1# @ohos.security.certManager (Certificate Management) 2 3The **certManager** module provides system-level certificate management capabilities to ensure secure use and management of certificates throughout their lifecycle (installation, storage, use, and destruction). 4 5> **NOTE** 6> 7> The initial APIs of this module are supported since API version 11. Newly added APIs will be marked with a superscript to indicate their earliest API version. 8 9## Modules to Import 10 11```ts 12import certManager from '@ohos.security.certManager'; 13``` 14 15## CmKeyPurpose 16 17Enumerates the purposes of using the key. 18 19**System capability**: System SystemCapability.Security.CertificateManager 20 21| Name | Value| Description | 22| ---------- | ------ | --------- | 23| CM_KEY_PURPOSE_SIGN | 4 | The key is used for signing.| 24| CM_KEY_PURPOSE_VERIFY | 8 | The key is used for signature verification.| 25 26## CmKeyDigest 27 28Enumerates the digest algorithms that can be used for signing and signature verification. 29 30**System capability**: System SystemCapability.Security.CertificateManager 31 32| Name | Value| Description | 33| ---------- | ------ | --------- | 34| CM_DIGEST_NONE | 0 | No digest algorithm is required. If this option is used, the service needs to pass in the data with the digest generated for signing or signature verification.| 35| CM_DIGEST_MD5 | 1 | MD5.| 36| CM_DIGEST_SHA1 | 2 | SHA-1.| 37| CM_DIGEST_SHA224 | 3 | SHA-224.| 38| CM_DIGEST_SHA256 | 4 | SHA-256.| 39| CM_DIGEST_SHA384 | 5 | SHA-384.| 40| CM_DIGEST_SHA512 | 6 | SHA-512.| 41 42## CmKeyPadding 43 44Enumerates the padding modes that can be used for signing and signature verification. 45 46**System capability**: System SystemCapability.Security.CertificateManager 47 48| Name | Value| Description | 49| ---------- | ------ | --------- | 50| CM_PADDING_NONE | 0 | No padding.| 51| CM_PADDING_PSS | 1 | PSS.| 52| CM_PADDING_PKCS1_V1_5 | 2 | PKCS1-V1_5.| 53 54## CMSignatureSpec 55 56Represents a set of parameters used for signing or signature verification, including the key usage purpose, padding mode, and digest algorithm. 57 58**System capability**: System SystemCapability.Security.CertificateManager 59 60| Name | Type | Mandatory| Description | 61| -------------- | --------------------------------- | ---- | ------------------------------------------------------------ | 62| purpose | [CmKeyPurpose](#cmkeypurpose) | Yes | Purpose of using the key.| 63| padding? | [CmKeyPadding](#cmkeypadding) | No | Padding mode.| 64| digest? | [CmKeyDigest](#cmkeydigest) | No | Digest algorithm.| 65 66 67## CertInfo 68 69Represents the detailed information about a certificate. 70 71**System capability**: System SystemCapability.Security.CertificateManager 72 73| Name | Type | Readable| Writable| Description | 74| -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ | 75| uri | string | Yes | Yes | Unique identifier of the certificate.| 76| certAlias | string | Yes | Yes | Alias of the certificate.| 77| state | boolean | Yes | Yes | Certificate state. The value **true** indicates that the certificate is enabled, and **false** means the opposite.| 78| issuerName | string | Yes | Yes | Issuer of the certificate.| 79| subjectName | string | Yes | Yes | User of the certificate.| 80| serial | string | Yes | Yes | Serial number of the certificate.| 81| notBefore | string | Yes | Yes | Date from which the certificate takes effect.| 82| notAfter | string | Yes | Yes | Date when the certificate expires.| 83| fingerprintSha256 | string | Yes | Yes | Fingerprint value of the certificate.| 84| cert | Uint8Array | Yes | Yes | Certificate data in binary format.| 85 86## CertAbstract 87 88Represents the brief information about a certificate. 89 90**System capability**: System SystemCapability.Security.CertificateManager 91 92| Name | Type | Readable| Writable| Description | 93| -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ | 94| uri | string | Yes | Yes | Unique identifier of the certificate.| 95| certAlias | string | Yes | Yes | Alias of the certificate.| 96| state | boolean | Yes | Yes | Certificate state. The value **true** indicates that the certificate is enabled, and **false** means the opposite.| 97| issuerName | string | Yes | Yes | Issuer of the certificate.| 98| subjectName | string | Yes | Yes | User of the certificate.| 99 100## Credential 101 102Represents the detailed information about a credential. 103 104**System capability**: System SystemCapability.Security.CertificateManager 105 106| Name | Type | Readable| Writable| Description | 107| -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ | 108| type | string | Yes | Yes | Type of the credential.| 109| alias | string | Yes | Yes | Alias of the credential.| 110| keyUri | string | Yes | Yes | Unique identifier of the credential.| 111| certNum | number | Yes | Yes | Number of certificates contained in the credential.| 112| keyNum | number | Yes | Yes | Number of keys contained in the credential.| 113| credentialData | Uint8Array | Yes | Yes | Credential data in binary format.