decryptMech和encryptMech参数分别指定的解密算法和加密算法的某些组合可能不兼容。同样,加密设备可能根本不支持某些算法。在这两种情况下,应使用GPError.INVALID_MECH值抛出GPError对象。
Arguments参数
| Name | Type | Description |
|---|---|---|
| value | Key | Key object to use in decrypt() operation. |
| mech | Number | Crypto.DES_ECB、Crypto.DES_CBC 、Crypto.RSA |
| data | ByteString | Data to encrypt. |
| iv | ByteString | Initial vector to use if provided and depending if required by the algorithm specified by the mechmech parameter. Only valid for Crypto.DES_CBC. |
Returns返回
| Type | Description |
|---|---|
| ByteString | A new ByteString object containing the decrypted data. |
Exceptions异常
| Value | Description |
|---|---|
| GPError.ARGUMENTS_MISSING | 参数缺失 |
| GPError.DEVICE_ERROR | 设备错误 |
| GPError.KEY_NOT_FOUND | 密钥未找到 |
| GPError.INVALID_ARGUMENTS | 参数无效,格式错误或数据非法 |
| GPError.INVALID_DATA | 数据无效 |
| GPError.INVALID_KEY | 传入密钥无效 |
| GPError.INVALID_MECH | 算法参数无效 |
| GPError.INVALID_TYPE | 参数数据类型无效 |
| GPError.INVALID_USAGE | 密钥用途无效 |
| GPError.UNDEFINED | 未定义 |
| GPError.UNSUPPORTED | 调用未被支持 |
Example示例
try
{
var $2B00000002 = {
profileVersion : "2.0.0",
objVersion : "2.0.1",
profileOID : "2B00000002",
profileID : "0000000002",
owner : "GloablPlatform",
type : Key.SECRET,
subType : Key.DES,
size : 128,
usage : 0 | Key.ENCRYPT | Key.DECRYPT | Key.DECRYPT_ENCRYPT | Key.UNWRAP | Key.WRAP | Key.UNWRAP_WRAP | Key.SIGN | Key.VERIFY | Key.DERIVE,
attribute : 0 | Key.EXPORTABLE | Key.IMPORTABLE
};
var key07 = new Key($2B00000002);
key07.setComponent(Key.DES,new ByteString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",HEX));
//Instantiate crypto service
var crypto = new Crypto();
var data = new ByteString("11223344556677881122334455667788",HEX);
var reslt = crypto.decrypt(key07,Crypto.DES_ECB,data);
Print("key07 DES ECB reslt : " + reslt.toString(HEX));
}
catch (e)
{
Print("Exception : " + e.className + "," + e.error + "," + e.reason + "," + e.message);
}
decryptEncrypt()
原型:
ByteString decryptEncrypt(Key decryptKey, Number decryptMech, Key encryptKey, Number encryptMech, ByteString data)
ByteString decryptEncrypt(Key decryptKey, Number decryptMech, Key encryptKey, Number encryptMech, ByteString data, ByteString decryptIV)
ByteString decryptEncrypt(Key decryptKey, Number decryptMech, Key encryptKey, Number encryptMech, ByteString data, ByteString decryptIv, ByteString encryptIV)
转加密运算,使用decryptKey参数指定的密钥、decryptMech参数指定的算法执行解密操作,然后立即使用作为encryptKey传递的密钥和作为encryptMech传递的机制执行加密操作。
如果decryptMech属性指定的算法需要初始值参数,如Crypto.DES_CBC或Crypto.DES_EBC,则初始参数将按照decryptIV中的指定使用,否则将忽略。
此外,如果encryptMech参数指定的机制需要参数,则使用encryptIV参数,否则将忽略该参数。
根据加密设备的不同,由decryptMech和encryptMech参数分别指定的解密算法和加密算法的某些组合可能不兼容。同样,加密设备可能根本不支持某些算法。在这两种情况下,应使用GPError.INVALID_MECH值抛出GPError对象。
如果加密设备不支持某些算法组合,则应引发异常。
Arguments参数
| Name | Type | Description |
|---|---|---|
| decryptKey | Key | Key object to use in decrypt operation. |
| decryptMech | Number | Crypto.DES_ECB、Crypto.DES_CBC、Crypto.AES_ECB、Crypto.AES_CBC、Crypto.SM4_ECB、Crypto.SM4_CBC 、Crypto.RSA |
| encryptKey | Key | Key object to use in encrypt operation. |
| encryptMech | Number | Crypto.DES_ECB、Crypto.DES_CBC 、Crypto.AES_ECB、Crypto.AES_CBC、Crypto.SM4_ECB、Crypto.SM4_CBC 、Crypto.RSA |
| data | ByteString | Data to encrypt. |
| decryptIV | ByteString | Initial vector to use for the decrypt operation if provided and depending if the value Crypto.DES_CBC for the parameter decryptMech is specified. If provided and not required, it will be ignored. If an encryptIV is specified, the invocation of the method requires that a decryptIV must always be provided even if it is null. |
| encryptIV | ByteString | Initial vector to use for the encrypt operation if provided and depending if Crypto.DES_CBC encryptMech value specified. If provided and not required, this parameter will be ignored. |
Returns返回
| Type | Description |
|---|---|
| ByteString | A new ByteString containing the result of the decrypt and encrypt operations on data. |
