1# @ohos.security.huks (HUKS) 2 3The **HUKS** module provides KeyStore (KS) capabilities for applications, including key management and key cryptography operations. 4The keys managed by OpenHarmony Universal KeyStore (HUKS) can be imported by applications or generated by calling the HUKS APIs. 5 6> **NOTE** 7> 8> The initial APIs of this module are supported since API version 8. Newly added APIs will be marked with a superscript to indicate their earliest API version. 9 10## Modules to Import 11 12```ts 13import huks from '@ohos.security.huks' 14``` 15 16## HuksParam 17 18Defines the **param** field in the **properties** array of **options** used in the APIs. 19 20**System capability**: SystemCapability.Security.Huks.Core 21 22| Name| Type | Mandatory| Description | 23| ------ | ----------------------------------- | ---- | ------------ | 24| tag | [HuksTag](#hukstag) | Yes | Tag. | 25| value | boolean\|number\|bigint\|Uint8Array | Yes | Value of the tag.| 26 27## HuksOptions 28 29Defines **options** used in the APIs. 30 31**System capability**: SystemCapability.Security.Huks.Core 32 33| Name | Type | Mandatory| Description | 34| ---------- | ----------------- | ---- | ------------------------ | 35| properties | Array\<[HuksParam](#huksparam)> | No | Properties used to hold the **HuksParam** array.| 36| inData | Uint8Array | No | Input data. | 37 38## HuksSessionHandle<sup>9+</sup> 39 40Defines the HUKS handle struct. 41 42**System capability**: SystemCapability.Security.Huks.Core 43 44| Name | Type | Mandatory| Description | 45| --------- | ---------- | ---- | ---------------------------------------------------- | 46| handle | number | Yes | Value of the handle. | 47| challenge | Uint8Array | No | Challenge obtained after the [initSession](#huksinitsession9) operation.| 48 49## HuksReturnResult<sup>9+</sup> 50 51Defines the **HuksResult** struct. 52 53**System capability**: SystemCapability.Security.Huks.Core 54 55 56 57| Name | Type | Mandatory| Description | 58| ---------- | ------------------------------- | ---- | ---------------- | 59| outData | Uint8Array | No | Output data. | 60| properties | Array\<[HuksParam](#huksparam)> | No | Property information. | 61| certChains | Array\<string> | No | Certificate chain information.| 62 63 64## huks.generateKeyItem<sup>9+</sup> 65 66generateKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<void>) : void 67 68Generates a key. This API uses an asynchronous callback to return the result. 69 70**System capability**: SystemCapability.Security.Huks.Core 71 72**Parameters** 73 74| Name | Type | Mandatory| Description | 75| -------- | --------------------------- | ---- | --------------------------------------------- | 76| keyAlias | string | Yes | Alias of the key. | 77| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key. The algorithm, key purpose, and key length are mandatory.| 78| callback | AsyncCallback\<void> | Yes | Callback invoked to return the result. <br/>If the operation is successful, the API does not return the key content because the key is always protected in a TEE. <br/>If an exception occurs in the generation process, an error is captured. | 79 80**Error codes** 81 82For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 83 84| ID| Error Message | 85| -------- | ------------- | 86| 401 | argument is invalid. | 87| 801 | api is not supported. | 88| 12000001 | algorithm mode is not supported. | 89| 12000002 | algorithm param is missing. | 90| 12000003 | algorithm param is invalid. | 91| 12000004 | operating file failed. | 92| 12000005 | IPC communication failed. | 93| 12000006 | error occured in crypto engine. | 94| 12000012 | external error. | 95| 12000013 | queried credential does not exist. | 96| 12000014 | memory is insufficient. | 97| 12000015 | call service failed. | 98 99**Example** 100 101```ts 102import huks from '@ohos.security.huks'; 103/* Generate a 256-bit ECC key. */ 104class HuksProperties { 105 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 106 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyDigest = huks.HuksKeyAlg.HUKS_ALG_ECC 107} 108let keyAlias: string = 'keyAlias'; 109let properties: HuksProperties[] = [ 110 { 111 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 112 value: huks.HuksKeyAlg.HUKS_ALG_ECC 113 }, 114 { 115 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 116 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 117 }, 118 { 119 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 120 value: 121 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN | 122 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 123 }, 124 { 125 tag: huks.HuksTag.HUKS_TAG_DIGEST, 126 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 127 }, 128]; 129let options: huks.HuksOptions = { 130 properties: properties 131}; 132try { 133 huks.generateKeyItem(keyAlias, options, (error, data) => { 134 if (error) { 135 console.error(`callback: generateKeyItem failed`); 136 } else { 137 console.info(`callback: generateKeyItem key success`); 138 } 139 }); 140} catch (error) { 141 console.error(`callback: generateKeyItem input arg invalid`); 142} 143``` 144 145## huks.generateKeyItem<sup>9+</sup> 146 147generateKeyItem(keyAlias: string, options: HuksOptions) : Promise\<void> 148 149Generates a key. This API uses a promise to return the result. Because the key is always protected in a trusted environment (such as a TEE), the promise does not return the key content. It returns only the information indicating whether the API is successfully called. 150 151**System capability**: SystemCapability.Security.Huks.Extension 152 153**Parameters** 154 155| Name | Type | Mandatory| Description | 156| -------- | --------------------------- | ---- | ------------------------ | 157| keyAlias | string | Yes | Alias of the key. | 158| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key. The algorithm, key purpose, and key length are mandatory.| 159 160**Error codes** 161 162For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 163 164| ID| Error Message | 165| -------- | ------------- | 166| 401 | argument is invalid. | 167| 801 | api is not supported. | 168| 12000001 | algorithm mode is not supported. | 169| 12000002 | algorithm param is missing. | 170| 12000003 | algorithm param is invalid. | 171| 12000004 | operating file failed. | 172| 12000005 | IPC communication failed. | 173| 12000006 | error occured in crypto engine. | 174| 12000012 | external error. | 175| 12000013 | queried credential does not exist. | 176| 12000014 | memory is insufficient. | 177| 12000015 | call service failed. | 178 179**Example** 180 181```ts 182/* Generate a 256-bit ECC key. */ 183import huks from '@ohos.security.huks'; 184import { BusinessError } from '@ohos.base'; 185class HuksProperties { 186 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 187 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyDigest = huks.HuksKeyAlg.HUKS_ALG_ECC 188} 189let keyAlias = 'keyAlias'; 190let properties: HuksProperties[] = [ 191 { 192 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 193 value: huks.HuksKeyAlg.HUKS_ALG_ECC 194 }, 195 { 196 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 197 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 198 }, 199 { 200 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 201 value: 202 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN | 203 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 204 }, 205 { 206 tag: huks.HuksTag.HUKS_TAG_DIGEST, 207 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 208 }, 209]; 210let options: huks.HuksOptions = { 211 properties: properties 212}; 213try { 214 huks.generateKeyItem(keyAlias, options) 215 .then((data) => { 216 console.info(`promise: generateKeyItem success`); 217 }) 218 .catch((error: BusinessError) => { 219 console.error(`promise: generateKeyItem failed`); 220 }); 221} catch (error) { 222 console.error(`promise: generateKeyItem input arg invalid`); 223} 224``` 225 226## huks.deleteKeyItem<sup>9+</sup> 227 228deleteKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<void>) : void 229 230Deletes a key. This API uses an asynchronous callback to return the result. 231 232**System capability**: SystemCapability.Security.Huks.Core 233 234**Parameters** 235 236| Name | Type | Mandatory| Description | 237| -------- | --------------------------- | ---- | --------------------------------------------- | 238| keyAlias | string | Yes | Alias of the key to delete. It must be the key alias passed in when the key was generated. | 239| options | [HuksOptions](#huksoptions) | Yes | Properties of the key to delete, for example, delete all keys or a single key. To delete a single key, leave **properties** empty. | 240| callback | AsyncCallback\<void> | Yes | Callback invoked to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 241 242**Error codes** 243 244For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 245 246| ID| Error Message | 247| -------- | ------------- | 248| 401 | argument is invalid. | 249| 801 | api is not supported. | 250| 12000004 | operating file failed. | 251| 12000005 | IPC communication failed. | 252| 12000011 | queried entity does not exist. | 253| 12000012 | external error. | 254| 12000014 | memory is insufficient. | 255 256**Example** 257 258```ts 259import huks from '@ohos.security.huks'; 260/* Set options to emptyOptions. */ 261let keyAlias = 'keyAlias'; 262let emptyOptions: huks.HuksOptions = { 263 properties: [] 264}; 265try { 266 huks.deleteKeyItem(keyAlias, emptyOptions, (error, data) => { 267 if (error) { 268 console.error(`callback: deleteKeyItem failed`); 269 } else { 270 console.info(`callback: deleteKeyItem key success`); 271 } 272 }); 273} catch (error) { 274 console.error(`callback: deleteKeyItem input arg invalid`); 275} 276``` 277 278## huks.deleteKeyItem<sup>9+</sup> 279 280deleteKeyItem(keyAlias: string, options: HuksOptions) : Promise\<void> 281 282Deletes a key. This API uses a promise to return the result. 283 284**System capability**: SystemCapability.Security.Huks.Extension 285 286**Parameters** 287 288| Name | Type | Mandatory| Description | 289| -------- | --------------------------- | ---- | ----------------------------------- | 290| keyAlias | string | Yes | Alias of the key to delete. It must be the key alias passed in when the key was generated.| 291| options | [HuksOptions](#huksoptions) | Yes | Properties of the key to delete, for example, delete all keys or a single key. To delete a single key, leave **properties** empty. | 292 293**Error codes** 294 295For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 296 297| ID| Error Message | 298| -------- | ------------- | 299| 401 | argument is invalid. | 300| 801 | api is not supported. | 301| 12000004 | operating file failed. | 302| 12000005 | IPC communication failed. | 303| 12000011 | queried entity does not exist. | 304| 12000012 | external error. | 305| 12000014 | memory is insufficient. | 306 307**Example** 308 309```ts 310import huks from '@ohos.security.huks'; 311import { BusinessError } from '@ohos.base'; 312/* Set options to emptyOptions. */ 313let keyAlias = 'keyAlias'; 314let emptyOptions: huks.HuksOptions = { 315 properties: [] 316}; 317try { 318 huks.deleteKeyItem(keyAlias, emptyOptions) 319 .then ((data) => { 320 console.info(`promise: deleteKeyItem key success`); 321 }) 322 .catch((error: BusinessError) => { 323 console.error(`promise: deleteKeyItem failed`); 324 }); 325} catch (error) { 326 console.error(`promise: deleteKeyItem input arg invalid`); 327} 328``` 329 330## huks.getSdkVersion 331 332getSdkVersion(options: HuksOptions) : string 333 334Obtains the SDK version of the current system. 335 336**System capability**: SystemCapability.Security.Huks.Extension 337 338**Parameters** 339 340| Name | Type | Mandatory| Description | 341| ------- | ---------- | ---- | ------------------------- | 342| options | [HuksOptions](#huksoptions) | Yes | Empty object, which is used to hold the SDK version.| 343 344**Return value** 345 346| Type | Description | 347| ------ | ------------- | 348| string | SDK version obtained.| 349 350**Example** 351 352```ts 353import huks from '@ohos.security.huks'; 354/* Set options to emptyOptions. */ 355let emptyOptions: huks.HuksOptions = { 356 properties: [] 357}; 358let result = huks.getSdkVersion(emptyOptions); 359``` 360 361## huks.importKeyItem<sup>9+</sup> 362 363importKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<void>) : void 364 365Imports a key in plaintext. This API uses an asynchronous callback to return the result. 366 367**System capability**: SystemCapability.Security.Huks.Extension 368 369**Parameters** 370 371| Name | Type | Mandatory| Description | 372| -------- | --------------------------- | ---- | --------------------------------------------- | 373| keyAlias | string | Yes | Alias of the key. | 374| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import. The algorithm, key purpose, and key length are mandatory.| 375| callback | AsyncCallback\<void> | Yes | Callback invoked to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 376 377**Error codes** 378 379For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 380 381| ID| Error Message | 382| -------- | ------------- | 383| 401 | argument is invalid. | 384| 801 | api is not supported. | 385| 12000001 | algorithm mode is not supported. | 386| 12000002 | algorithm param is missing. | 387| 12000003 | algorithm param is invalid. | 388| 12000004 | operating file failed. | 389| 12000005 | IPC communication failed. | 390| 12000006 | error occured in crypto engine. | 391| 12000011 | queried entity does not exist. | 392| 12000012 | external error. | 393| 12000013 | queried credential does not exist. | 394| 12000014 | memory is insufficient. | 395| 12000015 | call service failed. | 396 397**Example** 398 399```ts 400import huks from '@ohos.security.huks'; 401/* Import a 256-bit AES key. */ 402class HuksProperties { 403 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 404 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyPadding | 405 huks.HuksCipherMode = huks.HuksKeyAlg.HUKS_ALG_ECC 406} 407let plainTextSize32 = makeRandomArr(32); 408function makeRandomArr(size: number) { 409 let arr = new Uint8Array(size); 410 for (let i = 0; i < size; i++) { 411 arr[i] = Math.floor(Math.random() * 10); 412 } 413 return arr; 414}; 415let keyAlias = 'keyAlias'; 416let properties: HuksProperties[] = [ 417 { 418 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 419 value: huks.HuksKeyAlg.HUKS_ALG_AES 420 }, 421 { 422 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 423 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 424 }, 425 { 426 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 427 value: 428 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 429 }, 430 { 431 tag: huks.HuksTag.HUKS_TAG_PADDING, 432 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 433 }, 434 { 435 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 436 value: huks.HuksCipherMode.HUKS_MODE_ECB 437 } 438]; 439let options: huks.HuksOptions = { 440 properties: properties, 441 inData: plainTextSize32 442}; 443try { 444 huks.importKeyItem(keyAlias, options, (error, data) => { 445 if (error) { 446 console.error(`callback: importKeyItem failed`); 447 } else { 448 console.info(`callback: importKeyItem success`); 449 } 450 }); 451} catch (error) { 452 console.error(`callback: importKeyItem input arg invalid`); 453} 454``` 455 456## huks.importKeyItem<sup>9+</sup> 457 458importKeyItem(keyAlias: string, options: HuksOptions) : Promise\<void> 459 460Imports a key in plaintext. This API uses a promise to return the result. 461 462**System capability**: SystemCapability.Security.Huks.Extension 463 464**Parameters** 465 466| Name | Type | Mandatory| Description | 467| -------- | --------------------------- | ---- | ----------------------------------- | 468| keyAlias | string | Yes | Alias of the key. | 469| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import. The algorithm, key purpose, and key length are mandatory.| 470 471**Error codes** 472 473For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 474 475| ID| Error Message | 476| -------- | ------------- | 477| 401 | argument is invalid. | 478| 801 | api is not supported. | 479| 12000001 | algorithm mode is not supported. | 480| 12000002 | algorithm param is missing. | 481| 12000003 | algorithm param is invalid. | 482| 12000004 | operating file failed. | 483| 12000005 | IPC communication failed. | 484| 12000006 | error occured in crypto engine. | 485| 12000011 | queried entity does not exist. | 486| 12000012 | external error. | 487| 12000013 | queried credential does not exist. | 488| 12000014 | memory is insufficient. | 489| 12000015 | call service failed. | 490 491**Example** 492 493```ts 494import huks from '@ohos.security.huks'; 495import { BusinessError } from '@ohos.base'; 496/* Import an AES key of 128 bits. */ 497class HuksProperties { 498 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 499 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyPadding | 500 huks.HuksCipherMode = huks.HuksKeyAlg.HUKS_ALG_ECC 501} 502let plainTextSize32 = makeRandomArr(32); 503function makeRandomArr(size: number) { 504 let arr = new Uint8Array(size); 505 for (let i = 0; i < size; i++) { 506 arr[i] = Math.floor(Math.random() * 10); 507 } 508 return arr; 509}; 510/* Step 1 Generate a key. */ 511let keyAlias = 'keyAlias'; 512let properties: HuksProperties[] = [ 513 { 514 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 515 value: huks.HuksKeyAlg.HUKS_ALG_AES 516 }, 517 { 518 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 519 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 520 }, 521 { 522 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 523 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 524 }, 525 { 526 tag: huks.HuksTag.HUKS_TAG_PADDING, 527 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 528 }, 529 { 530 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 531 value: huks.HuksCipherMode.HUKS_MODE_ECB 532 } 533]; 534let huksoptions: huks.HuksOptions = { 535 properties: properties, 536 inData: plainTextSize32 537}; 538try { 539 huks.importKeyItem(keyAlias, huksoptions) 540 .then((data) => { 541 console.info(`promise: importKeyItem success`); 542 }) 543 .catch((error: BusinessError) => { 544 console.error(`promise: importKeyItem failed`); 545 }); 546} catch (error) { 547 console.error(`promise: importKeyItem input arg invalid`); 548} 549``` 550 551## huks.attestKeyItem<sup>9+</sup> 552 553attestKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 554 555Attests a key. This API uses an asynchronous callback to return the result. 