| 114 115## CredentialAbstract 116 117Represents the brief information about a credential. 118 119**System capability**: System SystemCapability.Security.CertificateManager 120 121| Name | Type | Readable| Writable| Description | 122| -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ | 123| type | string | Yes | Yes | Type of the credential.| 124| alias | string | Yes | Yes | Alias of the credential.| 125| keyUri | string | Yes | Yes | Unique identifier of the credential.| 126 127## CMResult 128 129Represents the result returned. 130 131**System capability**: System SystemCapability.Security.CertificateManager 132 133| Name | Type | Readable| Writable| Description | 134| -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ | 135| certList? | Array<[CertAbstract](#certabstract)> | Yes | Yes | Brief certificate information.| 136| certInfo? | [CertInfo](#certinfo) | Yes | Yes | Detailed certificate information.| 137| credentialList? | Array<[CredentialAbstract](#credentialabstract)> | Yes | Yes | Brief credential information.| 138| credential? | [Credential](#credential) | Yes | Yes | Credential detailed information.| 139| appUidList? | Array<string> | Yes | Yes | List of authorized applications.| 140| uri? | string | Yes | Yes | Unique identifier of the certificate or credential.| 141| outData? | Uint8Array | Yes | Yes | Signature generated.| 142 143## CMHandle 144 145Represents the handle of the signing or signature verification operation. 146 147**System capability**: System SystemCapability.Security.CertificateManager 148 149| Name | Type | Readable| Writable| Description | 150| -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ | 151| handle | Uint8Array | Yes | Yes | Handle returned by **certManager.init()** for the subsequent signing or signature verification operation.| 152 153## CMErrorCode 154 155Enumerates the error codes used in the certificate management APIs. 156 157**System capability**: System SystemCapability.Security.CertificateManager 158 159| Name | Value| Description | 160| ---------- | ------ | --------- | 161| CM_ERROR_NO_PERMISSION | 201 | The application does not have the permission to call the API.| 162| CM_ERROR_NOT_SYSTEM_APP | 202 | The caller is not a system application.<br> **System API**: This is a system API.| 163| CM_ERROR_INVALID_PARAMS | 401 | Invalid input parameter is found.| 164| CM_ERROR_GENERIC | 17500001 | An internal error occurs when the interface is called.| 165| CM_ERROR_NO_FOUND | 17500002 | The certificate or credential does not exist.| 166| CM_ERROR_INCORRECT_FORMAT | 17500003 | The certificate or credential is in invalid format.| 167 168## certManager.installPrivateCertificate 169 170installPrivateCertificate(keystore: Uint8Array, keystorePwd: string, certAlias: string, callback: AsyncCallback\<CMResult>) : void 171 172Installs a private credential. This API uses an asynchronous callback to return the result. 173 174**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 175 176**System capability**: System SystemCapability.Security.CertificateManager 177 178**Parameters** 179 180| Name | Type | Mandatory| Description | 181| -------- | ------------------------------------------------- | ---- | -------------------------- | 182| keystore | Uint8Array | Yes | Keystore file containing the key pair and certificate.| 183| keystorePwd | string | Yes | Password of the keystore file. The password cannot exceed 32 bytes.| 184| certAlias | string | Yes | Certificate alias. Currently, the alias can contain only digits, letters, and underscores (_) and should not exceed 32 bytes.| 185| callback | AsyncCallback\<[CMResult](#cmresult)> | Yes | Callback invoked to return the result. If the operation is successful, the URI of the installed credential is returned.| 186 187**Error codes** 188 189For details about the following error codes, see [Certificate Management Error Codes](../errorcodes/errorcode-certManager.md). 190 191| ID| Error Message | 192| -------- | ------------- | 193| 17500001 | There is an generic error occurred when calling the API. | 194| 17500003 | The keystore is not valid format or keystorePwd is not correct. | 195 196**Example** 197```ts 198import certManager from '@ohos.security.certManager'; 199 200/* The credential data to be installed must be assigned by the service. The data in this example is not the real credential data. */ 201let keystore: Uint8Array = new Uint8Array([ 202 0x30, 0x82, 0x0b, 0xc1, 0x02, 0x01, 203]); 204let keystorePwd: string = "123456"; 205try { 206 certManager.installPrivateCertificate(keystore, keystorePwd, "test", (err, cmResult) => { 207 if (err != null) { 208 console.error("[Callback]installPrivateCertificate err: " + err.code); 209 } else { 210 let uri: string = (cmResult.uri == undefined) ? '' : cmResult.uri; 211 console.log("[Callback]installPrivateCertificate success"); 212 } 213 }); 214} catch (error) { 215 console.error("[Callback]installPrivateCertificate failed"); 216} 217``` 218 219## certManager.installPrivateCertificate 220 221installPrivateCertificate(keystore: Uint8Array, keystorePwd: string, certAlias: string) : Promise\<CMResult> 222 223Installs a private credential. This API uses a promise to return the result. 