Exceptions异常
| Value | Description |
|---|---|
| GPError.ARGUMENTS_MISSING | 参数缺失 |
| GPError.DEVICE_ERROR | 设备错误 |
| GPError.KEY_NOT_FOUND | 密钥未找到 |
| GPError.INVALID_ARGUMENTS | 参数无效,格式错误或数据非法 |
| GPError.INVALID_DATA | 数据无效 |
| GPError.INVALID_KEY | 传入密钥无效 |
| GPError.INVALID_MECH | 算法参数无效 |
| GPError.INVALID_TYPE | 参数数据类型无效 |
| GPError.INVALID_USAGE | 密钥用途无效 |
| GPError.UNDEFINED | 未定义 |
| GPError.UNSUPPORTED | 调用未被支持 |
Example示例
try
{
var $2B00000001 = {
profileVersion : "2.0.0",
objVersion : "2.0.1",
profileOID : "2B00000001",
profileID : "0000000001",
owner : "GloablPlatform",
type : Key.SECRET,
subType : Key.DES,
size : 128,
usage : 0 | Key.ENCRYPT | Key.DECRYPT | Key.DECRYPT_ENCRYPT | Key.UNWRAP | Key.WRAP | Key.UNWRAP_WRAP | Key.SIGN | Key.VERIFY | Key.DERIVE,
attribute : 0 | Key.EXPORTABLE | Key.IMPORTABLE
};
var $2B00000002 = {
profileVersion : "2.0.0",
objVersion : "2.0.1",
profileOID : "2B00000002",
profileID : "0000000002",
owner : "GloablPlatform",
type : Key.SECRET,
subType : Key.DES,
size : 128,
usage : 0 | Key.ENCRYPT | Key.DECRYPT | Key.DECRYPT_ENCRYPT | Key.UNWRAP | Key.WRAP | Key.UNWRAP_WRAP | Key.SIGN | Key.VERIFY | Key.DERIVE,
attribute : 0 | Key.EXPORTABLE | Key.IMPORTABLE
};
var key07 = new Key($2B00000002);
var key09 = new Key($2B00000001);
key07.setComponent(Key.DES,new ByteString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",HEX));
key09.setComponent(Key.DES,new ByteString("11112233445566778899AABBCCDDEEFF",HEX));
//Instantiate crypto service
var crypto = new Crypto();
var data = new ByteString("11223344556677881122334455667788",HEX);
var reslt = crypto.encrypt(key07,Crypto.DES_ECB_LP,data);
Print("key07 DES ECB reslt : " + reslt.toString(HEX));
resltDe = crypto.decryptEncrypt(key07,Crypto.DES_ECB,key09,Crypto.DES_ECB_LP,reslt);
Print("key09 DES ECB Crypto,Decrypto with key07 reslt : " + resltDe.toString(HEX));
}
catch (e)
{
Print("Exception : " + e.className + "," + e.error + "," + e.reason + "," + e.message);
}
deriveKey()
原型:
deriveKey (Key masterKey, Number mech, ByteString data, Key derivedKey)
使用指定的masterKey参数和mech参数指定的算法导出密钥derivedKey。data参数用于指定操作中要使用的分散因子数据。
Arguments参数
| Name | Type | Description |
|---|---|---|
| masterkey | Key | Key object to derive from. |
| mech | Number | Crypto.DES_ECB、Crypto.DES_CBC |
| data | ByteString | Deriviation data to use. |
| derivedKey | Key | Key object to derive.This parameter will be modified upon successful execution of this method. |
Returns返回
| None |
|---|
Exceptions异常
| Value | Description |
|---|---|
| GPError.ARGUMENTS_MISSING | 参数缺失 |
| GPError.DEVICE_ERROR | 设备错误 |
| GPError.KEY_NOT_FOUND | 密钥未找到 |
| GPError.INVALID_ARGUMENTS | 参数无效,格式错误或数据非法 |
| GPError.INVALID_DATA | 数据无效 |
| GPError.INVALID_KEY | 传入密钥无效 |
| GPError.INVALID_MECH | 算法参数无效 |
| GPError.INVALID_TYPE | 参数数据类型无效 |
| GPError.INVALID_USAGE | 密钥用途无效 |
| GPError.UNDEFINED | 未定义 |
| GPError.UNSUPPORTED | 调用未被支持 |
Example示例
try
{
var $2B00000002 = {
profileVersion : "2.0.0",
objVersion : "2.0.1",
profileOID : "2B00000002",
profileID : "0000000002",
owner : "GloablPlatform",
type : Key.SECRET,
subType : Key.DES,
size : 128,
usage : 0 | Key.ENCRYPT | Key.DECRYPT | Key.DECRYPT_ENCRYPT | Key.UNWRAP | Key.WRAP | Key.UNWRAP_WRAP | Key.SIGN | Key.VERIFY | Key.DERIVE,
attribute : 0 | Key.EXPORTABLE | Key.IMPORTABLE
};
var key07 = new Key($2B00000002);
key07.setComponent(Key.DES,new ByteString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",HEX));
//Instantiate crypto service
var crypto = new Crypto();
var data = new ByteString("1122334455667788",HEX);
var key09 = new Key($2B00000002);
crypto.deriveKey(key07,Crypto.DES_ECB,data,key09);
Print("key09 DES ECB derive reslt : " + key09.getComponent(Key.DES));
Print("key09 DES ECB derive reslt : " + key09.getComponent(Key.DES).toString(HEX));
}
catch (e)
{
Print("Exception : " + e.className + "," + e.error + "," + e.reason + "," + e.message);
}
digest()
原型:
ByteString digest(Number digestMech, ByteString data)
使用mech参数指定的算法创建指定数据的摘要
Arguments参数
| Name | Type | Description |
|---|---|---|
| digestMech | Number | Crypto.SHA_1、Crypto.MD5 |
| data | ByteString | Data to operate on. |
Returns返回
| Type | Description |
|---|---|
| ByteString | A ByteString containing the digest of data. |
Exceptions异常
| Value | Description |
|---|---|
| GPError.ARGUMENTS_MISSING | 参数缺失 |
| GPError.DEVICE_ERROR | 设备错误 |
| GPError.INVALID_ARGUMENTS | 参数无效,格式错误或数据非法 |
| GPError.INVALID_DATA | 数据无效 |
| GPError.INVALID_MECH | 算法参数无效 |
| GPError.INVALID_TYPE | 参数数据类型无效 |
| GPError.UNDEFINED | 未定义 |
| GPError.UNSUPPORTED | 调用未被支持 |
Example示例
try
{
var cry = new Crypto();
var data = new ByteString("1122334455667788", HEX);
var digestResltSha1 = cry.digest(Crypto.SHA_1,data);
Print("Sha1 : " + digestResltSha1);
var digestResltMD5 = cry.digest(Crypto.MD5,data);
Print("MD5 : " + digestResltMD5);
}
catch (e)
{
Print("Exception : " + e.className + "," + e.error + "," + e.reason + "," + e.message);
}
encrypt()
原型:
ByteString encrypt(Key value, Number mech, ByteString data)
ByteString encrypt(Key value, Number mech, ByteString data, ByteString iv)
使用value参数指定的密钥和mech参数指定的算法执行加密操作。如果mech参数指定的算法需要初始向量,如Crypto.DES_CBC,则提供初始向量。否则,即使提供了iv,也会忽略它。
Arguments参数
| Name | Type | Description |
|---|---|---|
| value | Key | Key object to use in encrypt operation. |
| mech | Number | Crypto.DES_ECB、Crypto.DES_CBC、Crypto.AES_ECB、Crypto.AES_CBC、Crypto.SM4_ECB、Crypto.SM4_CBC、Crypto.RSA |
| data | ByteString | Data to operate on. |
Returns返回
| Type | Description |
|---|---|
| ByteString | A ByteString containing the digest of data. |
Exceptions异常
| Value | Description |
|---|---|
| GPError.ARGUMENTS_MISSING | 参数缺失 |
| GPError.DEVICE_ERROR | 设备错误 |
| GPError.KEY_NOT_FOUND | 密钥未找到 |
| GPError.INVALID_ARGUMENTS | 参数无效,格式错误或数据非法 |
| GPError.INVALID_DATA | 数据无效 |
| GPError.INVALID_KEY | 传入密钥无效 |
| GPError.INVALID_MECH | 算法参数无效 |
| GPError.INVALID_TYPE | 参数数据类型无效 |
| GPError.INVALID_USAGE | 密钥用途无效 |
| GPError.UNDEFINED | 未定义 |
| GPError.UNSUPPORTED | 调用未被支持 |
Example示例
try
{
var $2B00000002 = {
profileVersion : "2.0.0",
objVersion : "2.0.1",
profileOID : "2B00000002",
profileID : "0000000002",
owner : "GloablPlatform",
type : Key.SECRET,
subType : Key.DES,
size : 128,
usage : 0 | Key.ENCRYPT | Key.DECRYPT | Key.DECRYPT_ENCRYPT | Key.UNWRAP | Key.WRAP | Key.UNWRAP_WRAP | Key.SIGN | Key.VERIFY | Key.DERIVE,
attribute : 0 | Key.EXPORTABLE | Key.IMPORTABLE
};
var key07 = new Key($2B00000002);
key07.setComponent(Key.DES,new ByteString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",HEX));
//Instantiate crypto service
var crypto = new Crypto();
var data = new ByteString("11223344556677881122334455667788",HEX);
var reslt = crypto.encrypt(key07,Crypto.DES_ECB_LP,data);
Print("key07 DES ECB reslt : " + reslt.toString(HEX));
}
catch (e)
{
Print("Exception : " + e.className + "," + e.error + "," + e.reason + "," + e.message);
}
generateKey()
原型:
generateKey(Number mech, Key keyToGen)
生成对称密钥,使用mech参数指定的算法生成密钥,要生成的密钥必须已作为密钥对象存在。为了确保这一点,在标准的GP脚本语言系统中,必须在希望使用此方法的脚本的相应Application Profile中定义密钥。在目前的GPTS版本中还暂不支持Application Profile,但与标准的GP脚本语言系统一样,要生成的密钥必须已作为密钥对象存在(这点非常重要,不然会抛出GPError.UNDEFINED或GPError.KEY_NOT_FOUND的异常)。
要生成的密钥的功能将由Key Profile中的密钥引用的密钥配置文件定义指定。最小的特点是,密钥将作为允许的操作生成密钥。此外,密钥类型必须与mech参数中指定的算法兼容。
Arguments参数
| Name | Type | Description |
|---|---|---|
| mech | Number | Crypto.DES、Crypto.DES2 |
| keyToGen | Key | The key object to generate. |
Returns返回
| None |
|---|
Exceptions异常
| Value | Description |
|---|---|
| GPError.ARGUMENTS_MISSING | 参数缺失 |
| GPError.DEVICE_ERROR | 设备错误 |
| GPError.KEY_NOT_FOUND | 密钥未找到 |
| GPError.INVALID_ARGUMENTS | 参数无效,格式错误或数据非法 |
| GPError.INVALID_DATA | 数据无效 |
| GPError.INVALID_KEY | 传入密钥无效 |
| GPError.INVALID_MECH | 算法参数无效 |
| GPError.INVALID_TYPE | 参数数据类型无效 |
| GPError.INVALID_USAGE | 密钥用途无效 |
| GPError.UNDEFINED | 未定义 |
| GPError.UNSUPPORTED | 调用未被支持 |
Example示例
try
{