556 557**Required permissions**: ohos.permission.ATTEST_KEY 558 559**System capability**: SystemCapability.Security.Huks.Extension 560 561**Parameters** 562 563| Name | Type | Mandatory| Description | 564| -------- | ---------------------------------------------------- | ---- | --------------------------------------------- | 565| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key. | 566| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for attesting the key. | 567| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback invoked to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 568 569**Error codes** 570 571For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 572 573| ID| Error Message | 574| -------- | ------------- | 575| 201 | check permission failed. | 576| 401 | argument is invalid. | 577| 801 | api is not supported. | 578| 12000001 | algorithm mode is not supported. | 579| 12000002 | algorithm param is missing. | 580| 12000003 | algorithm param is invalid. | 581| 12000004 | operating file failed. | 582| 12000005 | IPC communication failed. | 583| 12000006 | error occured in crypto engine. | 584| 12000011 | queried entity does not exist. | 585| 12000012 | external error. | 586| 12000014 | memory is insufficient. | 587 588**Example** 589 590```ts 591import huks from '@ohos.security.huks'; 592class HuksProperties { 593 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 594 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyDigest | 595 huks.HuksKeyStorageType | huks.HuksKeyPadding | huks.HuksKeyGenerateType | 596 huks.HuksCipherMode | Uint8Array = huks.HuksKeyAlg.HUKS_ALG_ECC 597} 598let securityLevel = stringToUint8Array('sec_level'); 599let challenge = stringToUint8Array('challenge_data'); 600let versionInfo = stringToUint8Array('version_info'); 601let keyAliasString = "key attest"; 602function stringToUint8Array(str: string) { 603 let arr: number[] = []; 604 for (let i = 0, j = str.length; i < j; ++i) { 605 arr.push(str.charCodeAt(i)); 606 } 607 let tmpUint8Array = new Uint8Array(arr); 608 return tmpUint8Array; 609} 610 611async function generateKeyThenattestKey(alias: string) { 612 let aliasString = keyAliasString; 613 let aliasUint8 = stringToUint8Array(aliasString); 614 let generateProperties: HuksProperties[] = [ 615 { 616 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 617 value: huks.HuksKeyAlg.HUKS_ALG_RSA 618 }, 619 { 620 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 621 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 622 }, 623 { 624 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 625 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 626 }, 627 { 628 tag: huks.HuksTag.HUKS_TAG_DIGEST, 629 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 630 }, 631 { 632 tag: huks.HuksTag.HUKS_TAG_PADDING, 633 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 634 }, 635 { 636 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 637 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 638 }, 639 { 640 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 641 value: huks.HuksCipherMode.HUKS_MODE_ECB 642 } 643 ]; 644 let generateOptions: huks.HuksOptions = { 645 properties: generateProperties 646 }; 647 let attestProperties: HuksProperties[] = [ 648 { 649 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 650 value: securityLevel 651 }, 652 { 653 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 654 value: challenge 655 }, 656 { 657 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 658 value: versionInfo 659 }, 660 { 661 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 662 value: aliasUint8 663 } 664 ]; 665 let attestOptions: huks.HuksOptions = { 666 properties: attestProperties 667 }; 668 try { 669 huks.generateKeyItem(alias, generateOptions, (error, data) => { 670 if (error) { 671 console.error(`callback: generateKeyItem failed`); 672 } else { 673 console.info(`callback: generateKeyItem success`); 674 try { 675 huks.attestKeyItem(aliasString, attestOptions, (error, data) => { 676 if (error) { 677 console.error(`callback: attestKeyItem failed`); 678 } else { 679 console.info(`callback: attestKeyItem success`); 680 } 681 }); 682 } catch (error) { 683 console.error(`callback: attestKeyItem input arg invalid`); 684 } 685 } 686 }); 687 } catch (error) { 688 console.error(`callback: generateKeyItem input arg invalid`); 689 } 690} 691``` 692 693## huks.attestKeyItem<sup>9+</sup> 694 695attestKeyItem(keyAlias: string, options: HuksOptions) : Promise\<HuksReturnResult> 696 697Attests a key. This API uses a promise to return the result. 698 699**Required permissions**: ohos.permission.ATTEST_KEY 700 701**System capability**: SystemCapability.Security.Huks.Extension 702 703**Parameters** 704 705| Name | Type | Mandatory| Description | 706| -------- | --------------------------- | ---- | ------------------------------------ | 707| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key.| 708| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for attesting the key. | 709 710**Return value** 711 712| Type | Description | 713| ---------------------------------------------- | --------------------------------------------- | 714| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 715 716**Error codes** 717 718For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 719 720| ID| Error Message | 721| -------- | ------------- | 722| 201 | check permission failed. | 723| 401 | argument is invalid. | 724| 801 | api is not supported. | 725| 12000001 | algorithm mode is not supported. | 726| 12000002 | algorithm param is missing. | 727| 12000003 | algorithm param is invalid. | 728| 12000004 | operating file failed. | 729| 12000005 | IPC communication failed. | 730| 12000006 | error occured in crypto engine. | 731| 12000011 | queried entity does not exist. | 732| 12000012 | external error. | 733| 12000014 | memory is insufficient. | 734 735**Example** 736 737```ts 738import huks from '@ohos.security.huks'; 739import { BusinessError } from '@ohos.base'; 740class HuksProperties { 741 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 742 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyDigest | 743 huks.HuksKeyStorageType | huks.HuksKeyPadding | huks.HuksKeyGenerateType | 744 huks.HuksCipherMode | Uint8Array = huks.HuksKeyAlg.HUKS_ALG_ECC 745} 746let securityLevel = stringToUint8Array('sec_level'); 747let challenge = stringToUint8Array('challenge_data'); 748let versionInfo = stringToUint8Array('version_info'); 749let keyAliasString = "key attest"; 750function stringToUint8Array(str: string) { 751 let arr: number[] = []; 752 for (let i = 0, j = str.length; i < j; ++i) { 753 arr.push(str.charCodeAt(i)); 754 } 755 let tmpUint8Array = new Uint8Array(arr); 756 return tmpUint8Array; 757} 758async function generateKey(alias: string) { 759 let properties: HuksProperties[] = [ 760 { 761 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 762 value: huks.HuksKeyAlg.HUKS_ALG_RSA 763 }, 764 { 765 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 766 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 767 }, 768 { 769 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 770 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 771 }, 772 { 773 tag: huks.HuksTag.HUKS_TAG_DIGEST, 774 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 775 }, 776 { 777 tag: huks.HuksTag.HUKS_TAG_PADDING, 778 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 779 }, 780 { 781 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 782 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 783 }, 784 { 785 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 786 value: huks.HuksCipherMode.HUKS_MODE_ECB 787 } 788 ]; 789 let options: huks.HuksOptions = { 790 properties: properties 791 }; 792 try { 793 await huks.generateKeyItem(alias, options) 794 .then((data) => { 795 console.info(`promise: generateKeyItem success`); 796 }) 797 .catch((error: BusinessError) => { 798 console.error(`promise: generateKeyItem failed`); 799 }); 800 } catch (error) { 801 console.error(`promise: generateKeyItem input arg invalid`); 802 } 803} 804async function attestKey() { 805 let aliasString = keyAliasString; 806 let aliasUint8 = stringToUint8Array(aliasString); 807 let properties: HuksProperties[] = [ 808 { 809 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 810 value: securityLevel 811 }, 812 { 813 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 814 value: challenge 815 }, 816 { 817 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 818 value: versionInfo 819 }, 820 { 821 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 822 value: aliasUint8 823 } 824 ]; 825 let options: huks.HuksOptions = { 826 properties: properties 827 }; 828 await generateKey(aliasString); 829 try { 830 await huks.attestKeyItem(aliasString, options) 831 .then((data) => { 832 console.info(`promise: attestKeyItem success`); 833 }) 834 .catch((error: BusinessError) => { 835 console.error(`promise: attestKeyItem failed`); 836 }); 837 } catch (error) { 838 console.error(`promise: attestKeyItem input arg invalid`); 839 } 840} 841``` 842 843## huks.anonAttestKeyItem<sup>11+</sup> 844 845anonAttestKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 846 847Performs anonymous attestation of a key. This API uses an asynchronous callback to return the result. 848 849This operation requires Internet access and takes time. 850 851**System capability**: SystemCapability.Security.Huks.Extension 852 853**Parameters** 854 855| Name | Type | Mandatory| Description | 856| -------- | ---------------------------------------------------- | ---- | --------------------------------------------- | 857| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key. | 858| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for the anonymous attestation. | 859| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback invoked to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 860 861**Error codes** 862 863For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 864 865| ID| Error Message | 866| -------- | ------------- | 867| 401 | argument is invalid. | 868| 801 | api is not supported. | 869| 12000001 | algorithm mode is not supported. | 870| 12000002 | algorithm param is missing. | 871| 12000003 | algorithm param is invalid. | 872| 12000004 | operating file failed. | 873| 12000005 | IPC communication failed. | 874| 12000006 | error occured in crypto engine. | 875| 12000011 | queried entity does not exist. | 876| 12000012 | external error. | 877| 12000014 | memory is insufficient. | 878 879**Example** 880 881```ts 882import huks from '@ohos.security.huks'; 883class HuksProperties { 884 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 885 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyDigest | 886 huks.HuksKeyStorageType | huks.HuksKeyPadding | huks.HuksKeyGenerateType | 887 huks.HuksCipherMode | Uint8Array = huks.HuksKeyAlg.HUKS_ALG_ECC 888} 889let securityLevel = stringToUint8Array('sec_level'); 890let challenge = stringToUint8Array('challenge_data'); 891let versionInfo = stringToUint8Array('version_info'); 892let keyAliasString = "key anon attest"; 893function stringToUint8Array(str: string): Uint8Array { 894 let arr: number[] = []; 895 for (let i = 0, j = str.length; i < j; ++i) { 896 arr.push(str.charCodeAt(i)); 897 } 898 let tmpUint8Array = new Uint8Array(arr); 899 return tmpUint8Array; 900} 901 902async function generateKeyThenAttestKey(alias: string): Promise<void> { 903 let aliasString = keyAliasString; 904 let aliasUint8 = stringToUint8Array(aliasString); 905 let generateProperties: HuksProperties[] = [ 906 { 907 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 908 value: huks.HuksKeyAlg.HUKS_ALG_RSA 909 }, 910 { 911 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 912 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 913 }, 914 { 915 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 916 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 917 }, 918 { 919 tag: huks.HuksTag.HUKS_TAG_DIGEST, 920 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 921 }, 922 { 923 tag: huks.HuksTag.HUKS_TAG_PADDING, 924 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 925 }, 926 { 927 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 928 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 929 }, 930 { 931 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 932 value: huks.HuksCipherMode.HUKS_MODE_ECB 933 } 934 ]; 935 let generateOptions: huks.HuksOptions = { 936 properties: generateProperties 937 }; 938 let anonAttestProperties: HuksProperties[] = [ 939 { 940 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 941 value: securityLevel 942 }, 943 { 944 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 945 value: challenge 946 }, 947 { 948 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 949 value: versionInfo 950 }, 951 { 952 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 953 value: aliasUint8 954 } 955 ]; 956 let anonAttestOptions: huks.HuksOptions = { 957 properties: anonAttestProperties 958 }; 959 try { 960 huks.generateKeyItem(alias, generateOptions, (error, data) => { 961 if (error) { 962 console.error(`callback: generateKeyItem failed`); 963 } else { 964 console.info(`callback: generateKeyItem success`); 965 try { 966 huks.anonAttestKeyItem(aliasString, anonAttestOptions, (error, data) => { 967 if (error) { 968 console.error(`callback: anonAttestKeyItem failed`); 969 } else { 970 console.info(`callback: anonAttestKeyItem success`); 971 } 972 }); 973 } catch (error) { 974 console.error(`callback: anonAttestKeyItem input arg invalid`); 975 } 976 } 977 }); 978 } catch (error) { 979 console.error(`callback: generateKeyItem input arg invalid`); 980 } 981} 982``` 983 984## huks.anonAttestKeyItem<sup>11+</sup> 985 986anonAttestKeyItem(keyAlias: string, options: HuksOptions) : Promise\<HuksReturnResult> 987 988Performs anonymous attestation of a key. This API uses a promise to return the result. 989 990This operation requires Internet access and takes time. 991 992**System capability**: SystemCapability.Security.Huks.Extension 993 994**Parameters** 995 996| Name | Type | Mandatory| Description | 997| -------- | --------------------------- | ---- | ------------------------------------ | 998| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key.| 999| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for the anonymous attestation. | 1000 1001**Return value** 1002 1003| Type | Description | 1004| ---------------------------------------------- | --------------------------------------------- | 1005| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 1006 1007**Error codes** 1008 1009For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1010 1011| ID| Error Message | 1012| -------- | ------------- | 1013| 401 | argument is invalid. | 1014| 801 | api is not supported. | 1015| 12000001 | algorithm mode is not supported. | 1016| 12000002 | algorithm param is missing. | 1017| 12000003 | algorithm param is invalid. | 1018| 12000004 | operating file failed. | 1019| 12000005 | IPC communication failed. | 1020| 12000006 | error occured in crypto engine. | 1021| 12000011 | queried entity does not exist. | 1022| 12000012 | external error. | 1023| 12000014 | memory is insufficient. | 1024 1025**Example** 1026 1027```ts 1028import huks from '@ohos.security.huks'; 1029class HuksProperties { 1030 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 1031 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyDigest | 1032 huks.HuksKeyStorageType | huks.HuksKeyPadding | huks.HuksKeyGenerateType | 1033 huks.HuksCipherMode | Uint8Array = huks.HuksKeyAlg.HUKS_ALG_ECC 1034} 1035let securityLevel = stringToUint8Array('sec_level'); 1036let challenge = stringToUint8Array('challenge_data'); 1037let versionInfo = stringToUint8Array('version_info'); 1038let keyAliasString = "key anon attest"; 1039function stringToUint8Array(str: string): Uint8Array { 1040 let arr: number[] = []; 1041 for (let i = 0, j = str.length; i < j; ++i) { 1042 arr.push(str.charCodeAt(i)); 1043 } 1044 let tmpUint8Array = new Uint8Array(arr); 1045 return tmpUint8Array; 1046} 1047async function generateKey(alias: string): Promise<void> { 1048 let properties: HuksProperties[] = [ 1049 { 1050 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 1051 value: huks.HuksKeyAlg.HUKS_ALG_RSA 1052 }, 1053 { 1054 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 1055 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 1056 }, 1057 { 1058 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 1059 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 1060 }, 1061 { 1062 tag: huks.HuksTag.HUKS_TAG_DIGEST, 1063 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 1064 }, 1065 { 1066 tag: huks.HuksTag.HUKS_TAG_PADDING, 1067 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 1068 }, 1069 { 1070 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 1071 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 1072 }, 1073 { 1074 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 1075 value: huks.HuksCipherMode.HUKS_MODE_ECB 1076 } 1077 ]; 1078 let options: huks.HuksOptions = { 1079 properties: properties 1080 }; 1081 try { 1082 let data = await huks.generateKeyItem(alias, options); 1083 } catch (error) { 1084 console.error(`promise: generateKeyItem failed`); 1085 } 1086} 1087async function anonAttestKey(): Promise<void> { 1088 let aliasString = keyAliasString; 1089 let aliasUint8 = stringToUint8Array(aliasString); 1090 let properties: HuksProperties[] = [ 1091 { 1092 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 1093 value: securityLevel 1094 }, 1095 { 1096 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 1097 value: challenge 1098 }, 1099 { 1100 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 1101 value: versionInfo 1102 }, 1103 { 1104 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 1105 value: aliasUint8 1106 } 1107 ]; 1108 let options: huks.HuksOptions = { 1109 properties: properties 1110 }; 1111 await generateKey(aliasString); 1112 try { 1113 let data = await huks.anonAttestKeyItem(aliasString, options); 1114 } catch (error) { 1115 console.error(`promise: anonAttestKeyItem fail`); 1116 } 1117} 1118``` 1119 1120## huks.importWrappedKeyItem<sup>9+</sup> 1121 1122importWrappedKeyItem(keyAlias: string, wrappingKeyAlias: string, options: HuksOptions, callback: AsyncCallback\<void>) : void 1123 1124Imports a wrapped key. This API uses an asynchronous callback to return the result. 1125 1126**System capability**: SystemCapability.Security.Huks.Extension 1127 1128**Parameters** 1129 1130| Name | Type | Mandatory| Description | 1131| ---------------- | --------------------------- | ---- | --------------------------------------------- | 1132| keyAlias | string | Yes | Alias of the key to import. | 1133| wrappingKeyAlias | string | Yes | Alias of the data used to unwrap the key imported. | 1134| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and the wrapped key to import. The algorithm, key purpose, and key length are mandatory.| 1135| callback | AsyncCallback\<void> | Yes | Callback invoked to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 1136 1137**Error codes** 1138 1139For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1140 1141| ID| Error Message | 1142| -------- | ------------- | 1143| 401 | argument is invalid. | 1144| 801 | api is not supported. | 1145| 12000001 | algorithm mode is not supported. | 1146| 12000002 | algorithm param is missing. | 1147| 12000003 | algorithm param is invalid. | 1148| 12000004 | operating file failed. | 1149| 12000005 | IPC communication failed. | 1150| 12000006 | error occured in crypto engine. | 1151| 12000011 | queried entity does not exist. | 1152| 12000012 | external error. | 1153| 12000013 | queried credential does not exist. | 1154| 12000014 | memory is insufficient. | 1155| 12000015 | call service failed. | 1156 1157**Example** 1158 1159```ts 1160import huks from '@ohos.security.huks'; 1161import { BusinessError } from '@ohos.base'; 1162class HuksProperties { 1163 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 1164 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | 1165 huks.HuksKeyDigest | huks.HuksKeyPadding | huks.HuksUnwrapSuite | 1166 huks.HuksCipherMode | huks.HuksImportKeyType = huks.HuksKeyAlg.HUKS_ALG_ECC 1167} 1168let alias1 = "importAlias"; 1169let alias2 = "wrappingKeyAlias"; 1170async function TestGenFunc(alias: string, options: huks.HuksOptions) { 1171 try { 1172 await genKey(alias, options) 1173 .then((data) => { 1174 console.info(`callback: generateKeyItem success`); 1175 }) 1176 .catch((error: BusinessError) => { 1177 console.error(`callback: generateKeyItem failed`); 1178 }); 1179 } catch (error) { 1180 console.error(`callback: generateKeyItem input arg invalid`); 1181 } 1182} 1183function genKey(alias: string, options: huks.HuksOptions) { 1184 return new Promise<void>((resolve, reject) => { 1185 try { 1186 huks.generateKeyItem(alias, options, (error, data) => { 1187 if (error) { 1188 reject(error); 1189 } else { 1190 resolve(data); 1191 } 1192 }); 1193 } catch (error) { 1194 throw (new Error(error)); 1195 } 1196 }); 1197} 1198async function TestExportFunc(alias: string, options: huks.HuksOptions) { 1199 try { 1200 await exportKey(alias, options) 1201 .then((data) => { 1202 console.info(`callback: exportKeyItem success, data = ${JSON.stringify(data)}`); 1203 }) 1204 .catch((error: BusinessError) => { 1205 console.error(`callback: exportKeyItem failed`); 1206 }); 1207 } catch (error) { 1208 console.error(`callback: exportKeyItem input arg invalid`); 1209 } 1210} 1211function exportKey(alias: string, options: huks.HuksOptions) { 1212 return new Promise<huks.HuksReturnResult>((resolve, reject) => { 1213 try { 1214 huks.exportKeyItem(alias, options, (error, data) => { 1215 if (error) { 1216 reject(error); 1217 } else { 1218 resolve(data); 1219 } 1220 }); 1221 } catch (error) { 1222 throw (new Error(error)); 1223 } 1224 }); 1225} 1226async function TestImportWrappedFunc(alias: string, wrappingAlias: string, options: huks.HuksOptions) { 1227 try { 1228 await importWrappedKey(alias, wrappingAlias, options) 1229 .then((data) => { 1230 console.info(`callback: importWrappedKeyItem success`); 1231 }) 1232 .catch((error: BusinessError) => { 1233 console.error(`callback: importWrappedKeyItem failed`); 1234 }); 1235 } catch (error) { 1236 console.error(`callback: importWrappedKeyItem input arg invalid`); 1237 } 1238} 1239function importWrappedKey(alias: string, wrappingAlias: string, options: huks.HuksOptions) { 1240 return new Promise<void>((resolve, reject) => { 1241 try { 1242 huks.importWrappedKeyItem(alias, wrappingAlias, options, (error, data) => { 1243 if (error) { 1244 reject(error); 1245 } else { 1246 resolve(data); 1247 } 1248 }); 1249 } catch (error) { 1250 throw (new Error(error)); 1251 } 1252 }); 1253} 1254async function TestImportWrappedKeyFunc( 1255 alias: string, 1256 wrappingAlias: string, 1257 genOptions: huks.HuksOptions, 1258 importOptions: huks.HuksOptions 1259) { 1260 await TestGenFunc(wrappingAlias, genOptions); 1261 await TestExportFunc(wrappingAlias, genOptions); 1262 1263 /*The following operations do not invoke the HUKS APIs, and the specific implementation is not provided here. 1264 * For example, import **keyA**. 