224 225**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 226 227**System capability**: System SystemCapability.Security.CertificateManager 228 229**Parameters** 230 231| Name | Type | Mandatory| Description | 232| -------- | ------------------------------------------------- | ---- | -------------------------- | 233| keystore | Uint8Array | Yes | Keystore file containing the key pair and certificate.| 234| keystorePwd | string | Yes | Password of the keystore file. The password cannot exceed 32 bytes.| 235| certAlias | string | Yes | Credential alias. Currently, the alias can contain only digits, letters, and underscores (_) and should not exceed 32 bytes.| 236 237**Return value** 238 239| Type | Description | 240| ------------------------------------------- | -------------------- | 241| Promise\<[CMResult](#cmresult)> | Promise used to return the result. If the operation is successful, the URI of the installed credential is returned.| 242 243**Error codes** 244 245For details about the following error codes, see [Certificate Management Error Codes](../errorcodes/errorcode-certManager.md). 246 247| ID| Error Message | 248| -------- | ------------- | 249| 17500001 | There is an generic error occurred when calling the API. | 250| 17500003 | The keystore is not valid format or keystorePwd is not correct. | 251 252**Example** 253 254```ts 255import certManager from '@ohos.security.certManager'; 256import { BusinessError } from '@ohos.base'; 257 258/* The credential data to be installed must be assigned by the service. The data in this example is not the real credential data. */ 259let keystore: Uint8Array = new Uint8Array([ 260 0x30, 0x82, 0x0b, 0xc1, 0x02, 0x01, 261]); 262let keystorePwd: string = "123456"; 263try { 264 certManager.installPrivateCertificate(keystore, keystorePwd, 'test').then((cmResult) => { 265 let uri: string = (cmResult.uri == undefined) ? '' : cmResult.uri; 266 console.log("[Promise]installPrivateCertificate success"); 267 }).catch((err: BusinessError) => { 268 console.error('[Promise]installPrivateCertificate failed'); 269 }) 270} catch (err) { 271 console.error("[Promise]installPrivateCertificate failed"); 272} 273``` 274 275## certManager.getAllAppPrivateCertificates 276 277getAllAppPrivateCertificates(callback: AsyncCallback\<CMResult>): void 278 279Obtains all private credentials. This API uses an asynchronous callback to return the result. 280 281**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER and ohos.permission.ACCESS_CERT_MANAGER_INTERNAL 282 283**System capability**: System SystemCapability.Security.CertificateManager 284 285**System API**: This is a system API. 286 287**Parameters** 288 289| Name | Type | Mandatory| Description | 290| -------- | ------------------------------------------------- | ---- | -------------------------- | 291| callback | AsyncCallback\<[CMResult](#cmresult)> | Yes | Callback invoked to return the result. If the operation is successful, **credentialList** in [CMResult](#cmresult) is returned.| 292 293**Error codes** 294 295For details about the following error codes, see [Certificate Management Error Codes](../errorcodes/errorcode-certManager.md). 296 297| ID| Error Message | 298| -------- | ------------- | 299| 17500001 | There is an generic error occurred when calling the API. | 300 301**Example** 302```ts 303import certManager from '@ohos.security.certManager'; 304 305try { 306 certManager.getAllAppPrivateCertificates((err, cmResult) => { 307 if (err != null) { 308 console.error("getAllAppPrivateCertificates error"); 309 } else { 310 if (cmResult.credentialList == undefined) { 311 console.log("[Callback]getAllAppPrivateCertificates result is undefined"); 312 } else { 313 let list = cmResult.credentialList; 314 console.log("[Callback]getAllAppPrivateCertificates success"); 315 } 316 } 317 }); 318} catch (error) { 319 console.error("[Callback]getAllAppPrivateCertificates failed"); 320} 321``` 322 323## certManager.getAllAppPrivateCertificates 324 325getAllAppPrivateCertificates() : Promise\<CMResult> 326 327Obtains all private credentials. This API uses a promise to return the result. 328 329**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER and ohos.permission.ACCESS_CERT_MANAGER_INTERNAL 330 331**System capability**: System SystemCapability.Security.CertificateManager 332 333**System API**: This is a system API. 334 335**Return value** 336 337| Type | Description | 338| ------------------------------------------- | -------------------- | 339| Promise\<[CMResult](#cmresult)> | Promise used to return the result. If the operation is successful, **credentialList** in [CMResult](#cmresult) is returned.| 340 341**Error codes** 342 343For details about the following error codes, see [Certificate Management Error Codes](../errorcodes/errorcode-certManager.md). 