var $2B00000002 = {
profileVersion : "2.0.0",
objVersion : "2.0.1",
profileOID : "2B00000002",
profileID : "0000000002",
owner : "GloablPlatform",
type : Key.SECRET,
subType : Key.DES,
size : 128,
usage : 0 | Key.ENCRYPT | Key.DECRYPT | Key.DECRYPT_ENCRYPT | Key.UNWRAP | Key.WRAP | Key.UNWRAP_WRAP | Key.SIGN | Key.VERIFY | Key.DERIVE,
attribute : 0 | Key.EXPORTABLE | Key.IMPORTABLE
};
//Instantiate crypto service
var crypto = new Crypto();
var data = new ByteString("1122334455667788",HEX);
var key09 = new Key($2B00000002);
crypto.generateKey(Crypto.DES2,key09);
Print("key09 DES ECB generate reslt : " + key09.getComponent(Key.DES));
Print("key09 DES ECB generate reslt : " + key09.getComponent(Key.DES).toString(HEX));
}
catch (e)
{
Print("Exception : " + e.className + "," + e.error + "," + e.reason + "," + e.message);
}
generateKeyPair()
原型:
generateKeyPair(Number mech, Key publicKey, Key privateKey)
生成非对称密钥对,使用mech参数指定的算法以及代表公钥的publicKey和私钥privateKey参数指定的密钥对生成公钥/私钥对。要生成的两个关键部分必须已经作为关键对象存在。为了确保这一点,必须在希望使用此方法的脚本的相应Application Profile文件中定义这两个Key。
要生成的每个Key的分组的特征将由Application Profile文件中的密钥Key引用的Key Profile文件定义指定。最小的特点是,密钥Key的属性必须将生成密钥对作为允许的操作(在GPTS系统中是默认允许的)。此外,Key Profile文件中密钥Key的类型必须与mech参数中指定的算法兼容。
Arguments参数
| Name | Type | Description |
|---|---|---|
| mech | Number | Crypto.RSA |
| publicKey | Key | Public key part to generate. |
| privateKey | Key | Private key part to generate. |
Returns返回
| None |
|---|
Exceptions异常
| Value | Description |
|---|---|
| GPError.ARGUMENTS_MISSING | 参数缺失 |
| GPError.DEVICE_ERROR | 设备错误 |
| GPError.KEY_NOT_FOUND | 密钥未找到 |
| GPError.INVALID_ARGUMENTS | 参数无效,格式错误或数据非法 |
| GPError.INVALID_DATA | 数据无效 |
| GPError.INVALID_KEY | 传入密钥无效 |
| GPError.INVALID_MECH | 算法参数无效 |
| GPError.INVALID_TYPE | 参数数据类型无效 |
| GPError.INVALID_USAGE | 密钥用途无效 |
| GPError.UNDEFINED | 未定义 |
| GPError.UNSUPPORTED | 调用未被支持 |
Example示例
try
{
var $2B00000003 = {
profileVersion : "2.0.0",
objVersion : "2.0.1",
profileOID : "2B00000003",
profileID : "0000000003",
owner : "GloablPlatform",
type : Key.PUBLIC,
subType : Key.RSA,
size : 1024,
usage : 0 | Key.ENCRYPT | Key.DECRYPT | Key.DECRYPT_ENCRYPT | Key.UNWRAP | Key.WRAP | Key.UNWRAP_WRAP | Key.SIGN | Key.VERIFY | Key.DERIVE,
attribute : 0 | Key.EXPORTABLE | Key.IMPORTABLE
};
var key0A = new Key($2B00000003);
var key0B = new Key($2B00000003);
//Instantiate crypto service
var crypto = new Crypto();
key0A.setComponent(Key.EXPONENT,new ByteString("010001",HEX));
key0A.setSize(1024);
Print("Generate RSA Key Pair........");
crypto.generateKeyPair(Crypto.RSA,key0A,key0B);
Print("Generate RSA Key Pair End");
Print("key0A Public key add is : " + key0A.getAdd());
Print("key0A Public key component EXPONENT is : " + key0A.getComponent(Key.EXPONENT).toString(HEX));
Print("key0A Public key component MODULUS is : " + key0A.getComponent(Key.MODULUS).toString(HEX));
Print("key0B Public key add is : " + key0B.getAdd());
Print("key0B Public key component EXPONENT is : " + key0B.getComponent(Key.EXPONENT).toString(HEX));
Print("key0B Public key component MODULUS is : " + key0B.getComponent(Key.MODULUS).toString(HEX));
}
catch (e)
{
Print("Exception : " + e.className + "," + e.error + "," + e.reason + "," + e.message);
}
generateRandom()
原型:
ByteString generateRandom(Number rdmLength)
生成指定长度的随机字节字符串。
Arguments参数
| Name | Type | Description |
|---|---|---|
| rdmLength | Number | Length of random data to generate in bytes. |
Returns返回
| Type | Description |
|---|---|
| ByteString | A ByteString with length bytes of random data. |
Exceptions异常
| Value | Description |
|---|---|
| GPError.ARGUMENTS_MISSING | 参数缺失 |
| GPError.INVALID_ARGUMENTS | 参数无效,格式错误或数据非法 |
| GPError.INVALID_DATA | 数据无效 |
| GPError.INVALID_TYPE | 参数数据类型无效 |
Example示例
try
{
var cry = new Crypto();
var random = cry.generateRandom(8);
Print("random : " + random);
}
catch (e)
{
Print("Exception : " + e.className + "," + e.error + "," + e.reason + "," + e.message);
}
sign()
原型:
ByteString sign(Key signingKey, Number signingMech, ByteString data)
ByteString sign(Key signingKey, Number signingMech, ByteString data, ByteString iv)
使用SigningKey参数指定的密钥和SigningMech参数指定的算法创建指定数据的签名。签名仅在signingKey为私钥时才相关,但signingKey为公钥时sign()操作仍然有效。初始向量参数iv是可选的,当SigningMech参数指定的算法为Crypto.DES_MAC或Crypto.DES_MAC_EMV有效,其它忽略。
Arguments参数
| Name | Type | Description |
|---|---|---|
| signingKey | Key | Key to use for signing operation. |
| signingMech | Number | Crypto.DES_MAC、Crypto.DES_MAC_EMV、Crypto.AES_CMAC、Crypto.SM4_CMAC |
| data | ByteString | Data to sign. |
| iv | ByteString | Optional initial vector. |
Returns返回
| Type | Description |
|---|---|
| ByteString | A ByteString containing the signature of data. |
Exceptions异常
| Value | Description |
|---|---|
| GPError.ARGUMENTS_MISSING | 参数缺失 |
| GPError.DEVICE_ERROR | 设备错误 |
| GPError.KEY_NOT_FOUND | 密钥未找到 |
| GPError.INVALID_ARGUMENTS | 参数无效,格式错误或数据非法 |
| GPError.INVALID_DATA | 数据无效 |
| GPError.INVALID_KEY | 传入密钥无效 |
| GPError.INVALID_MECH | 算法参数无效 |
| GPError.INVALID_TYPE | 参数数据类型无效 |
| GPError.INVALID_USAGE | 密钥用途无效 |
| GPError.UNDEFINED | 未定义 |
| GPError.UNSUPPORTED | 调用未被支持 |
Example示例
try
{
var $2B00000001 = {
profileVersion : "2.0.0",
objVersion : "2.0.1",
profileOID : "2B00000001",
profileID : "0000000001",
owner : "GloablPlatform",
type : Key.SECRET,
subType : Key.DES,
size : 128,
usage : 0 | Key.ENCRYPT | Key.DECRYPT | Key.DECRYPT_ENCRYPT | Key.UNWRAP | Key.WRAP | Key.UNWRAP_WRAP | Key.SIGN | Key.VERIFY | Key.DERIVE,
attribute : 0 | Key.EXPORTABLE | Key.IMPORTABLE
};
var $2B00000003 = {
profileVersion : "2.0.0",
objVersion : "2.0.1",
profileOID : "2B00000003",
profileID : "0000000003",
owner : "GloablPlatform",
type : Key.PUBLIC,
subType : Key.RSA,
size : 1024,
usage : 0 | Key.ENCRYPT | Key.DECRYPT | Key.DECRYPT_ENCRYPT | Key.UNWRAP | Key.WRAP | Key.UNWRAP_WRAP | Key.SIGN | Key.VERIFY | Key.DERIVE,
attribute : 0 | Key.EXPORTABLE | Key.IMPORTABLE
};
var key01 = new Key($2B00000001);
var key05 = new Key($2B00000003);
var key06 = new Key($2B00000003);
key01.setComponent(Key.DES,new ByteString("00112233445566778899AABBCCDDEEFF",HEX));
key05.setComponent(Key.EXPONENT,new ByteString("010001",HEX));
key05.setComponent(Key.MODULUS,new ByteString("BF290813CA2E9C2C61CC0370265A36B75FCFE5E433EE65265E64B17B6746B45ED3EFDA74B882909A422B2BB7444C41994297C30B0883E2DBC9505026100AF05F24F9432DD8D2002C774A57A05E0151EAF981C771F773574F34E88E36DFCAF8E1DE8C3961868859DD7303FF4A88FFBB29899480B51AA4EAA83DC01600CB3079CD",HEX));
key06.setComponent(Key.EXPONENT,new ByteString("751F54BD9B50F78B11D887FABCE4E5457144D5DBFE1D808803A9BA3C9BC86C56F58FADCF7A053547EE66B9002EAE723ACEDC613A6F5B2F31EEA4709701995230496D6C1A792A4CC99BE5B2F07B42442DC21C7CF8C66D1F474E29E5E1857D9F59EB4FFCE08A55F2B321D480BB86DED3CA6484B5DBFCF20730E83F4F250FE2B381",HEX));
key06.setComponent(Key.MODULUS,new ByteString("BF290813CA2E9C2C61CC0370265A36B75FCFE5E433EE65265E64B17B6746B45ED3EFDA74B882909A422B2BB7444C41994297C30B0883E2DBC9505026100AF05F24F9432DD8D2002C774A57A05E0151EAF981C771F773574F34E88E36DFCAF8E1DE8C3961868859DD7303FF4A88FFBB29899480B51AA4EAA83DC01600CB3079CD",HEX));
//Instantiate crypto service
var crypto = new Crypto();
//DES MAC EMV
reslt = crypto.sign(key01,Crypto.DES_MAC_EMV,new ByteString("1122334455667788",HEX),new ByteString("0000000000000000",HEX));
Print("key01 DES_MAC_EMV sign is : " + reslt.toString(HEX));
//AES_CMAC
reslt = crypto.sign(key01,Crypto.AES_CMAC,new ByteString("1122334455667788800000000000000080000000000000008000000000000000",HEX));
Print("key01 AES_CMAC sign is : " + reslt.toString(HEX));
//RSA
reslt = crypto.sign(key06,Crypto.RSA,new ByteString("11223344556677888",HEX));
Print("key06 RSA sign is : " + reslt.toString(HEX));
}
catch (e)
{
Print("Exception : " + e.className + "," + e.error + "," + e.reason + "," + e.message);
}
unwrap()
原型:
unwrap(Key keyToUnwrap, Key keyResult)
