Product
Introducing Repository Access Permissions and Custom Roles
Socket now supports Custom Roles and Repository Access Permissions so organizations can control who can access specific repositories and actions.
By Joe Werle - Jun 19, 2026
🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more →
tq-sm-crypto
Advanced tools
tq-sm-crypto
安装
npm install --save tq-sm-crypto
sm2
加密解密
import { sm2 } from 'tq-sm-crypto'
const cipherMode = 0 // 1 - C1C3C2,0 - C1C2C3,默认为0
const msgString = 'greedy'
const publicKey = '04d82b0d2412f53c1ef37ff583802906deb5a6b77c63f0ad7f52bd40434394379dafca978b80ce939d6318a41867639fb0ff2c1dec74ffcd85d6fd37929d3301da'
const encryptData = '04f6b413d42fac02c2f8575e6501ce6be6419c62feb91054973ffa20c4422edd15985ac04910182c4968e38ec2e15b67228a4d211beb3fbfa035b521badbf9d08a65e1aea837a41962426bd05aa6d08d47242eaad2e74a781dc211639652f16c9f132840e6cfb4b7e17762725f'
const privateKey = '1f26a0ef95db82d7b98bd6ca4445f44a853d8681a89bd2a171434de2eda0afbb'
let encryptData = sm2.doEncrypt(msgString, publicKey, cipherMode) // 加密结果
let decryptData = sm2.doDecrypt(encryptData, privateKey, cipherMode) // 解密结果
签名验签
ps:理论上来说,只做纯签名是最快的。
import { sm2 } from 'tq-sm-crypto'
// 纯签名 + 生成椭圆曲线点
let sigValueHex = sm2.doSignature(msg, privateKey) // 签名
let verifyResult = sm2.doVerifySignature(msg, sigValueHex, publicKey) // 验签结果
// 纯签名
let sigValueHex2 = sm2.doSignature(msg, privateKey, {
pointPool: [sm2.getPoint(), sm2.getPoint(), sm2.getPoint(), sm2.getPoint()], // 传入事先已生成好的椭圆曲线点,可加快签名速度
}) // 签名
let verifyResult2 = sm2.doVerifySignature(msg, sigValueHex2, publicKey) // 验签结果
// 纯签名 + 生成椭圆曲线点 + der编解码
let sigValueHex3 = sm2.doSignature(msg, privateKey, {
der: true,
}) // 签名
let verifyResult3 = sm2.doVerifySignature(msg, sigValueHex3, publicKey, {
der: true,
}) // 验签结果
// 纯签名 + 生成椭圆曲线点 + sm3杂凑
let sigValueHex4 = sm2.doSignature(msg, privateKey, {
hash: true,
}) // 签名
let verifyResult4 = sm2.doVerifySignature(msg, sigValueHex4, publicKey, {
hash: true,
}) // 验签结果
// 纯签名 + 生成椭圆曲线点 + sm3杂凑(不做公钥推导)
let sigValueHex5 = sm2.doSignature(msg, privateKey, {
hash: true,
publicKey, // 传入公钥的话,可以去掉sm3杂凑中推导公钥的过程,速度会比纯签名 + 生成椭圆曲线点 + sm3杂凑快
})
let verifyResult5 = sm2.doVerifySignature(msg, sigValueHex5, publicKey, {
hash: true,
publicKey,
})
// 纯签名 + 生成椭圆曲线点 + sm3杂凑 + 不做公钥推 + 添加 userId(长度小于 8192)
// 默认 userId 值为 1234567812345678
let sigValueHex6 = sm2.doSignature(msgString, privateKey, {
hash: true,
publicKey,
userId: 'testUserId',
})
let verifyResult6 = sm2.doVerifySignature(msgString, sigValueHex6, publicKey, {
hash: true,
userId: 'testUserId',
})
获取椭圆曲线点
import { sm2 } from 'tq-sm-crypto'
let point = sm2.getPoint() // 获取一个椭圆曲线点,可在sm2签名时传入
sm3
import { sm3 } from 'tq-sm-crypto'
let hashData = sm3('abc') // 杂凑
sm4
加密
import { sm4 } from 'tq-sm-crypto'
const msg = 'hello world! 我是 greedy.' // 可以为 utf8 串或字节数组
const key = '37ae640dc70047b3ab176f4f7bf39454' // 可以为 16 进制串或字节数组,要求为 128 比特
let encryptData = sm4.encrypt(msg, key) // 加密,默认输出 16 进制字符串,默认使用 pkcs#5 填充
let encryptData = sm4.encrypt(msg, key, {padding: 'none'}) // 加密,不使用 padding
let encryptData = sm4.encrypt(msg, key, {padding: 'none', output: 'array'}) // 加密,不使用 padding,输出为字节数组
let encryptData = sm4.encrypt(msg, key, {mode: 'cbc', iv: 'fedcba98765432100123456789abcdef'}) // 加密,cbc 模式
解密
import { sm4 } from 'tq-sm-crypto'
const encryptData = 'bffede5ea11200d49b85f6a6767bedd5' // 可以为 16 进制串或字节数组
const key = '37ae640dc70047b3ab176f4f7bf39454' // 可以为 16 进制串或字节数组,要求为 128 比特
let decryptData = sm4.decrypt(encryptData, key) // 解密,默认输出 utf8 字符串,默认使用 pkcs#5 填充
let decryptData = sm4.decrypt(encryptData, key, {padding: 'none'}) // 解密,不使用 padding
let decryptData = sm4.decrypt(encryptData, key, {padding: 'none', output: 'array'}) // 解密,不使用 padding,输出为字节数组
let decryptData = sm4.decrypt(encryptData, key, {mode: 'cbc', iv: 'fedcba98765432100123456789abcdef'}) // 解密,cbc 模式
FAQs
tq-sm-crypto
The npm package tq-sm-crypto receives a total of 0 weekly downloads. As such, tq-sm-crypto popularity was classified as not popular.
We found that tq-sm-crypto demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 24 Mar 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket MCP Adds Org Alerts, Threat Feed Review, and Package Inspection
Socket MCP now lets AI assistants review org alerts, investigate threats using the Socket threat feed, and inspect package files in addition to dependency scoring.
By John Tuckner - Jun 18, 2026
Product
Socket Firewall Now Blocks Malicious VS Code and Open VSX Extensions
Socket Firewall blocks malicious VS Code and Open VSX extensions before install, protecting developers from compromised editor marketplaces.
By John Tuckner - Jun 17, 2026