344 345| ID| Error Message | 346| -------- | ------------- | 347| 17500001 | There is an generic error occurred when calling the API. | 348 349**Example** 350```ts 351import certManager from '@ohos.security.certManager'; 352import { BusinessError } from '@ohos.base'; 353 354try { 355 certManager.getAllAppPrivateCertificates().then((cmResult) => { 356 if (cmResult.credentialList == undefined) { 357 console.log("[Promise]getAllAppPrivateCertificates result is undefined"); 358 } else { 359 let list = cmResult.credentialList; 360 console.log("[Promise]getAllAppPrivateCertificates success"); 361 } 362 }).catch((err: BusinessError) => { 363 console.error('[Promise]getAllAppPrivateCertificates failed'); 364 }) 365} catch (error) { 366 console.error("[Promise]getAllAppPrivateCertificates failed"); 367} 368``` 369 370## certManager.getPrivateCertificate 371 372getPrivateCertificate(keyUri: string, callback: AsyncCallback\<CMResult>) : void 373 374Obtains detailed information about a private credential. This API uses an asynchronous callback to return the result. 375 376**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 377 378**System capability**: System SystemCapability.Security.CertificateManager 379 380**Parameters** 381 382| Name | Type | Mandatory| Description | 383| -------- | ------------------------------------------------- | ---- | -------------------------- | 384| keyUri | string | Yes | Unique identifier of the target credential.| 385| callback | AsyncCallback\<[CMResult](#cmresult)> | Yes | Callback invoked to return the result. If the operation is successful, **credential** in [CMResult](#cmresult) is returned.| 386 387**Error codes** 388 389For details about the following error codes, see [Certificate Management Error Codes](../errorcodes/errorcode-certManager.md). 390 391| ID| Error Message | 392| -------- | ------------- | 393| 17500001 | There is an generic error occurred when calling the API. | 394| 17500002 | The certificate do not exist. | 395 396**Example** 397```ts 398import certManager from '@ohos.security.certManager'; 399 400let uri: string = 'test'; /* URI of the credential installed, which is omitted here. */ 401try { 402 certManager.getPrivateCertificate(uri, (err, cmResult) => { 403 if (err != null) { 404 console.error("getPrivateCertificate error"); 405 } else { 406 if (cmResult.credential == undefined) { 407 console.log("[Callback]getPrivateCertificate result is undefined"); 408 } else { 409 let list = cmResult.credential; 410 console.log("[Callback]getPrivateCertificate success"); 411 } 412 } 413 }); 414} catch (error) { 415 console.error("[Callback]installPrivateCertificate failed"); 416} 417``` 418 419## certManager.getPrivateCertificate 420 421getPrivateCertificate(keyUri: string) : Promise\<CMResult> 422 423Obtains detailed information about a private credential. This API uses a promise to return the result. 424 425**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 426 427**System capability**: System SystemCapability.Security.CertificateManager 428 429**Parameters** 430 431| Name | Type | Mandatory| Description | 432| -------- | ------------------------------------------------- | ---- | -------------------------- | 433| keyUri | string | Yes | Unique identifier of the target credential.| 434 435**Return value** 436 437| Type | Description | 438| ------------------------------------------- | -------------------- | 439| Promise\<[CMResult](#cmresult)> | Promise used to return the result. If the operation is successful, **credential** in [CMResult](#cmresult) is returned.| 440 441**Error codes** 442 443For details about the following error codes, see [Certificate Management Error Codes](../errorcodes/errorcode-certManager.md). 444 445| ID| Error Message | 446| -------- | ------------- | 447| 17500001 | There is an generic error occurred when calling the API. | 448| 17500002 | The certificate do not exist. | 449 450**Example** 451```ts 452import certManager from '@ohos.security.certManager'; 453import { BusinessError } from '@ohos.base'; 454 455let uri: string = 'test'; /* URI of the credential installed, which is omitted here. */ 456try { 457 certManager.getPrivateCertificate(uri).then((cmResult) => { 458 if (cmResult.credential == undefined) { 459 console.log("[Promise]getPrivateCertificate result is undefined"); 460 } else { 461 let list = cmResult.credential; 462 console.log("[Promise]getPrivateCertificate success"); 463 } 464 }).catch((err: BusinessError) => { 465 console.error('[Promise]getPrivateCertificate failed'); 466 }) 467} catch (err) { 468 console.error("[Promise]getPrivateCertificate failed"); 469} 470``` 471 472## certManager.uninstallPrivateCertificate 473 474uninstallPrivateCertificate(keyUri: string, callback: AsyncCallback\<void>) : void 475 476Uninstalls a private credential. This API uses an asynchronous callback to return the result. 477 478**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 479 480**System capability**: System SystemCapability.Security.CertificateManager 481 482**Parameters** 483 484| Name | Type | Mandatory| Description | 485| -------- | ------------------------------------------------- | ---- | -------------------------- | 486| keyUri | string | Yes | Unique identifier of the credential to uninstall.