1265 * 1. Use ECC to generate a public and private key pair **keyB**. The public key is **keyB_pub**, and the private key is **keyB_pri**. 1266 * 2. Use **keyB_pri** and the public key obtained from **wrappingAlias** to negotiate the shared key **share_key**. 1267 * 3. Randomly generate a key **kek** and use it to encrypt **keyA** with AES-GCM. During the encryption, record **nonce1**, **aad1**, ciphertext **keyA_enc**, and encrypted **tag1**. 1268 * 4. Use **share_key** to encrypt **kek** with AES-GCM. During the encryption, record **nonce2**, **aad2**, ciphertext **kek_enc**, and encrypted **tag2**. 1269 * 5. Generate the **importOptions.inData** field in the following format: 1270 * keyB_pub length (4 bytes) + keyB_pub + aad2 length (4 bytes) + aad2 + 1271 * nonce2 length (4 bytes) + nonce2 + tag2 length (4 bytes) + tag2 + 1272 * kek_enc length (4 bytes) + kek_enc + aad1 length (4 bytes) + aad1 + 1273 * nonce1 length (4 bytes) + nonce1 + tag1 length (4 bytes) + tag1 + 1274 * Memory occupied by the keyA length (4 bytes) + keyA length + keyA_enc length (4 bytes) + keyA_enc 1275 */ 1276 /* The key data imported may be different from the sample code given below. The data structure is described in the preceding comments. */ 1277 let inputKey = new Uint8Array([0x02, 0x00, 0x00, 0x00]); 1278 importOptions.inData = inputKey; 1279 await TestImportWrappedFunc(alias, wrappingAlias, importOptions); 1280} 1281function makeGenerateOptions() { 1282 let properties: HuksProperties[] = [ 1283 { 1284 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 1285 value: huks.HuksKeyAlg.HUKS_ALG_ECC 1286 }, 1287 { 1288 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 1289 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 1290 }, 1291 { 1292 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 1293 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_UNWRAP 1294 }, 1295 { 1296 tag: huks.HuksTag.HUKS_TAG_DIGEST, 1297 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 1298 }, 1299 { 1300 tag: huks.HuksTag.HUKS_TAG_IMPORT_KEY_TYPE, 1301 value: huks.HuksImportKeyType.HUKS_KEY_TYPE_KEY_PAIR, 1302 } 1303 ]; 1304 let options: huks.HuksOptions = { 1305 properties: properties 1306 }; 1307 return options; 1308}; 1309function makeImportOptions() { 1310 let properties: HuksProperties[] = [ 1311 { 1312 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 1313 value: huks.HuksKeyAlg.HUKS_ALG_AES 1314 }, 1315 { 1316 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 1317 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 1318 }, 1319 { 1320 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 1321 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 1322 }, 1323 { 1324 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 1325 value: huks.HuksCipherMode.HUKS_MODE_CBC 1326 }, 1327 { 1328 tag: huks.HuksTag.HUKS_TAG_PADDING, 1329 value: huks.HuksKeyPadding.HUKS_PADDING_NONE 1330 }, 1331 { 1332 tag: huks.HuksTag.HUKS_TAG_UNWRAP_ALGORITHM_SUITE, 1333 value: huks.HuksUnwrapSuite.HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING 1334 } 1335 ]; 1336 let options: huks.HuksOptions = { 1337 properties: properties 1338 }; 1339 return options; 1340}; 1341function huksImportWrappedKey() { 1342 let genOptions = makeGenerateOptions(); 1343 let importOptions = makeImportOptions(); 1344 TestImportWrappedKeyFunc( 1345 alias1, 1346 alias2, 1347 genOptions, 1348 importOptions 1349 ); 1350} 1351``` 1352 1353## huks.importWrappedKeyItem<sup>9+</sup> 1354 1355importWrappedKeyItem(keyAlias: string, wrappingKeyAlias: string, options: HuksOptions) : Promise\<void> 1356 1357Imports a wrapped key. This API uses a promise to return the result. 1358 1359**System capability**: SystemCapability.Security.Huks.Extension 1360 1361**Parameters** 1362 1363| Name | Type | Mandatory| Description | 1364| ---------------- | --------------------------- | ---- | --------------------------------------------- | 1365| keyAlias | string | Yes | Alias of the wrapped key to import. | 1366| wrappingKeyAlias | string | Yes | Alias of the data used to unwrap the key imported. | 1367| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and the wrapped key to import. The algorithm, key purpose, and key length are mandatory.| 1368 1369**Error codes** 1370 1371For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1372 1373| ID| Error Message | 1374| -------- | ------------- | 1375| 401 | argument is invalid. | 1376| 801 | api is not supported. | 1377| 12000001 | algorithm mode is not supported. | 1378| 12000002 | algorithm param is missing. | 1379| 12000003 | algorithm param is invalid. | 1380| 12000004 | operating file failed. | 1381| 12000005 | IPC communication failed. | 1382| 12000006 | error occured in crypto engine. | 1383| 12000011 | queried entity does not exist. | 1384| 12000012 | external error. | 1385| 12000013 | queried credential does not exist. | 1386| 12000014 | memory is insufficient. | 1387| 12000015 | call service failed. | 1388 1389**Example** 1390 1391```ts 1392import huks from '@ohos.security.huks'; 1393import { BusinessError } from '@ohos.base'; 1394/* The process is similar if a callback is used, except the following: */ 1395/* The key data imported may be different from the sample code given below. The data structure is described in the preceding comments. */ 1396async function TestImportWrappedFunc(alias: string, wrappingAlias: string, options: huks.HuksOptions) { 1397 try { 1398 await huks.importWrappedKeyItem(alias, wrappingAlias, options) 1399 .then ((data) => { 1400 console.info(`promise: importWrappedKeyItem success`); 1401 }) 1402 .catch((error: BusinessError) => { 1403 console.error(`promise: importWrappedKeyItem failed`); 1404 }); 1405 } catch (error) { 1406 console.error(`promise: importWrappedKeyItem input arg invalid`); 1407 } 1408} 1409``` 1410 1411## huks.exportKeyItem<sup>9+</sup> 1412 1413exportKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 1414 1415Exports a key. This API uses an asynchronous callback to return the result. 1416 1417**System capability**: SystemCapability.Security.Huks.Extension 1418 1419**Parameters** 1420 1421| Name | Type | Mandatory| Description | 1422| -------- | ---------------------------------------------------- | ---- | ------------------------------------------------------------ | 1423| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 1424| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 1425| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback invoked to return the result. If the operation is successful, no **err** value is returned and **outData** contains the public key exported. If the operation fails, an error code is returned.| 1426 1427**Error codes** 1428 1429For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1430 1431| ID| Error Message | 1432| -------- | ------------- | 1433| 401 | argument is invalid. | 1434| 801 | api is not supported. | 1435| 12000001 | algorithm mode is not supported. | 1436| 12000002 | algorithm param is missing. | 1437| 12000003 | algorithm param is invalid. | 1438| 12000004 | operating file failed. | 1439| 12000005 | IPC communication failed. | 1440| 12000006 | error occured in crypto engine. | 1441| 12000011 | queried entity does not exist. | 1442| 12000012 | external error. | 1443| 12000014 | memory is insufficient. | 1444 1445**Example** 1446 1447```ts 1448import huks from '@ohos.security.huks'; 1449/* Set options to emptyOptions. */ 1450let keyAlias = 'keyAlias'; 1451let emptyOptions: huks.HuksOptions = { 1452 properties: [] 1453}; 1454try { 1455 huks.exportKeyItem(keyAlias, emptyOptions, (error, data) => { 1456 if (error) { 1457 console.error(`callback: exportKeyItem failed`); 1458 } else { 1459 console.info(`callback: exportKeyItem success, data = ${JSON.stringify(data)}`); 1460 } 1461 }); 1462} catch (error) { 1463 console.error(`callback: exportKeyItem input arg invalid`); 1464} 1465``` 1466 1467## huks.exportKeyItem<sup>9+</sup> 1468 1469exportKeyItem(keyAlias: string, options: HuksOptions) : Promise\<HuksReturnResult> 1470 1471Exports a key. This API uses a promise to return the result. 1472 1473**System capability**: SystemCapability.Security.Huks.Extension 1474 1475**Parameters** 1476 1477| Name | Type | Mandatory| Description | 1478| -------- | --------------------------- | ---- | -------------------------------------------- | 1479| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.| 1480| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 1481 1482**Return value** 1483 1484| Type | Description | 1485| ---------------------------------------------- | ------------------------------------------------------------ | 1486| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, no **err** value is returned and **outData** contains the public key exported. If the operation fails, an error code is returned. | 1487 1488**Error codes** 1489 1490For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1491 1492| ID| Error Message | 1493| -------- | ------------- | 1494| 401 | argument is invalid. | 1495| 801 | api is not supported. | 1496| 12000001 | algorithm mode is not supported. | 1497| 12000002 | algorithm param is missing. | 1498| 12000003 | algorithm param is invalid. | 1499| 12000004 | operating file failed. | 1500| 12000005 | IPC communication failed. | 1501| 12000006 | error occured in crypto engine. | 1502| 12000011 | queried entity does not exist. | 1503| 12000012 | external error. | 1504| 12000014 | memory is insufficient. | 1505 1506**Example** 1507 1508```ts 1509import huks from '@ohos.security.huks'; 1510import { BusinessError } from '@ohos.base'; 1511/* Set options to emptyOptions. */ 1512let keyAlias = 'keyAlias'; 1513let emptyOptions: huks.HuksOptions = { 1514 properties: [] 1515}; 1516try { 1517 huks.exportKeyItem(keyAlias, emptyOptions) 1518 .then ((data) => { 1519 console.info(`promise: exportKeyItem success, data = ${JSON.stringify(data)}`); 1520 }) 1521 .catch((error: BusinessError) => { 1522 console.error(`promise: exportKeyItem failed`); 1523 }); 1524} catch (error) { 1525 console.error(`promise: exportKeyItem input arg invalid`); 1526} 1527``` 1528 1529## huks.getKeyItemProperties<sup>9+</sup> 1530 1531getKeyItemProperties(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 1532 1533Obtains key properties. This API uses an asynchronous callback to return the result. 1534 1535**System capability**: SystemCapability.Security.Huks.Extension 1536 1537**Parameters** 1538 1539| Name | Type | Mandatory| Description | 1540| -------- | ---------------------------------------------------- | ---- | ------------------------------------------------------------ | 1541| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 1542| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 1543| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback invoked to return the result. If the operation is successful, no **err** value is returned and **properties** contains the parameters required for generating the key. If the operation fails, an error code is returned.| 1544 1545**Error codes** 1546 1547For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1548 1549| ID| Error Message | 1550| -------- | ------------- | 1551| 401 | argument is invalid. | 1552| 801 | api is not supported. | 1553| 12000001 | algorithm mode is not supported. | 1554| 12000002 | algorithm param is missing. | 1555| 12000003 | algorithm param is invalid. | 1556| 12000004 | operating file failed. | 1557| 12000005 | IPC communication failed. | 1558| 12000006 | error occured in crypto engine. | 1559| 12000011 | queried entity does not exist. | 1560| 12000012 | external error. | 1561| 12000014 | memory is insufficient. | 1562 1563**Example** 1564 1565```ts 1566import huks from '@ohos.security.huks'; 1567/* Set options to emptyOptions. */ 1568let keyAlias = 'keyAlias'; 1569let emptyOptions: huks.HuksOptions = { 1570 properties: [] 1571}; 1572try { 1573 huks.getKeyItemProperties(keyAlias, emptyOptions, (error, data) => { 1574 if (error) { 1575 console.error(`callback: getKeyItemProperties failed`); 1576 } else { 1577 console.info(`callback: getKeyItemProperties success, data = ${JSON.stringify(data)}`); 1578 } 1579 }); 1580} catch (error) { 1581 console.error(`callback: getKeyItemProperties input arg invalid`); 1582} 1583``` 1584 1585## huks.getKeyItemProperties<sup>9+</sup> 1586 1587getKeyItemProperties(keyAlias: string, options: HuksOptions) : Promise\<HuksReturnResult> 1588 1589Obtains key properties. This API uses a promise to return the result. 1590 1591**System capability**: SystemCapability.Security.Huks.Extension 1592 1593**Parameters** 1594 1595| Name | Type | Mandatory| Description | 1596| -------- | --------------------------- | ---- | -------------------------------------------- | 1597| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.| 1598| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 1599 1600**Return value** 1601 1602| Type | Description | 1603| ----------------------------------------------- | ------------------------------------------------------------ | 1604| Promise\<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, no **err** value is returned and **properties** contains the parameters required for generating the key. If the operation fails, an error code is returned. | 1605 1606**Error codes** 1607 1608For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1609 1610| ID| Error Message | 1611| -------- | ------------- | 1612| 401 | argument is invalid. | 1613| 801 | api is not supported. | 1614| 12000001 | algorithm mode is not supported. | 1615| 12000002 | algorithm param is missing. | 1616| 12000003 | algorithm param is invalid. | 1617| 12000004 | operating file failed. | 1618| 12000005 | IPC communication failed. | 1619| 12000006 | error occured in crypto engine. | 1620| 12000011 | queried entity does not exist. | 1621| 12000012 | external error. | 1622| 12000014 | memory is insufficient. | 1623 1624**Example** 1625 1626```ts 1627import huks from '@ohos.security.huks'; 1628import { BusinessError } from '@ohos.base'; 1629/* Set options to emptyOptions. */ 1630let keyAlias = 'keyAlias'; 1631let emptyOptions: huks.HuksOptions = { 1632 properties: [] 1633}; 1634try { 1635 huks.getKeyItemProperties(keyAlias, emptyOptions) 1636 .then ((data) => { 1637 console.info(`promise: getKeyItemProperties success, data = ${JSON.stringify(data)}`); 1638 }) 1639 .catch((error: BusinessError) => { 1640 console.error(`promise: getKeyItemProperties failed`); 1641 }); 1642} catch (error) { 1643 console.error(`promise: getKeyItemProperties input arg invalid`); 1644} 1645``` 1646 1647## huks.isKeyItemExist<sup>9+</sup> 1648 1649isKeyItemExist(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<boolean>) : void 1650 1651Checks whether a key exists. This API uses an asynchronous callback to return the result. 1652 1653**System capability**: SystemCapability.Security.Huks.Core 1654 1655**Parameters** 1656 1657| Name | Type | Mandatory| Description | 1658| -------- | --------------------------- | ---- |--------------------------------------------------------| 1659| keyAlias | string | Yes | Alias of the key to check. | 1660| options | [HuksOptions](#huksoptions) | Yes | Properties of the key to check, for example, check all keys or a single key. To check a single key, leave **properties** empty. | 1661| callback | AsyncCallback\<boolean> | Yes | Callback invoked to return the result. If the key exists, **data** is **true**. If the key does not exist, **error** is the error code.| 1662 1663**Error codes** 1664 1665For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1666 1667| ID| Error Message | 1668| -------- | ------------- | 1669| 401 | argument is invalid. | 1670| 801 | api is not supported. | 1671| 12000002 | algorithm param is missing. | 1672| 12000003 | algorithm param is invalid. | 1673| 12000004 | operating file failed. | 1674| 12000005 | IPC communication failed. | 1675| 12000006 | error occured in crypto engine. | 1676| 12000012 | external error. | 1677| 12000014 | memory is insufficient. | 1678 1679**Example** 1680 1681```ts 1682import huks from '@ohos.security.huks'; 1683import promptAction from '@ohos.promptAction'; 1684/* Set options to emptyOptions. */ 1685let keyAlias = 'keyAlias'; 1686let emptyOptions: huks.HuksOptions = { 1687 properties: [] 1688}; 1689huks.isKeyItemExist(keyAlias, emptyOptions, (error, data) => { 1690 if (data) { 1691 promptAction.showToast({ 1692 message: "keyAlias: " + keyAlias +"is existed! ", 1693 duration: 2500, 1694 }) 1695 } else { 1696 promptAction.showToast({ 1697 message: "find key failed", 1698 duration: 2500, 1699 }) 1700 } 1701}); 1702``` 1703 1704## huks.isKeyItemExist<sup>9+</sup> 1705 1706isKeyItemExist(keyAlias: string, options: HuksOptions) : Promise\<boolean> 1707 1708Checks whether a key exists. This API uses a promise to return the result. 1709 1710**System capability**: SystemCapability.Security.Huks.Extension 1711 1712**Parameters** 1713 1714| Name | Type | Mandatory| Description | 1715| -------- | --------------------------- | ---- | ------------------------ | 1716| keyAlias | string | Yes | Alias of the key to check. | 1717| options | [HuksOptions](#huksoptions) | Yes | Properties of the key to check, for example, check all keys or a single key. To check a single key, leave **properties** empty.| 1718 1719**Return value** 1720 1721| Type | Description | 1722| ----------------- | --------------------------------------- | 1723| Promise\<boolean> | Promise used to return the result. If the key exists, then() performs subsequent operations. If the key does not exist, error() performs the related service operations.| 1724 1725**Error codes** 1726 1727For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1728 1729| ID| Error Message | 1730| -------- | ------------- | 1731| 401 | argument is invalid. | 1732| 801 | api is not supported. | 1733| 12000002 | algorithm param is missing. | 1734| 12000003 | algorithm param is invalid. | 1735| 12000004 | operating file failed. | 1736| 12000005 | IPC communication failed. | 1737| 12000006 | error occured in crypto engine. | 1738| 12000012 | external error. | 1739| 12000014 | memory is insufficient. | 1740 1741**Example** 1742 1743```ts 1744import huks from '@ohos.security.huks'; 1745import { BusinessError } from '@ohos.base'; 1746import promptAction from '@ohos.promptAction'; 1747 1748/* Set options to emptyOptions. */ 1749let keyAlias = 'keyAlias'; 1750let emptyOptions: huks.HuksOptions = { 1751 properties: [] 1752}; 1753huks.isKeyItemExist(keyAlias, emptyOptions).then((data) => { 1754 promptAction.showToast({ 1755 message: "keyAlias: " + keyAlias +"is existed! ", 1756 duration: 500, 1757 }) 1758}).catch((error: BusinessError)=>{ 1759 promptAction.showToast({ 1760 message: "find key failed", 1761 duration: 6500, 1762 }) 1763}) 1764``` 1765 1766## huks.hasKeyItem<sup>11+</sup> 1767 1768hasKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<boolean>) : void 1769 1770Checks whether a key exists. This API uses an asynchronous callback to return the result. 1771 1772**System capability**: SystemCapability.Security.Huks.Core 1773 1774**Parameters** 1775 1776| Name | Type | Mandatory| Description | 1777| -------- | --------------------------- | ---- |--------------------------------------------------------| 1778| keyAlias | string | Yes | Alias of the key to check. | 1779| options | [HuksOptions](#huksoptions) | Yes | Property tag of the key, for example, **HuksAuthStorageLevel**, which specifies the storage security level of the key. This parameter can be left empty. | 1780| callback | AsyncCallback\<boolean> | Yes | Callback invoked to return the result. If the key exists, **data** is **true**. Otherwise, **data** is **false**.