使用keyToUnwrap指定的密钥对象关联的WrapKey(密钥保护密钥)密钥对象隐式解密keyToUnwrap得到的明文密钥对象赋给keyResult。解密保护过程是通过GPTS脚本解释器和/或关联密钥管理系统的实现,解释器和/或关联密钥管理系统需要内部维护解密密钥、所需初始向量及所需的算法,算法和初始向量可以从keyToUnwrap的密钥配置文件中检索。
在标准的GP脚本语言系统中,要解密的keyToUnwrap参数必须已作为已经存在的Key对象。为了确保这一点,必须在希望使用此方法的脚本的相应Application Profile文件中定义密钥对象。在GPTS脚本语言系统中不需要Profile,但是一样需要已作为已经存在的Key对象。
在标准的GP脚本语言系统中,要解密的密钥的特征将由Application Profile文件中的密钥引用的Key Pfofile定义指定。此外,密钥类型必须与脚本主机环境和/或密钥管理系统使用的算法兼容。
Arguments参数
| Name | Type | Description |
|---|---|---|
| wrapKey | Key | The key to perform operation with. |
| keyResult | Key | The unwrapped key is placed in this object. |
Returns返回
| None |
|---|
Exceptions异常
| Value | Description |
|---|---|
| GPError.ARGUMENTS_MISSING | 参数缺失 |
| GPError.DEVICE_ERROR | 设备错误 |
| GPError.KEY_NOT_FOUND | 密钥未找到 |
| GPError.INVALID_KEY | 传入密钥无效 |
| GPError.INVALID_TYPE | 参数数据类型无效 |
| GPError.INVALID_USAGE | 密钥用途无效 |
| GPError.UNDEFINED | 未定义 |
| GPError.UNSUPPORTED | 调用未被支持 |
Example示例
try
{
var $2B00000001 = {
profileVersion : "2.0.0",
objVersion : "2.0.1",
profileOID : "2B00000001",
profileID : "0000000001",
owner : "GloablPlatform",
type : Key.SECRET,
subType : Key.DES,
size : 128,
usage : 0 | Key.ENCRYPT | Key.DECRYPT | Key.DECRYPT_ENCRYPT | Key.UNWRAP | Key.WRAP | Key.UNWRAP_WRAP | Key.SIGN | Key.VERIFY | Key.DERIVE,
attribute : 0 | Key.EXPORTABLE | Key.IMPORTABLE
};
var $2B00000002 = {
profileVersion : "2.0.0",
objVersion : "2.0.1",
profileOID : "2B00000002",
profileID : "0000000002",
owner : "GloablPlatform",
type : Key.SECRET,
subType : Key.DES,
size : 128,
usage : 0 | Key.ENCRYPT | Key.DECRYPT | Key.DECRYPT_ENCRYPT | Key.UNWRAP | Key.WRAP | Key.UNWRAP_WRAP | Key.SIGN | Key.VERIFY | Key.DERIVE,
attribute : 0 | Key.EXPORTABLE | Key.IMPORTABLE | Key.SENSITIVE
};
var key01 = new Key($2B00000001);
var key02 = new Key($2B00000002);
key01.setComponent(Key.DES,new ByteString("00112233445566778899AABBCCDDEEFF",HEX));
key02.setComponent(Key.DES,new ByteString("F4DCEA6B36902B8AF4DCEA6B36902B8A",HEX));
key02.setWrapKey(key01,Crypto.DES_ECB);
//Instantiate crypto service
var crypto = new Crypto();
pk = new Key($2B00000002);
crypto.unwrap(key02,pk);
Print("key02 unwrap key add is : " + pk.getAdd());
Print("key02 unwrap key component is : " + pk.getComponent(Key.DES).toString(HEX));
}
catch (e)
{
Print("Exception : " + e.className + "," + e.error + "," + e.reason + "," + e.message);
}
unwrapWrap()
原型:
unwrapWrap( Key wrapKey, Number wrapMech, Key keyToUW, Key keyResult)
unwrapWrap( Key wrapKey, Number wrapMech, Key keyToUW, Key keyResult, ByteString wrapIV)
使用keyToUW对象的getWrapKey()方法返回的key解密keyToUW中指定的key,然后使用wrapKey中提供的密钥及WrapTech指定的算法加密。转加密保护过程是通过GPTS脚本解释器和/或关联密钥管理系统的实现,解释器和/或关联密钥管理系统需要内部维护解密密钥、所需初始向量及所需的算法。如果wrapMech算法需要附加参数,则需要作为ByteString类型的wrapIV参数提供。
在标准的GP脚本语言系统中,对keyToUW要做转加密的Key必须作为存在的密钥对象。为了确保这一点,必须在希望使用此方法的脚本的相应Application Profile文件中定义密钥。
在标准的GP脚本语言系统中,对keyToUW要做转加密的Key的功能将由Application Profile文件中的密钥引用的Key Profile文件定义指定。此外,密钥的类型必须与用于解密和加密过程的算法兼容。
如果将wrapMech指定为Crypto.DES_CBC_P、Crypto.DES_CBC_LP、Crypto.DES_EBC_P或Crypto.DES_EBC_LP的类型,则结果keyResult的getComponent()和setComponent()方法作为获取和设置的方法调用的结果为按wrapMech指定的算法要求修改结果的填充值。例如,如果Crypto.DES_CBC_P被指定为wrapMech,则包装密钥上的结果getComponent()将返回“key value + padding”。
在标准的GP脚本语言系统中,根据加密设备的不同,对keyToUW解密算法和加密算法的某些组合可能不兼容。同样,加密设备可能根本不支持某些算法。在这两种情况下,都应该抛出GPError异常。
Arguments参数
| Name | Type | Description |
|---|---|---|
| wrapKey | Key | Key to perform wrap operation with. |
| wrapMech | Number | Crypto.DES_ECB 、Crypto.DES_ECB_LP、Crypto.DES_ECB_P、Crypto.DES_CBC、Crypto.DES_CBC_LP、Crypto.DES_CBC_P、Crypto.AES_ECB 、Crypto.AES_ECB_LP、Crypto.AES_ECB_P、Crypto.AES_CBC、Crypto.AES_CBC_LP、Crypto.AES_CBC_P、Crypto.SM4_ECB 、Crypto.SM4_ECB_LP、Crypto.SM4_ECB_P、Crypto.SM4_CBC、Crypto.SM4_CBC_LP、Crypto.SM4_CBC_P、Crypto.RSA |
| keyToUW | Key | Key to perform wrap and unwrap operation on. |
| keyResult | Key | The final result of the unwrapWrap operation on the keyToWU. |
| wrapIV | ByteString | Optional initial vector required by the wrapMech algorithm. |
Returns返回
| None |