| 487| callback | AsyncCallback\<void> | Yes | Callback invoked to return the result. If the operation is successful, **error** is **null**.| 488 489**Error codes** 490 491For details about the following error codes, see [Certificate Management Error Codes](../errorcodes/errorcode-certManager.md). 492 493| ID| Error Message | 494| -------- | ------------- | 495| 17500001 | There is an generic error occurred when calling the API. | 496| 17500002 | The certificate do not exist. | 497 498**Example** 499```ts 500import certManager from '@ohos.security.certManager'; 501 502let uri: string = 'test'; /* URI of the credential installed, which is omitted here. */ 503try { 504 certManager.uninstallPrivateCertificate(uri, (err, result) => { 505 if (err != null) { 506 console.error("[Callback]uninstallPrivateCertificate error"); 507 } else { 508 console.log("[Callback]uninstallPrivateCertificate success"); 509 } 510 }); 511} catch (err) { 512 console.error("[Callback]uninstallPrivateCertificate failed"); 513} 514``` 515 516## certManager.uninstallPrivateCertificate 517 518uninstallPrivateCertificate(keyUri: string) : Promise\<void> 519 520Uninstalls a private credential. This API uses a promise to return the result. 521 522**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 523 524**System capability**: System SystemCapability.Security.CertificateManager 525 526**Parameters** 527 528| Name | Type | Mandatory| Description | 529| -------- | ------------------------------------------------- | ---- | -------------------------- | 530| keyUri | string | Yes | Unique identifier of the credential to uninstall.| 531 532**Return value** 533 534| Type | Description | 535| ------------------------------------------- | -------------------- | 536| Promise\<void> | Promise used to return the result.| 537 538**Error codes** 539 540For details about the following error codes, see [Certificate Management Error Codes](../errorcodes/errorcode-certManager.md). 541 542| ID| Error Message | 543| -------- | ------------- | 544| 17500001 | There is an generic error occurred when calling the API. | 545| 17500002 | The certificate do not exist. | 546 547**Example** 548```ts 549import certManager from '@ohos.security.certManager'; 550import { BusinessError } from '@ohos.base'; 551 552let uri: string = 'test'; /* URI of the credential installed, which is omitted here. */ 553try { 554 certManager.uninstallPrivateCertificate(uri).then((cmResult) => { 555 console.log("[Promise]uninstallPrivateCertificate success"); 556 }).catch((err: BusinessError) => { 557 console.error('[Promise]uninstallPrivateCertificate failed, code =', err.code); 558 }) 559} catch (err) { 560 console.error("[Promise]uninstallPrivateCertificate failed"); 561} 562``` 563 564## certManager.init 565 566init(authUri: string, spec: CMSignatureSpec, callback: AsyncCallback\<CMHandle>) : void 567 568Initializes the signing or signature verification operation using the specified credential. This API uses an asynchronous callback to return the result. 569 570**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 571 572**System capability**: System SystemCapability.Security.CertificateManager 573 574**Parameters** 575 576| Name | Type | Mandatory| Description | 577| -------- | ------------------------------------------------- | ---- | -------------------------- | 578| authUri | string | Yes | Unique identifier of the credential to use.| 579| spec | [CMSignatureSpec](#cmsignaturespec) | Yes | Parameters for the signing or signature verification operation.| 580| callback | AsyncCallback\<[CMHandle](#cmhandle)> | Yes | Callback invoked to return an operation handle.| 581 582**Error codes** 583 584For details about the following error codes, see [Certificate Management Error Codes](../errorcodes/errorcode-certManager.md). 585 586| ID| Error Message | 587| -------- | ------------- | 588| 17500001 | There is an generic error occurred when calling the API. | 589| 17500002 | The certificate do not exist. | 590 591**Example** 592```ts 593import certManager from '@ohos.security.certManager'; 594 595let uri: string = 'test'; /* URI of the credential installed, which is omitted here. */ 596const req: certManager.CMSignatureSpec = { 597 purpose: certManager.CmKeyPurpose.CM_KEY_PURPOSE_SIGN, 598 padding: certManager.CmKeyPadding.CM_PADDING_PSS, 599 digest: certManager.CmKeyDigest.CM_DIGEST_SHA256 600} 601try { 602 certManager.init(uri, req, (err, cmHandle) => { 603 if (err != null) { 604 console.error("[Callback]init err"); 605 } else { 606 console.log("[Callback]init success"); 607 } 608 }) 609} catch (err) { 610 console.error("[Callback]init failed"); 611} 612``` 613 614## certManager.init 615 616init(authUri: string, spec: CMSignatureSpec) : Promise\<CMHandle> 617 618Initializes the signing or signature verification operation using the specified credential. This API uses a promise to return the result. 