| 1781 1782**Error codes** 1783 1784For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1785 1786| ID| Error Message | 1787| -------- | ------------- | 1788| 401 | argument is invalid. | 1789| 801 | api is not supported. | 1790| 12000002 | algorithm param is missing. | 1791| 12000003 | algorithm param is invalid. | 1792| 12000004 | operating file failed. | 1793| 12000005 | IPC communication failed. | 1794| 12000006 | error occured in crypto engine. | 1795| 12000012 | external error. | 1796| 12000014 | memory is insufficient. | 1797 1798**Example** 1799 1800```ts 1801import huks from '@ohos.security.huks'; 1802import promptAction from '@ohos.promptAction'; 1803/* Set options to emptyOptions. */ 1804let keyAlias = 'keyAlias'; 1805let emptyOptions: huks.HuksOptions = { 1806 properties: [] 1807}; 1808 1809try { 1810 huks.hasKeyItem(keyAlias, emptyOptions, (error, data) => { 1811 if (data) { 1812 promptAction.showToast({ 1813 message: "keyAlias: " + keyAlias +" is existed!", 1814 duration: 2500, 1815 }) 1816 } else { 1817 promptAction.showToast({ 1818 message: "find key failed", 1819 duration: 2500, 1820 }) 1821 } 1822 }); 1823} catch (error) { 1824 console.error(`callback: hasKeyItem input args may be invalid`); 1825} 1826``` 1827 1828## huks.hasKeyItem<sup>11+</sup> 1829 1830hasKeyItem(keyAlias: string, options: HuksOptions) : Promise\<boolean> 1831 1832Checks whether a key exists. This API uses a promise to return the result. 1833 1834**System capability**: SystemCapability.Security.Huks.Extension 1835 1836**Parameters** 1837 1838| Name | Type | Mandatory| Description | 1839| -------- | --------------------------- | ---- | ------------------------ | 1840| keyAlias | string | Yes | Alias of the key to check. | 1841| options | [HuksOptions](#huksoptions) | Yes | Property tag of the key, for example, **HuksAuthStorageLevel**, which specifies the storage security level of the key. This parameter can be left empty. | 1842 1843**Return value** 1844 1845| Type | Description | 1846| ----------------- | --------------------------------------- | 1847| Promise\<boolean> | Promise used to return the result. If the key exists, **true** is returned. If the key does not exist, **false** is returned.| 1848 1849**Error codes** 1850 1851For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1852 1853| ID| Error Message | 1854| -------- | ------------- | 1855| 401 | argument is invalid. | 1856| 801 | api is not supported. | 1857| 12000002 | algorithm param is missing. | 1858| 12000003 | algorithm param is invalid. | 1859| 12000004 | operating file failed. | 1860| 12000005 | IPC communication failed. | 1861| 12000006 | error occured in crypto engine. | 1862| 12000012 | external error. | 1863| 12000014 | memory is insufficient. | 1864 1865**Example** 1866 1867```ts 1868import huks from '@ohos.security.huks'; 1869import { BusinessError } from '@ohos.base'; 1870import promptAction from '@ohos.promptAction'; 1871 1872/* Set options to emptyOptions. */ 1873let keyAlias = 'keyAlias'; 1874let emptyOptions: huks.HuksOptions = { 1875 properties: [] 1876}; 1877huks.hasKeyItem(keyAlias, emptyOptions).then((data) => { 1878 if (data) { 1879 promptAction.showToast({ 1880 message: "keyAlias: " + keyAlias +" is existed!", 1881 duration: 2500, 1882 }) 1883 } else { 1884 promptAction.showToast({ 1885 message: "find key failed", 1886 duration: 2500, 1887 }) 1888 } 1889}).catch((error: BusinessError)=>{ 1890 promptAction.showToast({ 1891 message: "find key failed", 1892 duration: 6500, 1893 }) 1894}) 1895``` 1896 1897## huks.initSession<sup>9+</sup> 1898 1899initSession(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksSessionHandle>) : void 1900 1901Initializes a session for a key operation. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1902 1903**System capability**: SystemCapability.Security.Huks.Core 1904 1905**Parameters** 1906 1907| Name | Type | Mandatory| Description | 1908| -------- | ------------------------------------------------------- | ---- | ---------------------------------------------------- | 1909| keyAlias | string | Yes | Alias of the key involved in the **initSession** operation. | 1910| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **initSession** operation. | 1911| callback | AsyncCallback\<[HuksSessionHandle](#hukssessionhandle9)> | Yes | Callback invoked to return a session handle for subsequent operations.| 1912 1913**Error codes** 1914 1915For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1916 1917| ID| Error Message | 1918| -------- | ------------- | 1919| 401 | argument is invalid. | 1920| 801 | api is not supported. | 1921| 12000001 | algorithm mode is not supported. | 1922| 12000002 | algorithm param is missing. | 1923| 12000003 | algorithm param is invalid. | 1924| 12000004 | operating file failed. | 1925| 12000005 | IPC communication failed. | 1926| 12000006 | error occured in crypto engine. | 1927| 12000010 | the number of sessions has reached limit. | 1928| 12000011 | queried entity does not exist. | 1929| 12000012 | external error. | 1930| 12000014 | memory is insufficient. | 1931 1932## huks.initSession<sup>9+</sup> 1933 1934initSession(keyAlias: string, options: HuksOptions) : Promise\<HuksSessionHandle> 1935 1936Initializes a session for a key operation. This API uses a promise to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1937 1938**System capability**: SystemCapability.Security.Huks.Extension 1939 1940**Parameters** 1941 1942| Name | Type | Mandatory| Description | 1943| -------- | ------------------------------------------------- | ---- | ------------------------------------------------ | 1944| keyAlias | string | Yes | Alias of the key involved in the **initSession** operation. | 1945| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **initSession** operation. | 1946 1947**Return value** 1948 1949| Type | Description | 1950| ----------------------------------- | -------------------------------------------------- | 1951| Promise\<[HuksSessionHandle](#hukssessionhandle9)> | Promise used to return a session handle for subsequent operations.| 1952 1953**Error codes** 1954 1955For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1956 1957| ID| Error Message | 1958| -------- | ------------- | 1959| 401 | argument is invalid. | 1960| 801 | api is not supported. | 1961| 12000001 | algorithm mode is not supported. | 1962| 12000002 | algorithm param is missing. | 1963| 12000003 | algorithm param is invalid. | 1964| 12000004 | operating file failed. | 1965| 12000005 | IPC communication failed. | 1966| 12000006 | error occured in crypto engine. | 1967| 12000010 | the number of sessions has reached limit. | 1968| 12000011 | queried entity does not exist. | 1969| 12000012 | external error. | 1970| 12000014 | memory is insufficient. | 1971 1972## huks.updateSession<sup>9+</sup> 1973 1974updateSession(handle: number, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 1975 1976Updates the key operation by segment. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1977 1978**System capability**: SystemCapability.Security.Huks.Core 1979 1980**Parameters** 1981 1982| Name | Type | Mandatory| Description | 1983| -------- | ---------------------------------------------------- | ---- | -------------------------------------------- | 1984| handle | number | Yes | Handle for the **updateSession** operation. | 1985| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **updateSession** operation. | 1986| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback invoked to return the **updateSession** operation result.| 1987 1988**Error codes** 1989 1990For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 1991 1992| ID| Error Message | 1993| -------- | ------------- | 1994| 401 | argument is invalid. | 1995| 801 | api is not supported. | 1996| 12000001 | algorithm mode is not supported. | 1997| 12000002 | algorithm param is missing. | 1998| 12000003 | algorithm param is invalid. | 1999| 12000004 | operating file failed. | 2000| 12000005 | IPC communication failed. | 2001| 12000006 | error occured in crypto engine. | 2002| 12000007 | this credential is already invalidated permanently. | 2003| 12000008 | verify authtoken failed. | 2004| 12000009 | authtoken is already timeout. | 2005| 12000011 | queried entity does not exist. | 2006| 12000012 | external error. | 2007| 12000014 | memory is insufficient. | 2008 2009## huks.updateSession<sup>9+</sup> 2010 2011updateSession(handle: number, options: HuksOptions, token: Uint8Array, callback: AsyncCallback\<HuksReturnResult>) : void 2012 2013Updates the key operation by segment. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 2014 2015**System capability**: SystemCapability.Security.Huks.Extension 2016 2017**Parameters** 2018 2019| Name | Type | Mandatory| Description | 2020| -------- | ---------------------------------------------------- | ---- | -------------------------------------------- | 2021| handle | number | Yes | Handle for the **updateSession** operation. | 2022| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **updateSession** operation. | 2023| token | Uint8Array | Yes | Token of the **updateSession** operation. | 2024| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback invoked to return the **updateSession** operation result.| 2025 2026**Error codes** 2027 2028For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 2029 2030| ID| Error Message | 2031| -------- | ------------- | 2032| 401 | argument is invalid. | 2033| 801 | api is not supported. | 2034| 12000001 | algorithm mode is not supported. | 2035| 12000002 | algorithm param is missing. | 2036| 12000003 | algorithm param is invalid. | 2037| 12000004 | operating file failed. | 2038| 12000005 | IPC communication failed. | 2039| 12000006 | error occured in crypto engine. | 2040| 12000007 | this credential is already invalidated permanently. | 2041| 12000008 | verify authtoken failed. | 2042| 12000009 | authtoken is already timeout. | 2043| 12000011 | queried entity does not exist. | 2044| 12000012 | external error. | 2045| 12000014 | memory is insufficient. | 2046 2047## huks.updateSession<sup>9+</sup> 2048 2049updateSession(handle: number, options: HuksOptions, token?: Uint8Array) : Promise\<HuksReturnResult> 2050 2051Updates the key operation by segment. This API uses a promise to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 2052 2053**System capability**: SystemCapability.Security.Huks.Extension 2054 2055**Parameters** 2056 2057| Name | Type | Mandatory| Description | 2058| ------- | ---------------------------------------------- | ---- | -------------------------------------------- | 2059| handle | number | Yes | Handle for the **updateSession** operation. | 2060| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **updateSession** operation. | 2061| token | Uint8Array | No | Token of the **updateSession** operation. | 2062 2063**Return value** 2064 2065| Type | Description | 2066| ----------------------------------- | -------------------------------------------------- | 2067| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the **updateSession** operation result.| 2068 2069**Error codes** 2070 2071For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 2072 2073| ID| Error Message | 2074| -------- | ------------- | 2075| 401 | argument is invalid. | 2076| 801 | api is not supported. | 2077| 12000001 | algorithm mode is not supported. | 2078| 12000002 | algorithm param is missing. | 2079| 12000003 | algorithm param is invalid. | 2080| 12000004 | operating file failed. | 2081| 12000005 | IPC communication failed. | 2082| 12000006 | error occured in crypto engine. | 2083| 12000007 | this credential is already invalidated permanently. | 2084| 12000008 | verify authtoken failed. | 2085| 12000009 | authtoken is already timeout. | 2086| 12000011 | queried entity does not exist. | 2087| 12000012 | external error. | 2088| 12000014 | memory is insufficient. | 2089 2090## huks.finishSession<sup>9+</sup> 2091 2092finishSession(handle: number, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 2093 2094Finishes the key operation. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 2095 2096**System capability**: SystemCapability.Security.Huks.Core 2097 2098**Parameters** 2099 2100| Name | Type | Mandatory| Description | 2101| -------- | ---------------------------------------------------- | ---- | -------------------------------------------- | 2102| handle | number | Yes | Handle for the **finishSession** operation. | 2103| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finishSession** operation. | 2104| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback invoked to return the **finishSession** operation result.| 2105 2106**Error codes** 2107 2108For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 2109 2110| ID| Error Message | 2111| -------- | ------------- | 2112| 401 | argument is invalid. | 2113| 801 | api is not supported. | 2114| 12000001 | algorithm mode is not supported. | 2115| 12000002 | algorithm param is missing. | 2116| 12000003 | algorithm param is invalid. | 2117| 12000004 | operating file failed. | 2118| 12000005 | IPC communication failed. | 2119| 12000006 | error occured in crypto engine. | 2120| 12000007 | this credential is already invalidated permanently. | 2121| 12000008 | verify authtoken failed. | 2122| 12000009 | authtoken is already timeout. | 2123| 12000011 | queried entity does not exist. | 2124| 12000012 | external error. | 2125| 12000014 | memory is insufficient. | 2126 2127## huks.finishSession<sup>9+</sup> 2128 2129finishSession(handle: number, options: HuksOptions, token: Uint8Array, callback: AsyncCallback\<HuksReturnResult>) : void 2130 2131Finishes the key operation. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 2132 2133**System capability**: SystemCapability.Security.Huks.Extension 2134 2135**Parameters** 2136 2137| Name | Type | Mandatory| Description | 2138| -------- | ----------------------------------------------------- | ---- | -------------------------------------------- | 2139| handle | number | Yes | Handle for the **finishSession** operation. | 2140| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finishSession** operation. | 2141| token | Uint8Array | Yes | Token of the **finishSession** operation. | 2142| callback | AsyncCallback\<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback invoked to return the **finishSession** operation result.| 2143 2144**Error codes** 2145 2146For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 2147 2148| ID| Error Message | 2149| -------- | ------------- | 2150| 401 | argument is invalid. | 2151| 801 | api is not supported. | 2152| 12000001 | algorithm mode is not supported. | 2153| 12000002 | algorithm param is missing. | 2154| 12000003 | algorithm param is invalid. | 2155| 12000004 | operating file failed. | 2156| 12000005 | IPC communication failed. | 2157| 12000006 | error occured in crypto engine. | 2158| 12000007 | this credential is already invalidated permanently. | 2159| 12000008 | verify authtoken failed. | 2160| 12000009 | authtoken is already timeout. | 2161| 12000011 | queried entity does not exist. | 2162| 12000012 | external error. | 2163| 12000014 | memory is insufficient. | 2164 2165## huks.finishSession<sup>9+</sup> 2166 2167finishSession(handle: number, options: HuksOptions, token?: Uint8Array) : Promise\<HuksReturnResult> 2168 2169Finishes the key operation. This API uses a promise to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 2170 2171**System capability**: SystemCapability.Security.Huks.Extension 2172 2173**Parameters** 2174 2175| Name | Type | Mandatory| Description | 2176| ------- | ----------------------------------------------- | ---- | ----------------------------------- | 2177| handle | number | Yes | Handle for the **finishSession** operation. | 2178| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finishSession** operation. | 2179| token | Uint8Array | No | Token of the **finishSession** operation. | 2180 2181**Return value** 2182 2183| Type | Description | 2184| ----------------------------------- | -------------------------------------------------- | 2185| Promise\<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result.| 2186 2187**Error codes** 2188 2189For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 2190 2191| ID| Error Message | 2192| -------- | ------------- | 2193| 401 | argument is invalid. | 2194| 801 | api is not supported. | 2195| 12000001 | algorithm mode is not supported. | 2196| 12000002 | algorithm param is missing. | 2197| 12000003 | algorithm param is invalid. | 2198| 12000004 | operating file failed. | 2199| 12000005 | IPC communication failed. | 2200| 12000006 | error occured in crypto engine. | 2201| 12000007 | this credential is already invalidated permanently. | 2202| 12000008 | verify authtoken failed. | 2203| 12000009 | authtoken is already timeout. | 2204| 12000011 | queried entity does not exist. | 2205| 12000012 | external error. | 2206| 12000014 | memory is insufficient. | 2207 2208## huks.abortSession<sup>9+</sup> 2209 2210abortSession(handle: number, options: HuksOptions, callback: AsyncCallback\<void>) : void 2211 2212Aborts a key operation. This API uses an asynchronous callback to return the result. 2213 2214**System capability**: SystemCapability.Security.Huks.Core 2215 2216**Parameters** 2217 2218| Name | Type | Mandatory| Description | 2219| -------- | --------------------------- | ---- | ------------------------------------------- | 2220| handle | number | Yes | Handle for the **abortSession** operation. | 2221| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abortSession** operation. | 2222| callback | AsyncCallback\<void> | Yes | Callback invoked to return the **abortSession** operation result.| 2223 2224**Error codes** 2225 2226For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 2227 2228| ID| Error Message | 2229| -------- | ------------- | 2230| 401 | argument is invalid. | 2231| 801 | api is not supported. | 2232| 12000004 | operating file failed. | 2233| 12000005 | IPC communication failed. | 2234| 12000006 | error occured in crypto engine. | 2235| 12000012 | external error. | 2236| 12000014 | memory is insufficient. | 2237 2238**Example** 2239 2240```ts 2241import huks from '@ohos.security.huks'; 2242/* huks.initSession, huks.updateSession, and huks.finishSession must be used together. 2243 * If an error occurs in any of huks.initSession, huks.updateSession, 2244 * and huks.finishSession operations, 2245 * call huks.abortSession to terminate the use of the key. 2246 * 2247 * The following uses a 2048-bit RSA key as an example. The callback-based APIs are used. 2248 */ 2249class HuksProperties { 2250 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 2251 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | huks.HuksKeyDigest | 2252 huks.HuksKeyPadding | huks.HuksCipherMode = huks.HuksKeyAlg.HUKS_ALG_ECC 2253} 2254let keyAlias = "HuksDemoRSA"; 2255let properties: HuksProperties[] = [] 2256let options: huks.HuksOptions = { 2257 properties: properties, 2258 inData: new Uint8Array(0) 2259}; 2260let handle: number = 0; 2261async function huksAbort() { 2262 properties[0] = { 2263 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 2264 value: huks.HuksKeyAlg.HUKS_ALG_RSA 2265 }; 2266 properties[1] = { 2267 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 2268 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 2269 }; 2270 properties[2] = { 2271 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 2272 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 2273 }; 2274 properties[3] = { 2275 tag: huks.HuksTag.HUKS_TAG_PADDING, 2276 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5 2277 }; 2278 properties[4] = { 2279 tag: huks.HuksTag.HUKS_TAG_DIGEST, 2280 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 2281 }; 2282 properties[5] = { 2283 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 2284 value: huks.HuksCipherMode.HUKS_MODE_ECB, 2285 } 2286 try { 2287 huks.generateKeyItem(keyAlias, options, (error, data) => { 2288 if (error) { 2289 console.error(`callback: generateKeyItem failed`); 2290 } else { 2291 console.info(`callback: generateKeyItem success`); 2292 huks.initSession(keyAlias, options, (error, data) => {// Use abortSession to abort initSession. 2293 if (error) { 2294 console.error(`callback: initSession failed`); 2295 } else { 2296 console.info(`callback: initSession success, data = ${JSON.stringify(data)}`); 2297 handle = data.handle; 2298 huks.abortSession(handle, options, (error, data) => { 2299 if (error) { 2300 console.error(`callback: abortSession failed`); 2301 } else { 2302 console.info(`callback: abortSession success`); 2303 } 2304 }); 2305 } 2306 }); 2307 } 2308 }); 2309 } catch (error) { 2310 console.error(`callback: huksAbort failed`); 2311 } 2312} 2313``` 2314 2315## huks.abortSession<sup>9+</sup> 2316 2317abortSession(handle: number, options: HuksOptions) : Promise\<void>; 2318 2319Aborts a key operation. This API uses a promise to return the result. 