|---|
Exceptions异常
| Value | Description |
|---|---|
| GPError.ARGUMENTS_MISSING | 参数缺失 |
| GPError.DEVICE_ERROR | 设备错误 |
| GPError.KEY_NOT_FOUND | 密钥未找到 |
| GPError.INVALID_KEY | 传入密钥无效 |
| GPError.INVALID_MECH | 算法无效 |
| GPError.INVALID_TYPE | 参数数据类型无效 |
| GPError.INVALID_USAGE | 密钥用途无效 |
| GPError.UNDEFINED | 未定义 |
| GPError.UNSUPPORTED | 调用未被支持 |
Example示例
try
{
var $2B00000001 = {
profileVersion : "2.0.0",
objVersion : "2.0.1",
profileOID : "2B00000001",
profileID : "0000000001",
owner : "GloablPlatform",
type : Key.SECRET,
subType : Key.DES,
size : 128,
usage : 0 | Key.ENCRYPT | Key.DECRYPT | Key.DECRYPT_ENCRYPT | Key.UNWRAP | Key.WRAP | Key.UNWRAP_WRAP | Key.SIGN | Key.VERIFY | Key.DERIVE,
attribute : 0 | Key.EXPORTABLE | Key.IMPORTABLE
};
var $2B00000002 = {
profileVersion : "2.0.0",
objVersion : "2.0.1",
profileOID : "2B00000002",
profileID : "0000000002",
owner : "GloablPlatform",
type : Key.SECRET,
subType : Key.DES,
size : 128,
usage : 0 | Key.ENCRYPT | Key.DECRYPT | Key.DECRYPT_ENCRYPT | Key.UNWRAP | Key.WRAP | Key.UNWRAP_WRAP | Key.SIGN | Key.VERIFY | Key.DERIVE,
attribute : 0 | Key.EXPORTABLE | Key.IMPORTABLE | Key.SENSITIVE
};
var key01 = new Key($2B00000001);
var key02 = new Key($2B00000002);
var key03 = new Key($2B00000001);
key01.setComponent(Key.DES,new ByteString("00112233445566778899AABBCCDDEEFF",HEX));
key02.setComponent(Key.DES,new ByteString("F4DCEA6B36902B8AF4DCEA6B36902B8A",HEX));
key03.setComponent(Key.DES,new ByteString("22222222222222222222222222222222",HEX));
key02.setWrapKey(key01,Crypto.DES_ECB);
//Instantiate crypto service
var crypto = new Crypto();
pk = new Key($2B00000002);
crypto.unwrapWrap(key03,Crypto.DES_ECB,key02,pk);
Print("key02 unwrapWrap key add is : " + pk.getAdd());
Print("key02 unwrapWrap key component is : " + pk.getComponent(Key.DES).toString(HEX));
pkR = new Key($2B00000002);
crypto.unwrap(pk,pkR);
Print("key02 unwrapWrap key unwrap add is : " + pkR.getAdd());
Print("key02 unwrapWrap key unwrap component is : " + pkR.getComponent(Key.DES).toString(HEX));
}
catch (e)
{
Print("Exception : " + e.className + "," + e.error + "," + e.reason + "," + e.message);
}
verify()
原型:
Boolean verify( Key verifyKey, Number verifyMech, ByteString data, ByteString signature)
Boolean verify( Key verifyKey, Number verifyMech, ByteString data, ByteString iv, ByteString signature)
使用verifyKey指定的密钥和verifyMech指定的算法验证指定的签名是否是指定数据的正确签名。
目前暂不支持RSA算法的验签,可以使用decrypt和encrypt配合实现。
Arguments参数
| Name | Type | Description |
|---|---|---|
| verifyKey | Key | Key used for signature verification. |
| wrapMech | Number | Crypto.DES_MAC 、Crypto.DES_MAC_EMV、Crypto.AES_CMAC、Crypto.SM4_CMAC 、Crypto.RSA |
| data | ByteString | Data on which the signature is based (or generated). |
| iv | ByteString | Optional initial vector. |
| signature | ByteString | Signature to verify. |
| wrapIV | ByteString | Optional initial vector required by the wrapMech algorithm. |
Returns返回
| Type | Description |
|---|---|
| Boolean | True or false depending if verify() was successful or not. |
Exceptions异常
| Value | Description |
|---|---|
| GPError.ARGUMENTS_MISSING | 参数缺失 |
| GPError.DEVICE_ERROR | 设备错误 |
| GPError.KEY_NOT_FOUND | 密钥未找到 |
| GPError.INVALID_ARGUMENTS | 参数无效,格式错误或数据非法 |
| GPError.INVALID_DATA | 数据无效 |
| GPError.INVALID_KEY | 传入密钥无效 |
| GPError.INVALID_MECH | 算法参数无效 |
| GPError.INVALID_TYPE | 参数数据类型无效 |
| GPError.INVALID_USAGE | 密钥用途无效 |
| GPError.UNDEFINED | 未定义 |
| GPError.UNSUPPORTED | 调用未被支持 |
Example示例
try
{
var $2B00000001 = {
profileVersion : "2.0.0",
objVersion : "2.0.1",
profileOID : "2B00000001",
profileID : "0000000001",
owner : "GloablPlatform",
type : Key.SECRET,
subType : Key.DES,
size : 128,
usage : 0 | Key.ENCRYPT | Key.DECRYPT | Key.DECRYPT_ENCRYPT | Key.UNWRAP | Key.WRAP | Key.UNWRAP_WRAP | Key.SIGN | Key.VERIFY | Key.DERIVE,
attribute : 0 | Key.EXPORTABLE | Key.IMPORTABLE
};
var key01 = new Key($2B00000001);