619 620**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 621 622**System capability**: System SystemCapability.Security.CertificateManager 623 624**Parameters** 625 626| Name | Type | Mandatory| Description | 627| -------- | ------------------------------------------------- | ---- | -------------------------- | 628| authUri | string | Yes | Unique identifier of the credential to use.| 629| spec | [CMSignatureSpec](#cmsignaturespec) | Yes | Parameters for the signing or signature verification operation.| 630 631**Return value** 632 633| Type | Description | 634| ------------------------------------------- | -------------------- | 635| Promise\<[CMHandle](#cmhandle)> | Promise used to return an operation handle.| 636 637**Error codes** 638 639For details about the following error codes, see [Certificate Management Error Codes](../errorcodes/errorcode-certManager.md). 640 641| ID| Error Message | 642| -------- | ------------- | 643| 17500001 | There is an generic error occurred when calling the API. | 644| 17500002 | The certificate do not exist. | 645 646**Example** 647```ts 648import certManager from '@ohos.security.certManager'; 649import { BusinessError } from '@ohos.base'; 650 651let uri: string = 'test'; /* URI of the credential installed, which is omitted here. */ 652const req: certManager.CMSignatureSpec = { 653 purpose: certManager.CmKeyPurpose.CM_KEY_PURPOSE_VERIFY, 654 padding: certManager.CmKeyPadding.CM_PADDING_PSS, 655 digest: certManager.CmKeyDigest.CM_DIGEST_MD5 656} 657try { 658 certManager.init(uri, req).then((handle) => { 659 console.log('[Promise]init success'); 660 }).catch((error: BusinessError) => { 661 console.error('[Promise]init failed'); 662 }) 663} catch (err) { 664 console.error("[Promise]init failed"); 665} 666``` 667 668## certManager.update 669 670update(handle: Uint8Array, data: Uint8Array, callback: AsyncCallback\<void>): void 671 672Updates the data for the signing or signature verification operation. This API uses an asynchronous callback to return the result. 673 674**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 675 676**System capability**: System SystemCapability.Security.CertificateManager 677 678**Parameters** 679 680| Name | Type | Mandatory| Description | 681| -------- | ------------------------------------------------- | ---- | -------------------------- | 682| handle | Uint8Array | Yes | Operation handle returned by **init()**.| 683| data | Uint8Array | Yes | Data to be signed or verified.| 684| callback | AsyncCallback\<void> | Yes | Callback invoked to return the result. If the operation is successful, **error** is **null**.| 685 686**Error codes** 687 688For details about the following error codes, see [Certificate Management Error Codes](../errorcodes/errorcode-certManager.md). 689 690| ID| Error Message | 691| -------- | ------------- | 692| 17500001 | There is an generic error occurred when calling the API. | 693 694**Example** 695```ts 696import certManager from '@ohos.security.certManager'; 697 698/* cmHandle is the value returned by init(). The value here is only an example. */ 699let cmHandle: Uint8Array = new Uint8Array([ 700 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 701]); 702let srcData: Uint8Array = new Uint8Array([ 703 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 704]); 705try { 706 certManager.update(cmHandle, srcData, (err, result) => { 707 if (err != null) { 708 console.error("[Callback]certManager update error"); 709 } else { 710 console.log("[Callback]certManager update success"); 711 } 712 }); 713} catch (err) { 714 console.error("[Callback]update failed"); 715} 716``` 717 718## certManager.update 719 720update(handle: Uint8Array, data: Uint8Array): Promise\<void> 721 722Updates the data for the signing or signature verification operation. This API uses a promise to return the result. 723 724**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 725 726**System capability**: System SystemCapability.Security.CertificateManager 727 728**Parameters** 729 730| Name | Type | Mandatory| Description | 731| -------- | ------------------------------------------------- | ---- | -------------------------- | 732| handle | Uint8Array | Yes | Operation handle returned by **init()**.| 733| data | Uint8Array | Yes | Data to be signed or verified.| 734 735**Return value** 736 737| Type | Description | 738| ------------------------------------------- | -------------------- | 739| Promise\<void> | Promise used to return the result.| 740 741**Error codes** 742 743For details about the following error codes, see [Certificate Management Error Codes](../errorcodes/errorcode-certManager.md). 