2320 2321**System capability**: SystemCapability.Security.Huks.Extension 2322 2323**Parameters** 2324 2325| Name | Type | Mandatory| Description | 2326| ------- | --------------------------- | ---- | ------------------------------------------- | 2327| handle | number | Yes | Handle for the **abortSession** operation. | 2328| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abortSession** operation. | 2329 2330**Return value** 2331 2332| Type | Description | 2333| ----------------------------------- | -------------------------------------------------- | 2334| Promise\<void> | Promise used to return the **abortSession** operation result.| 2335 2336**Error codes** 2337 2338For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 2339 2340| ID| Error Message | 2341| -------- | ------------- | 2342| 401 | argument is invalid. | 2343| 801 | api is not supported. | 2344| 12000004 | operating file failed. | 2345| 12000005 | IPC communication failed. | 2346| 12000006 | error occured in crypto engine. | 2347| 12000012 | external error. | 2348| 12000014 | memory is insufficient. | 2349 2350**Example** 2351 2352```ts 2353import huks from '@ohos.security.huks'; 2354import { BusinessError } from '@ohos.base'; 2355/* huks.initSession, huks.updateSession, and huks.finishSession must be used together. 2356 * If an error occurs in any of huks.initSession, huks.updateSession, 2357 * and huks.finishSession operations, 2358 * call huks.abortSession to terminate the use of the key. 2359 * 2360 * The following uses a 2048-bit RSA key as an example. The promise-based APIs are used. 2361 */ 2362class HuksProperties { 2363 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 2364 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | 2365 huks.HuksKeyDigest | huks.HuksKeyPadding | huks.HuksKeyGenerateType | 2366 huks.HuksCipherMode = huks.HuksKeyAlg.HUKS_ALG_ECC 2367} 2368 2369function stringToUint8Array(str: string) { 2370 let arr: number[] = []; 2371 for (let i = 0, j = str.length; i < j; ++i) { 2372 arr.push(str.charCodeAt(i)); 2373 } 2374 let tmpUint8Array = new Uint8Array(arr); 2375 return tmpUint8Array; 2376} 2377 2378let keyAlias = "HuksDemoRSA"; 2379let properties: HuksProperties[] = [] 2380let options: huks.HuksOptions = { 2381 properties: properties, 2382 inData: new Uint8Array(0) 2383}; 2384let handle: number = 0; 2385 2386async function generateKey() { 2387 properties[0] = { 2388 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 2389 value: huks.HuksKeyAlg.HUKS_ALG_RSA 2390 }; 2391 properties[1] = { 2392 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 2393 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 2394 }; 2395 properties[2] = { 2396 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 2397 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 2398 }; 2399 properties[3] = { 2400 tag: huks.HuksTag.HUKS_TAG_PADDING, 2401 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5 2402 }; 2403 properties[4] = { 2404 tag: huks.HuksTag.HUKS_TAG_DIGEST, 2405 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 2406 }; 2407 properties[5] = { 2408 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 2409 value: huks.HuksCipherMode.HUKS_MODE_ECB, 2410 } 2411 2412 try { 2413 await huks.generateKeyItem(keyAlias, options) 2414 .then((data) => { 2415 console.info(`promise: generateKeyItem success`); 2416 }) 2417 .catch((error: BusinessError) => { 2418 console.error(`promise: generateKeyItem failed`); 2419 }); 2420 } catch (error) { 2421 console.error(`promise: generateKeyItem input arg invalid`); 2422 } 2423} 2424 2425async function huksInit() { 2426 console.log('enter huksInit'); 2427 try { 2428 await huks.initSession(keyAlias, options) 2429 .then((data) => { 2430 console.info(`promise: initSession success, data = ${JSON.stringify(data)}`); 2431 handle = data.handle; 2432 }) 2433 .catch((error: BusinessError) => { 2434 console.error(`promise: initSession key failed`); 2435 }); 2436 } catch (error) { 2437 console.error(`promise: initSession input arg invalid`); 2438 } 2439} 2440 2441async function huksUpdate() { 2442 console.log('enter huksUpdate'); 2443 options.inData = stringToUint8Array("huksHmacTest"); 2444 try { 2445 await huks.updateSession(handle, options) 2446 .then((data) => { 2447 console.info(`promise: updateSession success, data = ${JSON.stringify(data)}`); 2448 }) 2449 .catch((error: BusinessError) => { 2450 console.error(`promise: updateSession failed`); 2451 }); 2452 } catch (error) { 2453 console.error(`promise: updateSession input arg invalid`); 2454 } 2455} 2456 2457async function huksFinish() { 2458 console.log('enter huksFinish'); 2459 options.inData = new Uint8Array(0); 2460 try { 2461 await huks.finishSession(handle, options) 2462 .then((data) => { 2463 console.info(`promise: finishSession success, data = ${JSON.stringify(data)}`); 2464 }) 2465 .catch((error: BusinessError) => { 2466 console.error(`promise: finishSession failed`); 2467 }); 2468 } catch (error) { 2469 console.error(`promise: finishSession input arg invalid`); 2470 } 2471} 2472 2473async function huksAbort() { 2474 console.log('enter huksAbort'); 2475 try { 2476 await huks.abortSession(handle, options) 2477 .then((data) => { 2478 console.info(`promise: abortSession success`); 2479 }) 2480 .catch((error: BusinessError) => { 2481 console.error(`promise: abortSession failed`); 2482 }); 2483 } catch (error) { 2484 console.error(`promise: abortSession input arg invalid`); 2485 } 2486} 2487 2488async function testAbort() { 2489 await generateKey(); 2490 await huksInit(); // Use abortSession to abort initSession. 2491 await huksAbort(); 2492} 2493``` 2494 2495 2496## HuksExceptionErrCode<sup>9+</sup> 2497 2498Enumerates the error codes. 2499 2500For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 2501 2502**System capability**: SystemCapability.Security.Huks.Core 2503 2504| Name | Value| Description | 2505| ---------------------------------------------- | -------- |--------------------------- | 2506| HUKS_ERR_CODE_PERMISSION_FAIL | 201 | Permission verification failed.<br> **System capability**: SystemCapability.Security.Huks.Core | 2507| HUKS_ERR_CODE_ILLEGAL_ARGUMENT | 401 | Invalid parameters are detected.<br> **System capability**: SystemCapability.Security.Huks.Core | 2508| HUKS_ERR_CODE_NOT_SUPPORTED_API | 801 | The API is not supported.<br> **System capability**: SystemCapability.Security.Huks.Core | 2509| HUKS_ERR_CODE_FEATURE_NOT_SUPPORTED | 12000001 | The feature is not supported.<br> **System capability**: SystemCapability.Security.Huks.Core | 2510| HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT | 12000002 | Key algorithm parameters are missing.<br> **System capability**: SystemCapability.Security.Huks.Core | 2511| HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT | 12000003 | Invalid key algorithm parameters are detected.<br> **System capability**: SystemCapability.Security.Huks.Core | 2512| HUKS_ERR_CODE_FILE_OPERATION_FAIL | 12000004 | The file operation failed.<br> **System capability**: SystemCapability.Security.Huks.Core | 2513| HUKS_ERR_CODE_COMMUNICATION_FAIL | 12000005 | The communication failed.<br> **System capability**: SystemCapability.Security.Huks.Core | 2514| HUKS_ERR_CODE_CRYPTO_FAIL | 12000006 | Failed to operate the algorithm library.<br> **System capability**: SystemCapability.Security.Huks.Core | 2515| HUKS_ERR_CODE_KEY_AUTH_PERMANENTLY_INVALIDATED | 12000007 | Failed to access the key because the key has expired.<br> **System capability**: SystemCapability.Security.Huks.Core| 2516| HUKS_ERR_CODE_KEY_AUTH_VERIFY_FAILED | 12000008 | Failed to access the key because the authentication has failed.<br> **System capability**: SystemCapability.Security.Huks.Core| 2517| HUKS_ERR_CODE_KEY_AUTH_TIME_OUT | 12000009 | Key access timed out.<br> **System capability**: SystemCapability.Security.Huks.Core| 2518| HUKS_ERR_CODE_SESSION_LIMIT | 12000010 | The number of key operation sessions has reached the limit.<br> **System capability**: SystemCapability.Security.Huks.Core | 2519| HUKS_ERR_CODE_ITEM_NOT_EXIST | 12000011 | The target object does not exist.<br> **System capability**: SystemCapability.Security.Huks.Core | 2520| HUKS_ERR_CODE_EXTERNAL_ERROR | 12000012 | An external error occurs.<br> **System capability**: SystemCapability.Security.Huks.Core | 2521| HUKS_ERR_CODE_CREDENTIAL_NOT_EXIST | 12000013 | The credential does not exist.<br> **System capability**: SystemCapability.Security.Huks.Core | 2522| HUKS_ERR_CODE_INSUFFICIENT_MEMORY | 12000014 | The memory is insufficient.<br> **System capability**: SystemCapability.Security.Huks.Core | 2523| HUKS_ERR_CODE_CALL_SERVICE_FAILED | 12000015 | Failed to call other system services.<br> **System capability**: SystemCapability.Security.Huks.Core | 2524| HUKS_ERR_CODE_DEVICE_PASSWORD_UNSET<sup>11+</sup> | 12000016 | The required lock screen password is not set.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2525 2526## HuksKeyPurpose 2527 2528Enumerates the key purposes. 2529 2530**System capability**: SystemCapability.Security.Huks.Core 2531 2532| Name | Value | Description | 2533| ------------------------ | ---- | -------------------------------- | 2534| HUKS_KEY_PURPOSE_ENCRYPT | 1 | Used to encrypt the plaintext.<br> **System capability**: SystemCapability.Security.Huks.Core| 2535| HUKS_KEY_PURPOSE_DECRYPT | 2 | Used to decrypt the cipher text.<br> **System capability**: SystemCapability.Security.Huks.Core| 2536| HUKS_KEY_PURPOSE_SIGN | 4 | Used for signing.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2537| HUKS_KEY_PURPOSE_VERIFY | 8 | Used to verify the signature.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2538| HUKS_KEY_PURPOSE_DERIVE | 16 | Used to derive a key.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2539| HUKS_KEY_PURPOSE_WRAP | 32 | Used for an encrypted export.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2540| HUKS_KEY_PURPOSE_UNWRAP | 64 | Used for an encrypted import.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2541| HUKS_KEY_PURPOSE_MAC | 128 | Used to generate a message authentication code (MAC).<br> **System capability**: SystemCapability.Security.Huks.Extension| 2542| HUKS_KEY_PURPOSE_AGREE | 256 | Used for key agreement.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2543 2544## HuksKeyDigest 2545 2546Enumerates the digest algorithms. 2547 2548**System capability**: SystemCapability.Security.Huks.Extension 2549 2550| Name | Value | Description | 2551| ---------------------- | ---- | ---------------------------------------- | 2552| HUKS_DIGEST_NONE | 0 | No digest algorithm| 2553| HUKS_DIGEST_MD5 | 1 | MD5| 2554| HUKS_DIGEST_SM3<sup>9+</sup> | 2 | SM3| 2555| HUKS_DIGEST_SHA1 | 10 | SHA-1| 2556| HUKS_DIGEST_SHA224 | 11 | SHA-224| 2557| HUKS_DIGEST_SHA256 | 12 | SHA-256| 2558| HUKS_DIGEST_SHA384 | 13 | SHA-384| 2559| HUKS_DIGEST_SHA512 | 14 | SHA-512| 2560 2561## HuksKeyPadding 2562 2563Enumerates the padding algorithms. 2564 2565**System capability**: SystemCapability.Security.Huks.Core 2566 2567| Name | Value | Description | 2568| ---------------------- | ---- | ---------------------------------------- | 2569| HUKS_PADDING_NONE | 0 | No padding algorithm<br> **System capability**: SystemCapability.Security.Huks.Core| 2570| HUKS_PADDING_OAEP | 1 | Optimal Asymmetric Encryption Padding (OAEP)<br> **System capability**: SystemCapability.Security.Huks.Extension| 2571| HUKS_PADDING_PSS | 2 | Probabilistic Signature Scheme (PSS)<br> **System capability**: SystemCapability.Security.Huks.Extension| 2572| HUKS_PADDING_PKCS1_V1_5 | 3 | Public Key Cryptography Standards (PKCS) #1 v1.5<br> **System capability**: SystemCapability.Security.Huks.Extension| 2573| HUKS_PADDING_PKCS5 | 4 | PKCS #5<br> **System capability**: SystemCapability.Security.Huks.Extension| 2574| HUKS_PADDING_PKCS7 | 5 | PKCS #7<br> **System capability**: SystemCapability.Security.Huks.Core| 2575 2576## HuksCipherMode 2577 2578Enumerates the cipher modes. 2579 2580**System capability**: SystemCapability.Security.Huks.Core 2581 2582| Name | Value | Description | 2583| ------------- | ---- | --------------------- | 2584| HUKS_MODE_ECB | 1 | Electronic Code Block (ECB) mode<br> **System capability**: SystemCapability.Security.Huks.Core| 2585| HUKS_MODE_CBC | 2 | Cipher Block Chaining (CBC) mode<br> **System capability**: SystemCapability.Security.Huks.Core| 2586| HUKS_MODE_CTR | 3 | Counter (CTR) mode<br> **System capability**: SystemCapability.Security.Huks.Core| 2587| HUKS_MODE_OFB | 4 | Output Feedback (OFB) mode<br> **System capability**: SystemCapability.Security.Huks.Extension| 2588| HUKS_MODE_CCM | 31 | Counter with CBC-MAC (CCM) mode<br> **System capability**: SystemCapability.Security.Huks.Extension| 2589| HUKS_MODE_GCM | 32 | Galois/Counter (GCM) mode<br> **System capability**: SystemCapability.Security.Huks.Core| 2590 2591## HuksKeySize 2592 2593Enumerates the key sizes. 2594 2595**System capability**: SystemCapability.Security.Huks.Core 2596 2597| Name | Value | Description | 2598| ---------------------------------- | ---- | ------------------------------------------ | 2599| HUKS_RSA_KEY_SIZE_512 | 512 | Rivest-Shamir-Adleman (RSA) key of 512 bits<br> **System capability**: SystemCapability.Security.Huks.Extension| 2600| HUKS_RSA_KEY_SIZE_768 | 768 | RSA key of 768 bits<br> **System capability**: SystemCapability.Security.Huks.Extension| 2601| HUKS_RSA_KEY_SIZE_1024 | 1024 | RSA key of 1024 bits<br> **System capability**: SystemCapability.Security.Huks.Extension| 2602| HUKS_RSA_KEY_SIZE_2048 | 2048 | RSA key of 2048 bits<br> **System capability**: SystemCapability.Security.Huks.Extension| 2603| HUKS_RSA_KEY_SIZE_3072 | 3072 | RSA key of 3072 bits<br> **System capability**: SystemCapability.Security.Huks.Extension| 2604| HUKS_RSA_KEY_SIZE_4096 | 4096 | RSA key of 4096 bits<br> **System capability**: SystemCapability.Security.Huks.Extension| 2605| HUKS_ECC_KEY_SIZE_224 | 224 | Elliptic Curve Cryptography (ECC) key of 224 bits<br> **System capability**: SystemCapability.Security.Huks.Extension| 2606| HUKS_ECC_KEY_SIZE_256 | 256 | ECC key of 256 bits<br> **System capability**: SystemCapability.Security.Huks.Extension| 2607| HUKS_ECC_KEY_SIZE_384 | 384 | ECC key of 384 bits<br> **System capability**: SystemCapability.Security.Huks.Extension| 2608| HUKS_ECC_KEY_SIZE_521 | 521 | ECC key of 521 bits<br> **System capability**: SystemCapability.Security.Huks.Extension| 2609| HUKS_AES_KEY_SIZE_128 | 128 | Advanced Encryption Standard (AES) key of 128 bits<br> **System capability**: SystemCapability.Security.Huks.Core| 2610| HUKS_AES_KEY_SIZE_192 | 192 | AES key of 192 bits<br> **System capability**: SystemCapability.Security.Huks.Core| 2611| HUKS_AES_KEY_SIZE_256 | 256 | AES key of 256 bits<br> **System capability**: SystemCapability.Security.Huks.Core| 2612| HUKS_AES_KEY_SIZE_512 | 512 | AES key of 512 bits<br> **System capability**: SystemCapability.Security.Huks.Core| 2613| HUKS_CURVE25519_KEY_SIZE_256 | 256 | Curve25519 key of 256 bits<br> **System capability**: SystemCapability.Security.Huks.Extension| 2614| HUKS_DH_KEY_SIZE_2048 | 2048 | Diffie-Hellman (DH) key of 2048 bits<br> **System capability**: SystemCapability.Security.Huks.Extension| 2615| HUKS_DH_KEY_SIZE_3072 | 3072 | DH key of 3072 bits<br> **System capability**: SystemCapability.Security.Huks.Extension| 2616| HUKS_DH_KEY_SIZE_4096 | 4096 | DH key of 4096 bits<br> **System capability**: SystemCapability.Security.Huks.Extension| 2617| HUKS_SM2_KEY_SIZE_256<sup>9+</sup> | 256 | ShangMi2 (SM2) key of 256 bits<br> **System capability**: SystemCapability.Security.Huks.Extension| 2618| HUKS_SM4_KEY_SIZE_128<sup>9+</sup> | 128 | ShangMi4 (SM4) key of 128 bits<br> **System capability**: SystemCapability.Security.Huks.Extension| 2619 2620## HuksKeyAlg 2621 2622Enumerates the key algorithms. 2623 2624**System capability**: SystemCapability.Security.Huks.Core 2625 2626| Name | Value | Description | 2627| ------------------------- | ---- | --------------------- | 2628| HUKS_ALG_RSA | 1 | RSA<br> **System capability**: SystemCapability.Security.Huks.Extension| 2629| HUKS_ALG_ECC | 2 | ECC<br> **System capability**: SystemCapability.Security.Huks.Extension| 2630| HUKS_ALG_DSA | 3 | DSA<br> **System capability**: SystemCapability.Security.Huks.Extension| 2631| HUKS_ALG_AES | 20 | AES<br> **System capability**: SystemCapability.Security.Huks.Core| 2632| HUKS_ALG_HMAC | 50 | HMAC<br> **System capability**: SystemCapability.Security.Huks.Extension| 2633| HUKS_ALG_HKDF | 51 | HKDF<br> **System capability**: SystemCapability.Security.Huks.Extension| 2634| HUKS_ALG_PBKDF2 | 52 | PBKDF2<br> **System capability**: SystemCapability.Security.Huks.Extension| 2635| HUKS_ALG_ECDH | 100 | ECDH<br> **System capability**: SystemCapability.Security.Huks.Extension| 2636| HUKS_ALG_X25519 | 101 | X25519 <br> **System capability**: SystemCapability.Security.Huks.Extension| 2637| HUKS_ALG_ED25519 | 102 | ED25519<br> **System capability**: SystemCapability.Security.Huks.Extension| 2638| HUKS_ALG_DH | 103 | DH<br> **System capability**: SystemCapability.Security.Huks.Extension| 2639| HUKS_ALG_SM2<sup>9+</sup> | 150 | SM2<br> **System capability**: SystemCapability.Security.Huks.Extension| 2640| HUKS_ALG_SM3<sup>9+</sup> | 151 | SM3<br> **System capability**: SystemCapability.Security.Huks.Extension| 2641| HUKS_ALG_SM4<sup>9+</sup> | 152 | SM4<br> **System capability**: SystemCapability.Security.Huks.Extension| 2642 2643## HuksKeyGenerateType 2644 2645Enumerates the key generation types. 2646 2647**System capability**: SystemCapability.Security.Huks.Extension 2648 2649| Name | Value | Description | 2650| ------------------------------ | ---- | ---------------- | 2651| HUKS_KEY_GENERATE_TYPE_DEFAULT | 0 | Key generated by default.| 2652| HUKS_KEY_GENERATE_TYPE_DERIVE | 1 | Derived key.| 2653| HUKS_KEY_GENERATE_TYPE_AGREE | 2 | Key generated by agreement.| 2654 2655## HuksKeyFlag 2656 2657Enumerates the key generation modes. 2658 2659**System capability**: SystemCapability.Security.Huks.Core 2660 2661| Name | Value | Description | 2662| -------------------------- | ---- | ------------------------------------ | 2663| HUKS_KEY_FLAG_IMPORT_KEY | 1 | Import a key using an API. | 2664| HUKS_KEY_FLAG_GENERATE_KEY | 2 | Generate a key by using an API. | 2665| HUKS_KEY_FLAG_AGREE_KEY | 3 | Generate a key by using a key agreement API.| 2666| HUKS_KEY_FLAG_DERIVE_KEY | 4 | Derive a key by using an API.| 2667 2668## HuksKeyStorageType 2669 2670Enumerates the key storage modes. 2671 2672**System capability**: SystemCapability.Security.Huks.Core 2673 2674| Name | Value | Description | 2675| -------------------------------------------- | ---- | ------------------------------ | 2676| HUKS_STORAGE_TEMP<sup>(deprecated)</sup> | 0 | The key is managed locally.<br>**NOTE**: This tag is deprecated since API version 10. No substitute is provided because this tag is not used in key management. In key derivation scenarios, use **HUKS_STORAGE_ONLY_USED_IN_HUKS** or **HUKS_STORAGE_KEY_EXPORT_ALLOWED**.<br> **System capability**: SystemCapability.Security.Huks.Core| 2677| HUKS_STORAGE_PERSISTENT<sup>(deprecated)</sup> | 1 | The key is managed by the HUKS service.<br> **NOTE**: This tag is deprecated since API version 10. No substitute is provided because this tag is not used in key management. In key derivation scenarios, use **HUKS_STORAGE_ONLY_USED_IN_HUKS** or **HUKS_STORAGE_KEY_EXPORT_ALLOWED**.<br> **System capability**: SystemCapability.Security.Huks.Core| 2678| HUKS_STORAGE_ONLY_USED_IN_HUKS<sup>10+</sup> | 2 | The key derived from the master key is stored in the HUKS and managed by the HUKS.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2679| HUKS_STORAGE_KEY_EXPORT_ALLOWED<sup>10+</sup> | 3 | The key derived from the master key is exported to the service, and not managed by the HUKS.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2680 2681## HuksSendType 2682 2683Enumerates the tag transfer modes. 2684 2685**System capability**: SystemCapability.Security.Huks.Extension 2686 2687| Name | Value | Description | 2688| -------------------- | ---- | ----------------- | 2689| HUKS_SEND_TYPE_ASYNC | 0 | The tag is sent asynchronously.| 2690| HUKS_SEND_TYPE_SYNC | 1 | The tag is sent synchronously.