key01.setComponent(Key.DES,new ByteString("00112233445566778899AABBCCDDEEFF",HEX));
//Instantiate crypto service
var crypto = new Crypto();
//DES MAC EMV
reslt = crypto.sign(key01,Crypto.DES_MAC_EMV,new ByteString("1122334455667788",HEX),new ByteString("0000000000000000",HEX));
Print("key01 DES_MAC_EMV sign is : " + reslt.toString(HEX));
//Verify
boolVerify = crypto.verify(key01,Crypto.DES_MAC_EMV,new ByteString("1122334455667788",HEX),new ByteString("0000000000000000",HEX),reslt);
if (boolVerify == true) {
Print("key01 DES_MAC_EMV is right");
} else {
Print("key01 DES_MAC_EMV is wrong");
}
}
catch (e)
{
Print("Exception : " + e.className + "," + e.error + "," + e.reason + "," + e.message);
}
wrap()
原型:
wrap(Key wrapKey, Number wrapMech, Key keyToWrap, key keyResult)
wrap(Key wrapKey, Number wrapMech, Key keyToWrap, Key keyResult, ByteString mechIV)
使用wrapKey指定的密钥和WrapTech指定的算法加密keyToWrap指定的密钥。如果WrapTech属性指定的算法需要参数,则会提供mechParam参数,否则不使用该参数。成功执行该方法后,keyToWrap指定的键将隐式地与wrapKey指定的加密密钥关联。
在标准的GP脚本语言系统中,要加密的keyToWrap参数必须已作为已经存在的Key对象。为了确保这一点,必须在希望使用此方法的脚本的相应Application Profile文件中定义密钥对象。在GPTS脚本语言系统中不需要Profile,但是一样需要已作为已经存在的Key对象。
在标准的GP脚本语言系统中,要加密的密钥的特征将由Application Profile文件中的密钥引用的Key Pfofile定义指定。此外,密钥类型必须与脚本主机环境和/或密钥管理系统使用的算法兼容。
如果将wrapMech指定为Crypto.DES_CBC_P、Crypto.DES_CBC_LP、Crypto.DES_EBC_P或Crypto.DES_EBC_LP的类型,则结果keyResult的getComponent()和setComponent()方法作为获取和设置的方法调用的结果为按wrapMech指定的算法要求修改结果的填充值。例如,如果Crypto.DES_CBC_P被指定为wrapMech,则加密密钥调用getComponent()的结果将返回“key value + padding”。
在标准的GP脚本语言系统中,根据加密设备的不同,对keyToWrap加密算法,加密设备可能不支持。在这两种情况下,都应该抛出GPError异常。
Arguments参数
| Name | Type | Description |
|---|---|---|
| wrapKey | Key | Key to wrap keyToWrap with. |
| wrapMech | Number | Crypto.DES_ECB 、Crypto.DES_ECB_LP、Crypto.DES_ECB_P、Crypto.DES_CBC、Crypto.DES_CBC_LP、Crypto.DES_CBC_P、Crypto.AES_ECB 、Crypto.AES_ECB_LP、Crypto.AES_ECB_P、Crypto.AES_CBC、Crypto.AES_CBC_LP、Crypto.AES_CBC_P、Crypto.SM4_ECB 、Crypto.SM4_ECB_LP、Crypto.SM4_ECB_P、Crypto.SM4_CBC、Crypto.SM4_CBC_LP、Crypto.SM4_CBC_P、Crypto.RSA |
| keyToWrap | Key | Key to wrap. |
| keyResult | Key | The wrapped key is placed into this object. |
| mechIV | ByteString | Optional initial vector required by particular wrapMech . |
Returns返回
| None |
|---|
Exceptions异常
| Value | Description |
|---|---|
| GPError.ARGUMENTS_MISSING | 参数缺失 |
| GPError.DEVICE_ERROR | 设备错误 |
| GPError.KEY_NOT_FOUND | 密钥未找到 |
| GPError.INVALID_KEY | 传入密钥无效 |
| GPError.INVALID_MECH | 算法无效 |
| GPError.INVALID_TYPE | 参数数据类型无效 |
| GPError.INVALID_USAGE | 密钥用途无效 |
| GPError.UNDEFINED | 未定义 |
| GPError.UNSUPPORTED | 调用未被支持 |
Example示例
try
{
var $2B00000001 = {
profileVersion : "2.0.0",
objVersion : "2.0.1",
profileOID : "2B00000001",
profileID : "0000000001",
owner : "GloablPlatform",
type : Key.SECRET,
subType : Key.DES,
size : 128,
usage : 0 | Key.ENCRYPT | Key.DECRYPT | Key.DECRYPT_ENCRYPT | Key.UNWRAP | Key.WRAP | Key.UNWRAP_WRAP | Key.SIGN | Key.VERIFY | Key.DERIVE,
attribute : 0 | Key.EXPORTABLE | Key.IMPORTABLE
};
var $2B00000002 = {
profileVersion : "2.0.0",
objVersion : "2.0.1",
profileOID : "2B00000002",
profileID : "0000000002",
owner : "GloablPlatform",
type : Key.SECRET,
subType : Key.DES,
size : 128,
usage : 0 | Key.ENCRYPT | Key.DECRYPT | Key.DECRYPT_ENCRYPT | Key.UNWRAP | Key.WRAP | Key.UNWRAP_WRAP | Key.SIGN | Key.VERIFY | Key.DERIVE,
attribute : 0 | Key.EXPORTABLE | Key.IMPORTABLE
};
var key01 = new Key($2B00000001);
var key02 = new Key($2B00000002);
key01.setComponent(Key.DES,new ByteString("00112233445566778899AABBCCDDEEFF",HEX));
key02.setComponent(Key.DES,new ByteString("11111111111111111111111111111111",HEX));
//Instantiate crypto service
var crypto = new Crypto();
var key03 = new Key($2B00000002);
crypto.wrap(key02,Crypto.DES_ECB,key01,key03);
Print("key02 wrap key add is : " + key03.getAdd());
Print("key02 wrap key component is : " + key03.getComponent(Key.DES).toString(HEX));
}
catch (e)
{
Print("Exception : " + e.className + "," + e.error + "," + e.reason + "," + e.message);
}