744 745| ID| Error Message | 746| -------- | ------------- | 747| 17500001 | There is an generic error occurred when calling the API. | 748 749**Example** 750```ts 751import certManager from '@ohos.security.certManager'; 752import { BusinessError } from '@ohos.base'; 753 754/* cmHandle is the value returned by init(). The value here is only an example. */ 755let cmHandle: Uint8Array = new Uint8Array([ 756 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 757]); 758let srcData: Uint8Array = new Uint8Array([ 759 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 760]); 761try { 762 certManager.update(cmHandle, srcData).then((result) => { 763 console.log('[Promise]update success'); 764 }).catch((error: BusinessError) => { 765 console.error('[Promise]update failed'); 766 }) 767} catch (err) { 768 console.error("[Promise]certManager update error"); 769} 770``` 771 772## certManager.finish 773 774finish(handle: Uint8Array, callback: AsyncCallback\<CMResult>) : void 775 776Finishes the signing operation. This API uses an asynchronous callback to return the result. 777 778**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 779 780**System capability**: System SystemCapability.Security.CertificateManager 781 782**Parameters** 783 784| Name | Type | Mandatory| Description | 785| -------- | ------------------------------------------------- | ---- | -------------------------- | 786| handle | Uint8Array | Yes | Operation handle returned by **init()**.| 787| callback | AsyncCallback\<[CMResult](#cmresult)> | Yes | Callback invoked to return the result. If the operation is successful, **outData** in [CMResult](#cmresult) is returned.| 788 789**Error codes** 790 791For details about the following error codes, see [Certificate Management Error Codes](../errorcodes/errorcode-certManager.md). 792 793| ID| Error Message | 794| -------- | ------------- | 795| 17500001 | There is an generic error occurred when calling the API. | 796 797**Example** 798```ts 799import certManager from '@ohos.security.certManager'; 800 801/* cmHandle is the value returned by init(). The value here is only an example. */ 802let cmHandle: Uint8Array = new Uint8Array([ 803 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 804]); 805try { 806 certManager.finish(cmHandle, (err, cmResult) => { 807 if (err != null) { 808 console.error("[Callback]certManager sign failed"); 809 } else { 810 if (cmResult.outData != undefined) { 811 let signRes: Uint8Array = cmResult.outData; 812 console.log("[Callback]certManager sign success"); 813 } else { 814 console.error("[Callback]certManager sign failed"); 815 } 816 } 817 }); 818} catch(error) { 819 console.error("[Callback]certManager finish error"); 820} 821``` 822 823## certManager.finish 824 825finish(handle: Uint8Array, signature: Uint8Array, callback: AsyncCallback\<CMResult>) : void 826 827Finishes the signature verification operation. This API uses an asynchronous callback to return the result. 828 829**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 830 831**System capability**: System SystemCapability.Security.CertificateManager 832 833**Parameters** 834 835| Name | Type | Mandatory| Description | 836| -------- | ------------------------------------------------- | ---- | -------------------------- | 837| handle | Uint8Array | Yes | Operation handle returned by **init()**.| 838| signature | Uint8Array | Yes | Signature data to verify.| 839| callback | AsyncCallback\<[CMResult](#cmresult)> | Yes | Callback invoked to return the result. If the operation is successful, **error** is **null**.| 840 841**Error codes** 842 843For details about the following error codes, see [Certificate Management Error Codes](../errorcodes/errorcode-certManager.md). 844 845| ID| Error Message | 846| -------- | ------------- | 847| 17500001 | There is an generic error occurred when calling the API. | 848 849**Example** 850```ts 851import certManager from '@ohos.security.certManager'; 852 853/* cmHandle is the value returned by init(). The value here is only an example. */ 854let cmHandle: Uint8Array = new Uint8Array([ 855 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 856]); 857let signRes: Uint8Array = new Uint8Array([ 858 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 859]); 860try { 861 certManager.finish(cmHandle, signRes, (err, cmResult) => { 862 if (err != null) { 863 console.error("[Callback]certManager verify failed"); 864 } else { 865 console.log("[Callback]certManager verify success"); 866 } 867 }); 868} catch(error) { 869 console.error("[Callback]certManager finish error"); 870} 871``` 872 873## certManager.finish 874 875finish(handle: Uint8Array, signature?: Uint8Array) : Promise\<CMResult> 876 877Finishes the signing or signature verification operation. This API uses a promise to return the result. 878 879**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 880 881**System capability**: System SystemCapability.Security.CertificateManager 882 883**Parameters** 884 885| Name | Type | Mandatory| Description | 886| -------- | ------------------------------------------------- | ---- | -------------------------- | 887| handle | Uint8Array | Yes | Operation handle returned by **init()**.| 888| signature | Uint8Array | No | Data to sign or verify.| 889 890**Return value** 891 892| Type | Description | 893| ------------------------------- | ------------------------------------------------------------ | 894| Promise\<[CMResult](#cmresult)> | Promise used to return the result. If the operation is successful, **outData** in [CMResult](#cmresult) is returned for a signing operation, and no data is returned for a signature verification operation.