| 2691 2692## HuksUnwrapSuite<sup>9+</sup> 2693 2694Enumerates the algorithm suites used for importing a wrapped key. 2695 2696**System capability**: SystemCapability.Security.Huks.Extension 2697 2698| Name | Value | Description | 2699| ---------------------------------------------- | ---- | ----------------------------------------------------- | 2700| HUKS_UNWRAP_SUITE_X25519_AES_256_GCM_NOPADDING | 1 | Use X25519 for key agreement and then use AES-256 GCM to encrypt the key.| 2701| HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING | 2 | Use ECDH for key agreement and then use AES-256 GCM to encrypt the key. | 2702 2703## HuksImportKeyType<sup>9+</sup> 2704 2705Enumerates the types of keys to import. By default, a public key is imported. This field is not required when a symmetric key is imported. 2706 2707**System capability**: SystemCapability.Security.Huks.Extension 2708 2709| Name | Value | Description | 2710| ------------------------- | ---- | ------------------------------ | 2711| HUKS_KEY_TYPE_PUBLIC_KEY | 0 | Public key | 2712| HUKS_KEY_TYPE_PRIVATE_KEY | 1 | Private key | 2713| HUKS_KEY_TYPE_KEY_PAIR | 2 | Public and private key pair| 2714 2715## HuksRsaPssSaltLenType<sup>10+</sup> 2716 2717Enumerates the **salt_len** types to set when PSS padding is used in RSA signing or signature verification. 2718 2719**System capability**: SystemCapability.Security.Huks.Extension 2720 2721| Name | Value | Description | 2722| ------------------------------------------ | ---- | ---------------------------- | 2723| HUKS_RSA_PSS_SALT_LEN_DIGEST<sup>10+</sup> | 0 | **salt_len** is set to the digest length.| 2724| HUKS_RSA_PSS_SALT_LEN_MAX<sup>10+</sup> | 1 | **salt_len** is set to the maximum length.| 2725 2726## HuksUserAuthType<sup>9+</sup> 2727 2728Enumerates the user authentication types. 2729 2730**System capability**: SystemCapability.Security.Huks.Extension 2731 2732| Name | Value | Description | 2733| ------------------------------- | ---- | ------------------------- | 2734| HUKS_USER_AUTH_TYPE_FINGERPRINT | 1 << 0 | Fingerprint authentication. | 2735| HUKS_USER_AUTH_TYPE_FACE | 1 << 1 | Facial authentication.| 2736| HUKS_USER_AUTH_TYPE_PIN | 1 << 2 | PIN authentication.| 2737 2738## HuksAuthAccessType<sup>9+</sup> 2739 2740Enumerates the access control types. 2741 2742**System capability**: SystemCapability.Security.Huks.Extension 2743 2744| Name | Value | Description | 2745| --------------------------------------- | ---- | ------------------------------------------------ | 2746| HUKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD | 1 << 0 | The key becomes invalid after the password is cleared. | 2747| HUKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL | 1 << 1 | The key becomes invalid after a new biometric feature is added.| 2748| HUKS_AUTH_ACCESS_ALWAYS_VALID<sup>11+</sup> | 1 << 2 | The key is always valid.| 2749 2750## HuksChallengeType<sup>9+</sup> 2751 2752Enumerates the types of the challenges generated when a key is used. 2753 2754**System capability**: SystemCapability.Security.Huks.Extension 2755 2756| Name | Value | Description | 2757| ------------------------------- | ---- | ------------------------------ | 2758| HUKS_CHALLENGE_TYPE_NORMAL | 0 | Normal challenge, which is of 32 bytes by default.| 2759| HUKS_CHALLENGE_TYPE_CUSTOM | 1 | Custom challenge, which supports only one authentication for multiple keys.| 2760| HUKS_CHALLENGE_TYPE_NONE | 2 | Challenge is not required.| 2761 2762## HuksChallengePosition<sup>9+</sup> 2763 2764Enumerates the positions of the 8-byte valid value in a custom challenge generated. 2765 2766**System capability**: SystemCapability.Security.Huks.Extension 2767 2768| Name | Value | Description | 2769| ------------------------------- | ---- | ------------------------------ | 2770| HUKS_CHALLENGE_POS_0 | 0 | Bytes 0 to 7.| 2771| HUKS_CHALLENGE_POS_1 | 1 | Bytes 8 to 15.| 2772| HUKS_CHALLENGE_POS_2 | 2 | Bytes 16 to 23.| 2773| HUKS_CHALLENGE_POS_3 | 3 | Bytes 24 to 31.| 2774 2775## HuksSecureSignType<sup>9+</sup> 2776 2777Defines the signature type of the key generated or imported. 2778 2779**System capability**: SystemCapability.Security.Huks.Extension 2780 2781| Name | Value | Description | 2782| ------------------------------ | ---- | ------------------------------------------------------------ | 2783| HUKS_SECURE_SIGN_WITH_AUTHINFO | 1 | The signature carries authentication information. This field is specified when a key is generated or imported. When the key is used for signing, the data will be added with the authentication information and then be signed.| 2784 2785## HuksAuthStorageLevel<sup>11+</sup> 2786 2787Represents the storage security level of a key. 2788 2789**System capability**: SystemCapability.Security.Huks.Extension 2790 2791| Name | Value | Description | 2792| ------------------------------ | ---- | ------------------------------------------------------------ | 2793| HUKS_AUTH_STORAGE_LEVEL_DE | 0 | The key can be accessed only after the device is started.| 2794| HUKS_AUTH_STORAGE_LEVEL_CE | 1 | The key can be accessed only after the first unlock of the device.| 2795| HUKS_AUTH_STORAGE_LEVEL_ECE | 2 | The key can be accessed only when the device is unlocked.| 2796 2797## HuksTagType 2798 2799Enumerates the tag data types. 2800 2801**System capability**: SystemCapability.Security.Huks.Core 2802 2803| Name | Value | Description | 2804| --------------------- | ------- | --------------------------------------- | 2805| HUKS_TAG_TYPE_INVALID | 0 << 28 | Invalid tag type. | 2806| HUKS_TAG_TYPE_INT | 1 << 28 | Number of the int type. | 2807| HUKS_TAG_TYPE_UINT | 2 << 28 | Number of the uint type.| 2808| HUKS_TAG_TYPE_ULONG | 3 << 28 | BigInt. | 2809| HUKS_TAG_TYPE_BOOL | 4 << 28 | Boolean. | 2810| HUKS_TAG_TYPE_BYTES | 5 << 28 | Uint8Array. | 2811 2812## HuksTag 2813 2814Enumerates the tags used to invoke parameters. 2815 2816**System capability**: SystemCapability.Security.Huks.Core 2817 2818| Name | Value | Description | 2819| ----------------------------------------------------------- | ---------------------------------------- | ------------------------------------------------------------ | 2820| HUKS_TAG_INVALID<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_INVALID \| 0 | Invalid tag. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core | 2821| HUKS_TAG_ALGORITHM | HuksTagType.HUKS_TAG_TYPE_UINT \| 1 | Algorithm.<br> **System capability**: SystemCapability.Security.Huks.Core | 2822| HUKS_TAG_PURPOSE | HuksTagType.HUKS_TAG_TYPE_UINT \| 2 | Purpose of the key.<br> **System capability**: SystemCapability.Security.Huks.Core | 2823| HUKS_TAG_KEY_SIZE | HuksTagType.HUKS_TAG_TYPE_UINT \| 3 | Key size.<br> **System capability**: SystemCapability.Security.Huks.Core | 2824| HUKS_TAG_DIGEST | HuksTagType.HUKS_TAG_TYPE_UINT \| 4 | Digest algorithm.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2825| HUKS_TAG_PADDING | HuksTagType.HUKS_TAG_TYPE_UINT \| 5 | Padding algorithm.<br> **System capability**: SystemCapability.Security.Huks.Core | 2826| HUKS_TAG_BLOCK_MODE | HuksTagType.HUKS_TAG_TYPE_UINT \| 6 | Cipher mode.<br> **System capability**: SystemCapability.Security.Huks.Core | 2827| HUKS_TAG_KEY_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 7 | Key type.<br> **System capability**: SystemCapability.Security.Huks.Core | 2828| HUKS_TAG_ASSOCIATED_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 8 | Associated authentication data.<br> **System capability**: SystemCapability.Security.Huks.Core | 2829| HUKS_TAG_NONCE | HuksTagType.HUKS_TAG_TYPE_BYTES \| 9 | Field for key encryption and decryption.<br> **System capability**: SystemCapability.Security.Huks.Core | 2830| HUKS_TAG_IV | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10 | IV.<br> **System capability**: SystemCapability.Security.Huks.Core | 2831| HUKS_TAG_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 11 | Information generated during key derivation.<br> **System capability**: SystemCapability.Security.Huks.Core | 2832| HUKS_TAG_SALT | HuksTagType.HUKS_TAG_TYPE_BYTES \| 12 | Salt value used for key derivation.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2833| HUKS_TAG_PWD<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 13 | Password used for key derivation. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core | 2834| HUKS_TAG_ITERATION | HuksTagType.HUKS_TAG_TYPE_UINT \| 14 | Number of iterations for key derivation.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2835| HUKS_TAG_KEY_GENERATE_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 15 | Key generation type.<br> **System capability**: SystemCapability.Security.Huks.Core | 2836| HUKS_TAG_DERIVE_MAIN_KEY<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 16 | Main key for key derivation. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2837| HUKS_TAG_DERIVE_FACTOR<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 17 | Factor for key derivation. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2838| HUKS_TAG_DERIVE_ALG<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 18 | Type of the algorithm used for key derivation. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2839| HUKS_TAG_AGREE_ALG | HuksTagType.HUKS_TAG_TYPE_UINT \| 19 | Type of the algorithm used for key agreement.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2840| HUKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 20 | Public key alias used in key agreement.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2841| HUKS_TAG_AGREE_PRIVATE_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 21 | Private key alias used in key agreement.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2842| HUKS_TAG_AGREE_PUBLIC_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES \| 22 | Public key used in key agreement.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2843| HUKS_TAG_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 23 | Key alias.<br> **System capability**: SystemCapability.Security.Huks.Core | 2844| HUKS_TAG_DERIVE_KEY_SIZE | HuksTagType.HUKS_TAG_TYPE_UINT \| 24 | Size of the derived key.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2845| HUKS_TAG_IMPORT_KEY_TYPE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 25 | Type of the imported key.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2846| HUKS_TAG_UNWRAP_ALGORITHM_SUITE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 26 | Algorithm suite required for encrypted imports.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2847| HUKS_TAG_DERIVED_AGREED_KEY_STORAGE_FLAG<sup>10+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \|29 | Storage type of the derived key or agreed key.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2848| HUKS_TAG_RSA_PSS_SALT_LEN_TYPE<sup>10+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \|30 | Type of the **rsa_pss_salt_length**.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2849| HUKS_TAG_ACTIVE_DATETIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 201 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2850| HUKS_TAG_ORIGINATION_EXPIRE_DATETIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 202 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.<br> **System capability**: SystemCapability.Security.Huks.Core | 2851| HUKS_TAG_USAGE_EXPIRE_DATETIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 203 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.<br> **System capability**: SystemCapability.Security.Huks.Core | 2852| HUKS_TAG_CREATION_DATETIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 204 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.<br> **System capability**: SystemCapability.Security.Huks.Core | 2853| HUKS_TAG_ALL_USERS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 301 | Reserved.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2854| HUKS_TAG_USER_ID | HuksTagType.HUKS_TAG_TYPE_UINT \| 302 | ID of the user to which the key belongs.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2855| HUKS_TAG_NO_AUTH_REQUIRED | HuksTagType.HUKS_TAG_TYPE_BOOL \| 303 | Reserved.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2856| HUKS_TAG_USER_AUTH_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 304 | User authentication type. For details, see [HuksUserAuthType](#huksuserauthtype9). This parameter must be set together with [HuksAuthAccessType](#huksauthaccesstype9). You can set a maximum of two user authentication types at a time. For example, if **HuksAuthAccessType** is **HUKS_SECURE_ACCESS_INVALID_NEW_BIO_ENROLL**, you can set the user authentication type to **HUKS_USER_AUTH_TYPE_FACE**, **HUKS_USER_AUTH_TYPE_FINGERPRINT**, or **HUKS_USER_AUTH_TYPE_FACE \| HUKS_USER_AUTH_TYPE_FINGERPRINT**.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2857| HUKS_TAG_AUTH_TIMEOUT | HuksTagType.HUKS_TAG_TYPE_UINT \| 305 | Timeout period of an authentication token.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2858| HUKS_TAG_AUTH_TOKEN | HuksTagType.HUKS_TAG_TYPE_BYTES \| 306 | Used to pass in the authentication token.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2859| HUKS_TAG_KEY_AUTH_ACCESS_TYPE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 307 | Access control type. For details, see [HuksAuthAccessType](#huksauthaccesstype9). This parameter must be set together with [HuksUserAuthType](#huksuserauthtype9).<br> **System capability**: SystemCapability.Security.Huks.Extension | 2860| HUKS_TAG_KEY_SECURE_SIGN_TYPE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 308 | Signature type of the key generated or imported.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2861| HUKS_TAG_CHALLENGE_TYPE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 309 | Type of the challenge generated for a key. For details, see [HuksChallengeType](#hukschallengetype9).<br> **System capability**: SystemCapability.Security.Huks.Extension | 2862| HUKS_TAG_CHALLENGE_POS<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 310 | Position of the 8-byte valid value in a custom challenge. For details, see [HuksChallengePosition](#hukschallengeposition9).<br> **System capability**: SystemCapability.Security.Huks.Extension | 2863| HUKS_TAG_KEY_AUTH_PURPOSE<sup>10+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \|311 | Key authentication purpose.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2864| HUKS_TAG_AUTH_STORAGE_LEVEL<sup>11+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \|316 | Key storage security level, which is a value of [HuksAuthStorageLevel](#huksauthstoragelevel11).<br> **System capability**: SystemCapability.Security.Huks.Extension | 2865| HUKS_TAG_ATTESTATION_CHALLENGE | HuksTagType.HUKS_TAG_TYPE_BYTES \| 501 | Challenge value used in the attestation.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2866| HUKS_TAG_ATTESTATION_APPLICATION_ID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 502 | Application ID used in the attestation.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2867| HUKS_TAG_ATTESTATION_ID_BRAND<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 503 | Brand of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2868| HUKS_TAG_ATTESTATION_ID_DEVICE<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 504 | ID of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2869| HUKS_TAG_ATTESTATION_ID_PRODUCT<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 505 | Product name of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2870| HUKS_TAG_ATTESTATION_ID_SERIAL<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 506 | SN of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2871| HUKS_TAG_ATTESTATION_ID_IMEI<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 507 | International mobile equipment identity (IMEI) of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2872| HUKS_TAG_ATTESTATION_ID_MEID<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 508 | Mobile equipment identity (MEID) of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2873| HUKS_TAG_ATTESTATION_ID_MANUFACTURER<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 509 | Manufacturer of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2874| HUKS_TAG_ATTESTATION_ID_MODEL<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 510 | Device model. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2875| HUKS_TAG_ATTESTATION_ID_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 511 | Key alias used in the attestation.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2876| HUKS_TAG_ATTESTATION_ID_SOCID<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 512 | System-on-a-chip (SoCID) of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2877| HUKS_TAG_ATTESTATION_ID_UDID<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 513 | Unique device identifier (UDID) of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2878| HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 514 | Security level used in the attestation.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2879| HUKS_TAG_ATTESTATION_ID_VERSION_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 515 | Version information used in the attestation.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2880| HUKS_TAG_IS_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1001 | Whether to use the alias passed in during key generation.<br> **System capability**: SystemCapability.Security.Huks.Core | 2881| HUKS_TAG_KEY_STORAGE_FLAG | HuksTagType.HUKS_TAG_TYPE_UINT \| 1002 | Key storage mode.<br> **System capability**: SystemCapability.Security.Huks.Core | 2882| HUKS_TAG_IS_ALLOWED_WRAP | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1003 | Reserved.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2883| HUKS_TAG_KEY_WRAP_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 1004 | Reserved.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2884| HUKS_TAG_KEY_AUTH_ID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 1005 | Reserved.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2885| HUKS_TAG_KEY_ROLE | HuksTagType.HUKS_TAG_TYPE_UINT \| 1006 | Reserved.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2886| HUKS_TAG_KEY_FLAG | HuksTagType.HUKS_TAG_TYPE_UINT \| 1007 | Flag of the key.<br> **System capability**: SystemCapability.Security.Huks.Core | 2887| HUKS_TAG_IS_ASYNCHRONIZED | HuksTagType.HUKS_TAG_TYPE_UINT \| 1008 | Reserved.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2888| HUKS_TAG_SECURE_KEY_ALIAS<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1009 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core | 2889| HUKS_TAG_SECURE_KEY_UUID<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 1010 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2890| HUKS_TAG_KEY_DOMAIN | HuksTagType.HUKS_TAG_TYPE_UINT \| 1011 | Reserved.<br> **System capability**: SystemCapability.Security.Huks.Core | 2891| HUKS_TAG_IS_DEVICE_PASSWORD_SET<sup>11+</sup> | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1012 | Whether the key is accessible only when the user sets a lock screen password.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2892| HUKS_TAG_PROCESS_NAME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10001 | Process name. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core | 2893| HUKS_TAG_PACKAGE_NAME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10002 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2894| HUKS_TAG_ACCESS_TIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10003 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2895| HUKS_TAG_USES_TIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10004 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2896| HUKS_TAG_CRYPTO_CTX<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 10005 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2897| HUKS_TAG_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10006 | Reserved.<br> **System capability**: SystemCapability.Security.Huks.Core | 2898| HUKS_TAG_KEY_VERSION<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10007 | Key version. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2899| HUKS_TAG_PAYLOAD_LEN<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10008 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2900| HUKS_TAG_AE_TAG | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10009 | Used to pass in the AEAD in GCM mode.<br> **System capability**: SystemCapability.Security.Huks.Core | 2901| HUKS_TAG_IS_KEY_HANDLE<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 10010 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core | 2902| HUKS_TAG_OS_VERSION<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10101 | OS version. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core | 2903| HUKS_TAG_OS_PATCHLEVEL<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10102 | OS patch level. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core | 2904| HUKS_TAG_SYMMETRIC_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20001 | Reserved.<br> **System capability**: SystemCapability.Security.Huks.Core | 2905| HUKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20002 | Reserved.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2906| HUKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20003 | Reserved.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2907 2908## huks.generateKey<sup>(deprecated)</sup> 2909 2910generateKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 2911 2912Generates a key. This API uses an asynchronous callback to return the result. 2913 2914> **NOTE** 2915> 2916> This API is deprecated since API version 9. You are advised to use [huks.generateKeyItem<sup>9+</sup>](#huksgeneratekeyitem9). 2917 2918**System capability**: SystemCapability.Security.Huks.Extension 2919 2920**Parameters** 2921 2922| Name | Type | Mandatory| Description | 2923| -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ | 2924| keyAlias | string | Yes | Alias of the key. | 2925| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key. | 2926| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback invoked to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code defined in **HuksResult** is returned.| 2927 2928**Example** 2929 2930```ts 2931import huks from '@ohos.security.huks'; 2932/* Generate an RSA key of 512 bits. */ 2933class HuksProperties { 2934 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 2935 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | 2936 huks.HuksKeyDigest | huks.HuksKeyPadding = huks.HuksKeyAlg.HUKS_ALG_ECC 2937} 2938let keyAlias = 'keyAlias'; 2939let properties: HuksProperties[] = [ 2940 { 2941 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 2942 value: huks.HuksKeyAlg.HUKS_ALG_RSA 2943 }, 2944 { 2945 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 2946 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_512 2947 }, 2948 { 2949 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 2950 value: 2951 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | 2952 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 2953 }, 2954 { 2955 tag: huks.HuksTag.HUKS_TAG_PADDING, 2956 value: huks.HuksKeyPadding.HUKS_PADDING_OAEP 2957 }, 2958 { 2959 tag: huks.HuksTag.HUKS_TAG_DIGEST, 2960 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 2961 } 2962]; 2963let options: huks.HuksOptions = { 2964 properties: properties 2965}; 2966huks.generateKey(keyAlias, options, (err, data) => { 2967}); 2968``` 2969 2970## huks.generateKey<sup>(deprecated)</sup> 2971 2972generateKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 2973 2974Generates a key. This API uses a promise to return the result. 2975 2976> **NOTE** 2977> 2978> This API is deprecated since API version 9. You are advised to use [huks.generateKeyItem<sup>9+</sup>](#huksgeneratekeyitem9-1). 2979 2980**System capability**: SystemCapability.Security.Huks.Extension 2981 2982**Parameters** 2983 2984| Name | Type | Mandatory| Description | 2985| -------- | --------------------------- | ---- | ------------------------ | 2986| keyAlias | string | Yes | Alias of the key. | 2987| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key.| 2988 2989**Return value** 2990 2991| Type | Description | 2992| ----------------------------------- | -------------------------------------------------- | 2993| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.| 2994 2995**Example** 2996 2997```ts 2998import huks from '@ohos.security.huks'; 2999/* Generate a 256-bit ECC key. */ 3000class HuksProperties { 3001 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 3002 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | 3003 huks.HuksKeyDigest = huks.HuksKeyAlg.HUKS_ALG_ECC 3004} 3005 3006let keyAlias = 'keyAlias'; 3007let properties: HuksProperties[] = [ 3008 { 3009 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3010 value: huks.HuksKeyAlg.HUKS_ALG_ECC 3011 }, 3012 { 3013 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3014 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 3015 }, 3016 { 3017 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3018 value: 3019 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN | 3020 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 3021 }, 3022 { 3023 tag: huks.HuksTag.HUKS_TAG_DIGEST, 3024 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 3025 } 3026]; 3027let options: huks.HuksOptions = { 3028 properties: properties 3029}; 3030let result = huks.generateKey(keyAlias, options); 3031``` 3032 3033## huks.deleteKey<sup>(deprecated)</sup> 3034 3035deleteKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3036 3037Deletes a key. This API uses an asynchronous callback to return the result. 3038 3039> **NOTE** 3040> 3041> This API is deprecated since API version 9. You are advised to use [huks.deleteKeyItem<sup>9+</sup>](#huksdeletekeyitem9). 3042 3043**System capability**: SystemCapability.Security.Huks.Extension 3044 3045**Parameters** 3046 3047| Name | Type | Mandatory| Description | 3048| -------- | ----------------------------------------- | ---- |----------------------------------------------------| 3049| keyAlias | string | Yes | Alias of the key to delete. It must be the key alias passed in when the key was generated. | 3050| options | [HuksOptions](#huksoptions) | Yes | Properties of the key to delete, for example, delete all keys or a single key. To delete a single key, leave **properties** empty.| 3051| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback invoked to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned. | 3052 3053**Example** 3054 3055```ts 3056import huks from '@ohos.security.huks'; 3057/* Set options to emptyOptions. */ 3058let keyAlias = 'keyAlias'; 3059let emptyOptions: huks.HuksOptions = { 3060 properties: [] 3061}; 3062huks.deleteKey(keyAlias, emptyOptions, (err, data) => { 3063}); 3064``` 3065 3066## huks.deleteKey<sup>(deprecated)</sup> 3067 3068deleteKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 3069 3070Deletes a key. This API uses a promise to return the result. 3071 3072> **NOTE** 3073> 3074> This API is deprecated since API version 9. You are advised to use [huks.deleteKeyItem<sup>9+</sup>](#huksdeletekeyitem9-1). 3075 3076**System capability**: SystemCapability.Security.Huks.Extension 3077 3078**Parameters** 3079 3080| Name | Type | Mandatory| Description | 3081| -------- | ----------- | ---- | ----------------------------------------------------- | 3082| keyAlias | string | Yes | Alias of the key to delete. It must be the key alias passed in when the key was generated.| 3083| options | [HuksOptions](#huksoptions) | Yes | Properties of the key to delete, for example, delete all keys or a single key. To delete a single key, leave **properties** empty.| 3084 3085**Return value** 3086 3087| Type | Description | 3088| ----------------------------------- | -------------------------------------------------- | 3089| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.| 3090 3091**Example** 3092 3093```ts 3094import huks from '@ohos.security.huks'; 3095/* Set options to emptyOptions. */ 3096let keyAlias = 'keyAlias'; 3097let emptyOptions: huks.HuksOptions = { 3098 properties: [] 3099}; 3100let result = huks.deleteKey(keyAlias, emptyOptions); 3101``` 3102 3103## huks.importKey<sup>(deprecated)</sup> 3104 3105importKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3106 3107Imports a key in plaintext. This API uses an asynchronous callback to return the result. 3108 3109> **NOTE** 3110> 3111> This API is deprecated since API version 9. You are advised to use [huks.importKeyItem<sup>9+</sup>](#huksimportkeyitem9). 3112 3113**System capability**: SystemCapability.Security.Huks.Extension 3114 3115**Parameters** 3116 3117| Name | Type | Mandatory| Description | 3118| -------- | ------------------------ | ---- | ------------------------------------------------- | 3119| keyAlias | string | Yes | Alias of the key.| 3120| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import.| 3121| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback invoked to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.| 3122 3123**Example** 3124 3125```ts 3126import huks from '@ohos.security.huks'; 3127/* Import a 256-bit AES key. */ 3128class HuksProperties { 3129 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 3130 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | 3131 huks.HuksKeyPadding | huks.HuksCipherMode = huks.HuksKeyAlg.HUKS_ALG_ECC 3132} 3133let plainTextSize32 = makeRandomArr(32); 3134function makeRandomArr(size: number) { 3135 let arr = new Uint8Array(size); 3136 for (let i = 0; i < size; i++) { 3137 arr[i] = Math.floor(Math.random() * 10); 3138 } 3139 return arr; 3140}; 3141let keyAlias = 'keyAlias'; 3142let properties: HuksProperties[] = [ 3143 { 3144 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3145 value: huks.HuksKeyAlg.HUKS_ALG_AES 3146 }, 3147 { 3148 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3149 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 3150 }, 3151 { 3152 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3153 value: 3154 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 3155 }, 3156 { 3157 tag: huks.HuksTag.HUKS_TAG_PADDING, 3158 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 3159 }, 3160 { 3161 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 3162 value: huks.HuksCipherMode.HUKS_MODE_ECB 3163 } 3164]; 3165let options: huks.HuksOptions = { 3166 properties: properties, 3167 inData: plainTextSize32 3168}; 3169huks.importKey(keyAlias, options, (err, data) => { 3170}); 3171``` 3172 3173## huks.importKey<sup>(deprecated)</sup> 3174 3175importKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 3176 3177Imports a key in plaintext. This API uses a promise to return the result. 3178 3179> **NOTE** 3180> 3181> This API is deprecated since API version 9. You are advised to use [huks.importKeyItem<sup>9+</sup>](#huksimportkeyitem9-1). 3182 3183**System capability**: SystemCapability.Security.Huks.Extension 3184 3185**Parameters** 3186 3187| Name | Type | Mandatory| Description | 3188| -------- | ----------- | ---- | ------------------------------------ | 3189| keyAlias | string | Yes | Alias of the key.| 3190| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import.| 3191 3192**Return value** 3193 3194| Type | Description | 3195| ----------------------------------- | -------------------------------------------------- | 3196| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.| 3197 3198**Example** 3199 3200```ts 3201import huks from '@ohos.security.huks'; 3202/* Import an AES key of 128 bits. */ 3203class HuksProperties { 3204 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 3205 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | 3206 huks.HuksKeyPadding | huks.HuksCipherMode = huks.HuksKeyAlg.HUKS_ALG_ECC 3207} 3208let plainTextSize32 = makeRandomArr(32); 3209function makeRandomArr(size: number) { 3210 let arr = new Uint8Array(size); 3211 for (let i = 0; i < size; i++) { 3212 arr[i] = Math.floor(Math.random() * 10); 3213 } 3214 return arr; 3215}; 3216/* Step 1 Generate a key. */ 3217let keyAlias = 'keyAlias'; 3218let properties: HuksProperties[] = [ 3219 { 3220 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3221 value: huks.HuksKeyAlg.HUKS_ALG_AES 3222 }, 3223 { 3224 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3225 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128 3226 }, 3227 { 3228 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3229 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 3230 }, 3231 { 3232 tag: huks.HuksTag.HUKS_TAG_PADDING, 3233 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 3234 }, 3235 { 3236 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 3237 value: huks.HuksCipherMode.HUKS_MODE_ECB 3238 } 3239]; 3240let huksoptions: huks.HuksOptions = { 3241 properties: properties, 3242 inData: plainTextSize32 3243}; 3244let result = huks.importKey(keyAlias, huksoptions); 3245``` 3246 3247## huks.exportKey<sup>(deprecated)</sup> 3248 3249exportKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3250 3251Exports a key. This API uses an asynchronous callback to return the result. 3252 3253> **NOTE** 3254> 3255> This API is deprecated since API version 9. You are advised to use [huks.exportKeyItem<sup>9+</sup>](#huksexportkeyitem9). 3256 3257**System capability**: SystemCapability.Security.Huks.Extension 3258 3259**Parameters** 3260 3261| Name | Type | Mandatory| Description | 3262| -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ | 3263| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 3264| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 3265| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback invoked to return the result. If the operation is successful, **HUKS_SUCCESS** is returned and **outData** contains the public key exported. If the operation fails, an error code is returned.| 3266 3267**Example** 3268 3269```ts 3270import huks from '@ohos.security.huks'; 3271/* Set options to emptyOptions. */ 3272let keyAlias = 'keyAlias'; 3273let emptyOptions: huks.HuksOptions = { 3274 properties: [] 3275}; 3276huks.exportKey(keyAlias, emptyOptions, (err, data) => { 3277}); 3278``` 3279 3280## huks.exportKey<sup>(deprecated)</sup> 3281 3282exportKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 3283 3284Exports a key. This API uses a promise to return the result. 3285 3286> **NOTE** 3287> 3288> This API is deprecated since API version 9. You are advised to use [huks.exportKeyItem<sup>9+</sup>](#huksexportkeyitem9-1). 3289 3290**System capability**: SystemCapability.Security.Huks.Extension 3291 3292**Parameters** 3293 3294| Name | Type | Mandatory| Description | 3295| -------- | ----------- | ---- | ------------------------------------------------------------ | 3296| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.| 3297| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty).| 3298 3299**Return value** 3300 3301| Type | Description | 3302| ----------------------------------- | ------------------------------------------------------------ | 3303| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned and **outData** contains the public key exported. If the operation fails, an error code is returned.| 3304 3305**Example** 3306 3307```ts 3308import huks from '@ohos.security.huks'; 3309/* Set options to emptyOptions. */ 3310let keyAlias = 'keyAlias'; 3311let emptyOptions: huks.HuksOptions = { 3312 properties: [] 3313}; 3314let result = huks.exportKey(keyAlias, emptyOptions); 3315``` 3316 3317## huks.getKeyProperties<sup>(deprecated)</sup> 3318 3319getKeyProperties(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3320 3321Obtains key properties. This API uses an asynchronous callback to return the result. 3322 3323> **NOTE** 3324> 3325> This API is deprecated since API version 9. You are advised to use [huks.getKeyItemProperties<sup>9+</sup>](#huksgetkeyitemproperties9). 3326 3327**System capability**: SystemCapability.Security.Huks.Extension 3328 3329**Parameters** 3330 3331| Name | Type | Mandatory| Description | 3332| -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ | 3333| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 3334| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 3335| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback invoked to return the result. If the operation is successful, **errorCode** is **HUKS_SUCCESS**; otherwise, an error code is returned.| 3336 3337**Example** 3338 3339```ts 3340import huks from '@ohos.security.huks'; 3341/* Set options to emptyOptions. */ 3342let keyAlias = 'keyAlias'; 3343let emptyOptions: huks.HuksOptions = { 3344 properties: [] 3345}; 3346huks.getKeyProperties(keyAlias, emptyOptions, (err, data) => { 3347}); 3348``` 3349 3350## huks.getKeyProperties<sup>(deprecated)</sup> 3351 3352getKeyProperties(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 3353 3354Obtains key properties. This API uses a promise to return the result. 3355 3356> **NOTE** 3357> 3358> This API is deprecated since API version 9. You are advised to use [huks.getKeyItemProperties<sup>9+</sup>](#huksgetkeyitemproperties9-1). 3359 3360**System capability**: SystemCapability.Security.Huks.Extension 3361 3362**Parameters** 3363 3364| Name | Type | Mandatory| Description | 3365| -------- | ----------- | ---- | ------------------------------------------------------------ | 3366| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.| 3367| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty).| 3368 3369**Return value** 3370 3371| Type | Description | 3372| ------------------ | ------------------------------------------------------------ | 3373| Promise\<[HuksResult](#huksoptions)> | Promise used to return the result. If the operation is successful, **errorCode** is **HUKS_SUCCESS** and **properties** returns the parameters required for generating the key. If the operation fails, an error code is returned.| 3374 3375**Example** 3376 3377```ts 3378import huks from '@ohos.security.huks'; 3379/* Set options to emptyOptions. */ 3380let keyAlias = 'keyAlias'; 3381let emptyOptions: huks.HuksOptions = { 3382 properties: [] 3383}; 3384let result = huks.getKeyProperties(keyAlias, emptyOptions); 3385``` 3386 3387## huks.isKeyExist<sup>(deprecated)</sup> 3388 3389isKeyExist(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<boolean>) : void 3390 3391Checks whether a key exists. This API uses an asynchronous callback to return the result. 3392 3393> **NOTE** 3394> 3395> This API is deprecated since API version 9. You are advised to use [huks.isKeyItemExist<sup>9+</sup>](#huksiskeyitemexist9). 3396 3397**System capability**: SystemCapability.Security.Huks.Extension 3398 3399**Parameters** 3400 3401| Name | Type | Mandatory| Description | 3402| -------- | ---------------------- | ---- | ------------------------------------- | 3403| keyAlias | string | Yes | Alias of the key to check.| 3404| options | [HuksOptions](#huksoptions) | Yes | Properties of the key to check, for example, check all keys or a single key. To check a single key, leave **properties** empty.| 3405| callback | AsyncCallback\<boolean> | Yes | Callback invoked to return the result. The value **true** means the key exists; the value **false** means the opposite.| 3406 3407**Example** 3408 3409```ts 3410import huks from '@ohos.security.huks'; 3411/* Set options to emptyOptions. */ 3412let keyAlias = 'keyAlias'; 3413let emptyOptions: huks.HuksOptions = { 3414 properties: [] 3415}; 3416huks.isKeyExist(keyAlias, emptyOptions, (err, data) => { 3417}); 3418``` 3419 3420## huks.isKeyExist<sup>(deprecated)</sup> 3421 3422isKeyExist(keyAlias: string, options: HuksOptions) : Promise\<boolean> 3423 3424Checks whether a key exists. This API uses a promise to return the result. 3425 3426> **NOTE** 3427> 3428> This API is deprecated since API version 9. You are advised to use [huks.isKeyItemExist<sup>9+</sup>](#huksiskeyitemexist9-1). 3429 3430**System capability**: SystemCapability.Security.Huks.Extension 3431 3432**Parameters** 3433 3434| Name | Type | Mandatory| Description | 3435| -------- | ----------- | ---- | -------------------------------- | 3436| keyAlias | string | Yes | Alias of the key to check.| 3437| options | [HuksOptions](#huksoptions) | Yes | Properties of the key to check, for example, check all keys or a single key. To check a single key, pass in an empty **properties**.| 3438 3439**Return value** 3440 3441| Type | Description | 3442| ----------------- | --------------------------------------- | 3443| Promise\<boolean> | Promise used to return the result. The value **true** means the key exists; the value **false** means the opposite.| 3444 3445**Example** 3446 3447```ts 3448import huks from '@ohos.security.huks'; 3449/* Set options to emptyOptions. */ 3450let keyAlias = 'keyAlias'; 3451let emptyOptions: huks.HuksOptions = { 3452 properties: [] 3453}; 3454let result = huks.isKeyExist(keyAlias, emptyOptions); 3455``` 3456 3457## huks.init<sup>(deprecated)</sup> 3458 3459init(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksHandle>) : void 3460 3461Initializes the data for a key operation. This API uses an asynchronous callback to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3462 3463> **NOTE** 3464> 3465> This API is deprecated since API version 9. You are advised to use [huks.initSession<sup>9+</sup>](#huksinitsession9-1). 