| 895 896**Error codes** 897 898For details about the following error codes, see [Certificate Management Error Codes](../errorcodes/errorcode-certManager.md). 899 900| ID| Error Message | 901| -------- | ------------- | 902| 17500001 | There is an generic error occurred when calling the API. | 903 904**Example** 905```ts 906import certManager from '@ohos.security.certManager'; 907import { BusinessError } from '@ohos.base'; 908 909/* cmHandle is the value returned by init(). The value here is only an example. */ 910let cmHandle: Uint8Array = new Uint8Array([ 911 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 912]); 913try { 914 /* Finish the signing operation. */ 915 certManager.finish(cmHandle).then((cmResult) => { 916 if (cmResult.outData != undefined) { 917 let signRes1: Uint8Array = cmResult.outData; 918 console.log("[Promise]finish sign success"); 919 } else { 920 console.error("[Promise]finish sign failed"); 921 } 922 }).catch((err: BusinessError) => { 923 console.error('[Promise]finish sign failed'); 924 }) 925 926 /* Signature generated. */ 927 let signRes: Uint8Array = new Uint8Array([ 928 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 929 ]); 930 /* Finish the signature verification operation. */ 931 certManager.finish(cmHandle, signRes).then((cmResult) => { 932 console.log("[Promise]finish verify success"); 933 }).catch((err: BusinessError) => { 934 console.error('[Promise]finish verify failed'); 935 }) 936} catch(error) { 937 console.error("[Promise]certManager finish error"); 938} 939``` 940 941## certManager.abort 942 943abort(handle: Uint8Array, callback: AsyncCallback\<void>) : void 944 945Aborts the signing or signature verification operation. This API uses an asynchronous callback to return the result. 946 947**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 948 949**System capability**: System SystemCapability.Security.CertificateManager 950 951**Parameters** 952 953| Name | Type | Mandatory| Description | 954| -------- | ------------------------------------------------- | ---- | -------------------------- | 955| handle | Uint8Array | Yes | Operation handle returned by **init()**.| 956| callback | AsyncCallback\<void> | Yes | Callback invoked to return the result. If the operation is successful, **error** is **null**.| 957 958**Error codes** 959 960For details about the following error codes, see [Certificate Management Error Codes](../errorcodes/errorcode-certManager.md). 961 962| ID| Error Message | 963| -------- | ------------- | 964| 17500001 | There is an generic error occurred when calling the API. | 965 966**Example** 967```ts 968import certManager from '@ohos.security.certManager'; 969 970/* cmHandle is the value returned by init(). The value here is only an example. */ 971let cmHandle: Uint8Array = new Uint8Array([ 972 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 973]); 974try { 975 certManager.abort(cmHandle, (err, cmResult) => { 976 if (err != null) { 977 console.error("[Callback]certManager abort failed"); 978 } else { 979 console.log("[Callback]certManager abort success"); 980 } 981 }); 982} catch(error) { 983 console.error("[Callback]certManager abort error"); 984} 985``` 986 987## certManager.abort 988 989abort(handle: Uint8Array) : Promise\<void> 990 991Aborts the signing or signature verification operation. This API uses a promise to return the result. 992 993**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 994 995**System capability**: System SystemCapability.Security.CertificateManager 996 997**Parameters** 998 999| Name | Type | Mandatory| Description | 1000| -------- | ------------------------------------------------- | ---- | -------------------------- | 1001| handle | Uint8Array | Yes | Operation handle returned by **init()**.| 1002 1003**Return value** 1004 1005| Type | Description | 1006| ------------------------------------------- | -------------------- | 1007| Promise\<void> | Promise used to return the result.| 1008 1009**Error codes** 1010 1011For details about the following error codes, see [Certificate Management Error Codes](../errorcodes/errorcode-certManager.md). 1012 1013| ID| Error Message | 1014| -------- | ------------- | 1015| 17500001 | There is an generic error occurred when calling the API. | 1016 1017**Example** 1018```ts 1019import certManager from '@ohos.security.certManager'; 1020import { BusinessError } from '@ohos.base'; 1021 1022/* cmHandle is the value returned by init(). The value here is only an example. */ 1023let cmHandle: Uint8Array = new Uint8Array([ 1024 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 1025]); 1026try { 1027 certManager.abort(cmHandle).then((result) => { 1028 console.log('[Promise]abort success'); 1029 }).catch((error: BusinessError) => { 1030 console.error('[Promise]abort failed'); 1031 }) 1032} catch (err) { 1033 console.error("[Promise]certManager abort error"); 1034} 1035``` 1036