3466 3467**System capability**: SystemCapability.Security.Huks.Extension 3468 3469**Parameters** 3470 3471| Name | Type | Mandatory| Description | 3472| -------- | ---------------------- | ---- | ------------------------------------- | 3473| keyAlias | string | Yes | Alias of the target key.| 3474| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **init** operation.| 3475| callback | AsyncCallback\<[HuksHandle](#hukshandledeprecated)> | Yes | Callback invoked to return a session handle for subsequent operations.| 3476 3477## huks.init<sup>(deprecated)</sup> 3478 3479init(keyAlias: string, options: HuksOptions) : Promise\<HuksHandle> 3480 3481Initializes the data for a key operation. This API uses a promise to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3482 3483> **NOTE** 3484> 3485> This API is deprecated since API version 9. You are advised to use [huks.initSession<sup>9+</sup>](#huksinitsession9-1). 3486 3487**System capability**: SystemCapability.Security.Huks.Extension 3488 3489**Parameters** 3490 3491| Name | Type | Mandatory| Description | 3492| -------- | ---------------------- | ---- | ------------------------------------- | 3493| keyAlias | string | Yes | Alias of the target key.| 3494| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **init** operation.| 3495 3496**Return value** 3497 3498| Type | Description | 3499| ----------------------------------- | -------------------------------------------------- | 3500| Promise\<[HuksHandle](#hukshandledeprecated)> | Promise used to return a session handle for subsequent operations.| 3501 3502## huks.update<sup>(deprecated)</sup> 3503 3504update(handle: number, token?: Uint8Array, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3505 3506Updates the key operation by segment. This API uses an asynchronous callback to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3507 3508> **NOTE** 3509> 3510> This API is deprecated since API version 9. You are advised to use [huks.updateSession<sup>9+</sup>](#huksupdatesession9-1). 3511 3512**System capability**: SystemCapability.Security.Huks.Extension 3513 3514**Parameters** 3515 3516| Name | Type | Mandatory| Description | 3517| -------- | ----------------------------------------- | ---- | -------------------------------------------- | 3518| handle | number | Yes | Handle for the **update** operation. | 3519| token | Uint8Array | No | Token of the **update** operation. | 3520| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **update** operation. | 3521| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback invoked to return the **update** operation result.| 3522 3523## huks.update<sup>(deprecated)</sup> 3524 3525update(handle: number, token?: Uint8Array, options: HuksOptions) : Promise\<HuksResult>; 3526 3527Updates the key operation by segment. This API uses a promise to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3528 3529> **NOTE** 3530> 3531> This API is deprecated since API version 9. You are advised to use [huks.updateSession<sup>9+</sup>](#huksupdatesession9-2). 3532 3533**System capability**: SystemCapability.Security.Huks.Extension 3534 3535**Parameters** 3536 3537| Name | Type | Mandatory| Description | 3538| ------- | ----------------------------------- | ---- | -------------------------------------------- | 3539| handle | number | Yes | Handle for the **update** operation. | 3540| token | Uint8Array | No | Token of the **update** operation. | 3541| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **update** operation. | 3542 3543**Return value** 3544 3545| Type | Description | 3546| ----------------------------------- | -------------------------------------------------- | 3547| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the **update** operation result.| 3548 3549## huks.finish<sup>(deprecated)</sup> 3550 3551finish(handle: number, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3552 3553Completes the key operation and releases resources. This API uses an asynchronous callback to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3554 3555> **NOTE** 3556> 3557> This API is deprecated since API version 9. You are advised to use [huks.finishSession<sup>9+</sup>](#huksfinishsession9). 3558 3559**System capability**: SystemCapability.Security.Huks.Extension 3560 3561**Parameters** 3562 3563| Name | Type | Mandatory| Description | 3564| -------- | ---------------------- | ---- | ------------------------------------- | 3565| handle | number | Yes | Handle for the **finish** operation.| 3566| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finish** operation.| 3567| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes| Callback invoked to return the **finish** operation result.| 3568 3569## huks.finish<sup>(deprecated)</sup> 3570 3571finish(handle: number, options: HuksOptions) : Promise\<HuksResult> 3572 3573Completes the key operation and releases resources. This API uses a promise to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3574 3575> **NOTE** 3576> 3577> This API is deprecated since API version 9. You are advised to use [huks.finishSession<sup>9+</sup>](#huksfinishsession9-1). 3578 3579**System capability**: SystemCapability.Security.Huks.Extension 3580 3581**Parameters** 3582 3583| Name | Type | Mandatory| Description | 3584| -------- | ---------------------- | ---- | ------------------------------------- | 3585| handle | number | Yes | Handle for the **finish** operation.| 3586| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finish** operation.| 3587 3588**Return value** 3589 3590| Type | Description | 3591| ----------------------------------- | -------------------------------------------------- | 3592| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result.| 3593 3594## huks.abort<sup>(deprecated)</sup> 3595 3596abort(handle: number, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3597 3598Aborts the use of the key. This API uses an asynchronous callback to return the result. 3599 3600> **NOTE** 3601> 3602> This API is deprecated since API version 9. You are advised to use [huks.abortSession<sup>9+</sup>](#huksabortsession9). 3603 3604**System capability**: SystemCapability.Security.Huks.Extension 3605 3606**Parameters** 3607 3608| Name | Type | Mandatory| Description | 3609| -------- | ---------------------- | ---- | ------------------------------------- | 3610| handle | number | Yes | Handle for the **abort** operation.| 3611| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abort** operation.| 3612| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes| Callback invoked to return the **abort** operation result.| 3613 3614**Example** 3615 3616```ts 3617import huks from '@ohos.security.huks'; 3618import { BusinessError } from '@ohos.base'; 3619/* huks.init, huks.update, and huks.finish must be used together. 3620 * If an error occurs in any of them, call huks.abort to terminate the use of the key. 3621 * 3622 * The following uses a 2048-bit RSA key as an example. The callback-based APIs are used. 3623 */ 3624class HuksProperties { 3625 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 3626 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | 3627 huks.HuksKeyDigest | huks.HuksKeyPadding = huks.HuksKeyAlg.HUKS_ALG_ECC 3628} 3629let keyalias = "HuksDemoRSA"; 3630let properties: HuksProperties[] = []; 3631let options: huks.HuksOptions = { 3632 properties: properties, 3633 inData: new Uint8Array(0) 3634}; 3635let handle: number = 0; 3636let resultMessage = ""; 3637async function generateKey() { 3638 properties[0] = { 3639 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3640 value: huks.HuksKeyAlg.HUKS_ALG_RSA 3641 }; 3642 properties[1] = { 3643 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3644 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 3645 }; 3646 properties[2] = { 3647 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3648 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 3649 }; 3650 properties[3] = { 3651 tag: huks.HuksTag.HUKS_TAG_PADDING, 3652 value: huks.HuksKeyPadding.HUKS_PADDING_OAEP 3653 }; 3654 properties[4] = { 3655 tag: huks.HuksTag.HUKS_TAG_DIGEST, 3656 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 3657 }; 3658 huks.generateKey(keyalias, options); 3659} 3660function stringToUint8Array(str: string) { 3661 let arr: number[] = []; 3662 for (let i = 0, j = str.length; i < j; ++i) { 3663 arr.push(str.charCodeAt(i)); 3664 } 3665 let tmpUint8Array = new Uint8Array(arr); 3666 return tmpUint8Array; 3667} 3668async function huksInit() { 3669 await huks.init(keyalias, options).then((data) => { 3670 console.log(`test init data: ${JSON.stringify(data)}`); 3671 handle = data.handle; 3672 }).catch((err: BusinessError) => { 3673 console.log("test init err information: " + JSON.stringify(err)) 3674 }) 3675} 3676async function huksUpdate() { 3677 options.inData = stringToUint8Array("huksHmacTest"); 3678 await huks.update(handle, options.inData, options).then((data) => { 3679 if (data.errorCode === 0) { 3680 resultMessage += "update success!"; 3681 } else { 3682 resultMessage += "update fail!"; 3683 } 3684 }); 3685 console.log(resultMessage); 3686} 3687function huksFinish() { 3688 options.inData = stringToUint8Array("HuksDemoHMAC"); 3689 huks.finish(handle, options).then((data) => { 3690 if (data.errorCode === 0) { 3691 resultMessage = "finish success!"; 3692 } else { 3693 resultMessage = "finish fail errorCode: " + data.errorCode; 3694 } 3695 }).catch((err: BusinessError) => { 3696 resultMessage = "Failed to complete the key operation. catch errorMessage:" + JSON.stringify(err) 3697 }); 3698 console.log(resultMessage); 3699} 3700async function huksAbort() { 3701 new Promise<huks.HuksResult>((resolve, reject) => { 3702 huks.abort(handle, options, (err, data) => { 3703 console.log(`huksAbort data ${JSON.stringify(data)}`); 3704 console.log(`huksAbort err ${JSON.stringify(err)}`); 3705 }); 3706 }); 3707} 3708``` 3709 3710## huks.abort<sup>(deprecated)</sup> 3711 3712abort(handle: number, options: HuksOptions) : Promise\<HuksResult>; 3713 3714Aborts the use of the key. This API uses a promise to return the result. 3715 3716> **NOTE** 3717> 3718> This API is deprecated since API version 9. You are advised to use [huks.abortSession<sup>9+</sup>](#huksabortsession9-1). 3719 3720**System capability**: SystemCapability.Security.Huks.Extension 3721 3722**Parameters** 3723 3724| Name | Type | Mandatory| Description | 3725| -------- | ---------------------- | ---- | ------------------------------------- | 3726| handle | number | Yes | Handle for the **abort** operation.| 3727| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abort** operation.| 3728 3729**Return value** 3730 3731| Type | Description | 3732| ----------------------------------- | -------------------------------------------------- | 3733| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the **abort** operation result.| 3734 3735**Example** 3736 3737```ts 3738import huks from '@ohos.security.huks'; 3739import { BusinessError } from '@ohos.base'; 3740/* huks.init, huks.update, and huks.finish must be used together. 3741 * If an error occurs in any of them, call huks.abort to terminate the use of the key. 3742 * 3743 * The following uses a 2048-bit RSA key as an example. The promise-based APIs are used. 3744 */ 3745class HuksProperties { 3746 tag: huks.HuksTag = huks.HuksTag.HUKS_TAG_ALGORITHM 3747 value: huks.HuksKeyAlg | huks.HuksKeySize | huks.HuksKeyPurpose | 3748 huks.HuksKeyPadding | huks.HuksKeyDigest = huks.HuksKeyAlg.HUKS_ALG_ECC 3749} 3750let keyalias = "HuksDemoRSA"; 3751let properties: HuksProperties[] = []; 3752let options: huks.HuksOptions = { 3753 properties: properties, 3754 inData: new Uint8Array(0) 3755}; 3756let handle: number = 0; 3757let resultMessage = ""; 3758 3759function stringToUint8Array(str: string) { 3760 let arr: number[] = []; 3761 for (let i = 0, j = str.length; i < j; ++i) { 3762 arr.push(str.charCodeAt(i)); 3763 } 3764 let tmpUint8Array = new Uint8Array(arr); 3765 return tmpUint8Array; 3766} 3767 3768async function generateKey() { 3769 properties[0] = { 3770 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3771 value: huks.HuksKeyAlg.HUKS_ALG_RSA 3772 }; 3773 properties[1] = { 3774 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3775 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 3776 }; 3777 properties[2] = { 3778 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3779 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 3780 }; 3781 properties[3] = { 3782 tag: huks.HuksTag.HUKS_TAG_PADDING, 3783 value: huks.HuksKeyPadding.HUKS_PADDING_OAEP 3784 }; 3785 properties[4] = { 3786 tag: huks.HuksTag.HUKS_TAG_DIGEST, 3787 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 3788 }; 3789 huks.generateKey(keyalias, options, (err, data) => { 3790 }); 3791} 3792 3793async function huksInit() { 3794 return new Promise<huks.HuksHandle>((resolve, reject) => { 3795 huks.init(keyalias, options, async (err, data) => { 3796 if (data.errorCode === 0) { 3797 resultMessage = "init success!" 3798 handle = data.handle; 3799 } else { 3800 resultMessage = "init fail errorCode: " + data.errorCode 3801 } 3802 }); 3803 }); 3804} 3805 3806async function huksUpdate() { 3807 options.inData = stringToUint8Array("huksHmacTest"); 3808 new Promise<huks.HuksResult>((resolve, reject) => { 3809 huks.update(handle, options.inData, options, (err, data) => { 3810 if (data.errorCode === 0) { 3811 resultMessage += "update success!"; 3812 } else { 3813 resultMessage += "update fail!"; 3814 } 3815 }); 3816 }); 3817 console.log(resultMessage); 3818 3819} 3820 3821async function huksFinish() { 3822 options.inData = stringToUint8Array("0"); 3823 new Promise<huks.HuksResult>((resolve, reject) => { 3824 huks.finish(handle, options, (err, data) => { 3825 if (data.errorCode === 0) { 3826 resultMessage = "finish success!"; 3827 } else { 3828 resultMessage = "finish fail errorCode: " + data.errorCode; 3829 } 3830 }); 3831 }); 3832} 3833 3834function huksAbort() { 3835 huks.abort(handle, options).then((data) => { 3836 if (data.errorCode === 0) { 3837 resultMessage = "abort success!"; 3838 } else { 3839 resultMessage = "abort fail errorCode: " + data.errorCode; 3840 } 3841 }).catch((err: BusinessError) => { 3842 resultMessage = "Failed to abort the use of the key. catch errorMessage:" + JSON.stringify(err) 3843 }); 3844 console.log(resultMessage); 3845} 3846``` 3847 3848## HuksHandle<sup>(deprecated)</sup> 3849 3850Defines the HUKS handle structure. 3851 3852**System capability**: SystemCapability.Security.Huks.Extension 3853> **NOTE** 3854> 3855> This API is deprecated since API version 9. You are advised to use [HuksSessionHandle<sup>9+</sup>](#hukssessionhandle9). 3856 3857| Name | Type | Mandatory| Description | 3858| ---------- | ---------------- | ---- | -------- | 3859| errorCode | number | Yes | Error code.| 3860| handle | number | Yes| Value of the handle.| 3861| token | Uint8Array | No| Challenge obtained after the [init](#huksinitdeprecated) operation.| 3862 3863## HuksResult<sup>(deprecated)</sup> 3864 3865Defines the **HuksResult** struct. 3866 3867**System capability**: SystemCapability.Security.Huks.Extension 3868 3869> **NOTE** 3870> 3871> - This API is deprecated since API version 9. You are advised to use [HuksReturnResult<sup>9+</sup>](#huksreturnresult9). 3872> - For details about the error codes, see [HUKS Error Codes](../errorcodes/errorcode-huks.md). 3873 3874| Name | Type | Mandatory| Description | 3875| ---------- | ------------------------------- | ---- | ---------------- | 3876| errorCode | number | Yes | Error code. | 3877| outData | Uint8Array | No | Output data. | 3878| properties | Array\<[HuksParam](#huksparam)> | No | Property information. | 3879| certChains | Array\<string> | No | Certificate chain information.| 3880 3881## HuksErrorCode<sup>(deprecated)</sup> 3882 3883Enumerates the error codes. 3884 3885**System capability**: SystemCapability.Security.Huks.Extension 3886> **NOTE** 3887> 3888> This API is deprecated since API version 9. You are advised to use [HuksExceptionErrCode<sup>9+</sup>](#huksexceptionerrcode9). 3889 3890| Name | Value | Description| 3891| -------------------------- | ----- | ---- | 3892| HUKS_SUCCESS | 0 |Success.| 3893| HUKS_FAILURE | -1 |Failure.| 3894| HUKS_ERROR_BAD_STATE | -2 |Incorrect state.| 3895| HUKS_ERROR_INVALID_ARGUMENT | -3 |Invalid argument.| 3896| HUKS_ERROR_NOT_SUPPORTED | -4 |Not supported.| 3897| HUKS_ERROR_NO_PERMISSION | -5 |No permission.| 3898| HUKS_ERROR_INSUFFICIENT_DATA | -6 |Insufficient data.| 3899| HUKS_ERROR_BUFFER_TOO_SMALL | -7 |Insufficient buffer.| 3900| HUKS_ERROR_INSUFFICIENT_MEMORY | -8 |Insufficient memory.| 3901| HUKS_ERROR_COMMUNICATION_FAILURE | -9 |Communication failure.| 3902| HUKS_ERROR_STORAGE_FAILURE | -10 |Insufficient storage space.| 3903| HUKS_ERROR_HARDWARE_FAILURE | -11 |Hardware fault.| 3904| HUKS_ERROR_ALREADY_EXISTS | -12 |The object already exists.| 3905| HUKS_ERROR_NOT_EXIST | -13 |The object does not exist.| 3906| HUKS_ERROR_NULL_POINTER | -14 |Null pointer.| 3907| HUKS_ERROR_FILE_SIZE_FAIL | -15 |Incorrect file size.| 3908| HUKS_ERROR_READ_FILE_FAIL | -16 |Failed to read the file.| 3909| HUKS_ERROR_INVALID_PUBLIC_KEY | -17 |Invalid public key.| 3910| HUKS_ERROR_INVALID_PRIVATE_KEY | -18 |Invalid private key.| 3911| HUKS_ERROR_INVALID_KEY_INFO | -19 |Invalid key information.| 3912| HUKS_ERROR_HASH_NOT_EQUAL | -20 |The hash values are not equal.| 3913| HUKS_ERROR_MALLOC_FAIL | -21 |MALLOC failed.| 3914| HUKS_ERROR_WRITE_FILE_FAIL | -22 |Failed to write the file.| 3915| HUKS_ERROR_REMOVE_FILE_FAIL | -23 |Failed to delete the file.| 3916| HUKS_ERROR_OPEN_FILE_FAIL | -24 |Failed to open the file.| 3917| HUKS_ERROR_CLOSE_FILE_FAIL | -25 |Failed to close the file.| 3918| HUKS_ERROR_MAKE_DIR_FAIL | -26 |Failed to create the directory.| 3919| HUKS_ERROR_INVALID_KEY_FILE | -27 |Invalid key file.| 3920| HUKS_ERROR_IPC_MSG_FAIL | -28 |Incorrect IPC information.| 3921| HUKS_ERROR_REQUEST_OVERFLOWS | -29 |Request overflows.| 3922| HUKS_ERROR_PARAM_NOT_EXIST | -30 |The parameter does not exist.| 3923| HUKS_ERROR_CRYPTO_ENGINE_ERROR | -31 |CRYPTO ENGINE error.| 3924| HUKS_ERROR_COMMUNICATION_TIMEOUT | -32 |Communication timed out.| 3925| HUKS_ERROR_IPC_INIT_FAIL | -33 |IPC initialization failed.| 3926| HUKS_ERROR_IPC_DLOPEN_FAIL | -34 |IPC DLOPEN failed.| 3927| HUKS_ERROR_EFUSE_READ_FAIL | -35 |Failed to read eFuse.| 3928| HUKS_ERROR_NEW_ROOT_KEY_MATERIAL_EXIST | -36 |New root key material exists.| 3929| HUKS_ERROR_UPDATE_ROOT_KEY_MATERIAL_FAIL | -37 |Failed to update the root key material.| 3930| HUKS_ERROR_VERIFICATION_FAILED | -38 |Failed to verify the certificate chain.| 3931| HUKS_ERROR_CHECK_GET_ALG_FAIL | -100 |Failed to obtain the ALG. | 3932| HUKS_ERROR_CHECK_GET_KEY_SIZE_FAIL | -101 |Failed to obtain the key size.| 3933| HUKS_ERROR_CHECK_GET_PADDING_FAIL | -102 |Failed to obtain the padding algorithm.| 3934| HUKS_ERROR_CHECK_GET_PURPOSE_FAIL | -103 |Failed to obtain the key purpose.| 3935| HUKS_ERROR_CHECK_GET_DIGEST_FAIL | -104 |Failed to obtain the digest algorithm.| 3936| HUKS_ERROR_CHECK_GET_MODE_FAIL | -105 |Failed to obtain the cipher mode.| 3937| HUKS_ERROR_CHECK_GET_NONCE_FAIL | -106 |Failed to obtain the nonce.| 3938| HUKS_ERROR_CHECK_GET_AAD_FAIL | -107 |Failed to obtain the AAD.| 3939| HUKS_ERROR_CHECK_GET_IV_FAIL | -108 |Failed to obtain the initialization vector (IV).| 3940| HUKS_ERROR_CHECK_GET_AE_TAG_FAIL | -109 |Failed to obtain the AE flag.| 3941| HUKS_ERROR_CHECK_GET_SALT_FAIL | -110 |Failed to obtain the salt value.| 3942| HUKS_ERROR_CHECK_GET_ITERATION_FAIL | -111 |Failed to obtain the number of iterations.| 3943| HUKS_ERROR_INVALID_ALGORITHM | -112 |Invalid algorithm.| 3944| HUKS_ERROR_INVALID_KEY_SIZE | -113 |Invalid key size.| 3945| HUKS_ERROR_INVALID_PADDING | -114 |Invalid padding algorithm.| 3946| HUKS_ERROR_INVALID_PURPOSE | -115 |Invalid key purpose.| 3947| HUKS_ERROR_INVALID_MODE | -116 |Invalid cipher mode.| 3948| HUKS_ERROR_INVALID_DIGEST | -117 |Invalid digest algorithm.| 3949| HUKS_ERROR_INVALID_SIGNATURE_SIZE | -118 |Invalid signature size.| 3950| HUKS_ERROR_INVALID_IV | -119 |Invalid IV.| 3951| HUKS_ERROR_INVALID_AAD | -120 |Invalid AAD.| 3952| HUKS_ERROR_INVALID_NONCE | -121 |Invalid nonce.| 3953| HUKS_ERROR_INVALID_AE_TAG | -122 |Invalid AE tag.| 3954| HUKS_ERROR_INVALID_SALT | -123 |Invalid salt value.| 3955| HUKS_ERROR_INVALID_ITERATION | -124 |Invalid iteration count.| 3956| HUKS_ERROR_INVALID_OPERATION | -125 |Invalid operation.| 3957| HUKS_ERROR_INTERNAL_ERROR | -999 |Internal error.| 3958| HUKS_ERROR_UNKNOWN_ERROR | -1000 |Unknown error.| 3959