1# 明文导入密钥(ArkTS) 2 3分别以导入AES256与RSA2048密钥为例,具体的场景介绍及支持的算法规格,请参考[密钥导入的支持的算法](huks-key-import-overview.md#支持的算法)。 4 5## 开发步骤 6 71. 指定密钥别名keyAlias。 8 密钥别名的最大长度为128字节。 9 102. 封装密钥属性集和密钥材料。 11 - 密钥属性集同样与密钥生成中指定的密钥属性一致,须包含[HuksKeyAlg](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukskeyalg)、[HuksKeySize](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukskeysize)、[HuksKeyPurpose](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukskeypurpose)属性。 12 - 密钥材料须符合[HUKS密钥材料格式](huks-concepts.md#密钥材料格式),并以Uint8Array形式赋值给[HuksOptions](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksoptions)的inData字段。 13 143. 调用[huks.importKeyItem](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksimportkeyitem9),传入密钥别名和密钥属性集,即可导入密钥。 15 16 HuksParam和HuksOptions的含义参考:[HuksParam](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksparam) 和 [HuksOptions](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksoptions) 17 18### 导入AES256密钥 19```ts 20/* 以下以导入AES256密钥的Callback操作使用为例 */ 21import { huks } from '@kit.UniversalKeystoreKit' 22 23/* 密钥材料 */ 24let plainTextSize32 = new Uint8Array([ 25 0xfb, 0x8b, 0x9f, 0x12, 0xa0, 0x83, 0x19, 0xbe, 0x6a, 0x6f, 0x63, 0x2a, 0x7c, 0x86, 0xba, 0xca, 26 0x64, 0x0b, 0x88, 0x96, 0xe2, 0xfa, 0x77, 0xbc, 0x71, 0xe3, 0x0f, 0x0f, 0x9e, 0x3c, 0xe5, 0xf9 27]); 28/* 1.确定密钥别名 */ 29let keyAlias = 'AES256Alias_sample'; 30 31/* 2.封装密钥属性集和密钥材料 */ 32let properties: Array<huks.HuksParam> = [ 33 { 34 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 35 value: huks.HuksKeyAlg.HUKS_ALG_AES 36 }, 37 { 38 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 39 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 40 }, 41 { 42 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 43 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 44 }, 45] 46let options: huks.HuksOptions = { 47 properties: properties, 48 inData: plainTextSize32 49}; 50/* 3.明文导入密钥 */ 51try { 52 huks.importKeyItem(keyAlias, options, (error, data) => { 53 if (error) { 54 console.error(`callback: importKeyItem failed` + JSON.stringify(error)); 55 } else { 56 console.info(`callback: importKeyItem success`); 57 } 58 }); 59} catch (error) { 60 console.error(`callback: importKeyItem input arg invalid` + JSON.stringify(error)); 61} 62``` 63### 导入RSA2048密钥对 64```ts 65/* 以下以导入RSA2048密钥的Callback操作使用为例 */ 66import { huks } from '@kit.UniversalKeystoreKit' 67 68let rsa2048KeyPairMaterial = new Uint8Array([ 69 0x01, 0x00, 0x00, 0x00, // 密钥算法(小端表示)huks.HuksKeyAlg.HUKS_ALG_RSA = 1 70 0x00, 0x08, 0x00, 0x00, // 密钥大小(比特):2048 71 0x00, 0x01, 0x00, 0x00, // 模数n长度(字节):256 72 0x03, 0x00, 0x00, 0x00, // 公钥指数e长度(字节):3 73 0x00, 0x01, 0x00, 0x00, // 私钥指数d长度(字节):256 74 // 模数n 75 0xc5, 0x35, 0x62, 0x48, 0xc4, 0x92, 0x87, 0x73, 0x0d, 0x42, 0x96, 0xfc, 0x7b, 0x11, 0x05, 0x06, 76 0x0f, 0x8d, 0x66, 0xc1, 0x0e, 0xad, 0x37, 0x44, 0x92, 0x95, 0x2f, 0x6a, 0x55, 0xba, 0xec, 0x1d, 77 0x54, 0x62, 0x0a, 0x4b, 0xd3, 0xc7, 0x05, 0xe4, 0x07, 0x40, 0xd9, 0xb7, 0xc2, 0x12, 0xcb, 0x9a, 78 0x90, 0xad, 0xe3, 0x24, 0xe8, 0x5e, 0xa6, 0xf8, 0xd0, 0x6e, 0xbc, 0xd1, 0x69, 0x7f, 0x6b, 0xe4, 79 0x2b, 0x4e, 0x1a, 0x65, 0xbb, 0x73, 0x88, 0x6b, 0x7c, 0xaf, 0x7e, 0xd0, 0x47, 0x26, 0xeb, 0xa5, 80 0xbe, 0xd6, 0xe8, 0xee, 0x9c, 0xa5, 0x66, 0xa5, 0xc9, 0xd3, 0x25, 0x13, 0xc4, 0x0e, 0x6c, 0xab, 81 0x50, 0xb6, 0x50, 0xc9, 0xce, 0x8f, 0x0a, 0x0b, 0xc6, 0x28, 0x69, 0xe9, 0x83, 0x69, 0xde, 0x42, 82 0x56, 0x79, 0x7f, 0xde, 0x86, 0x24, 0xca, 0xfc, 0xaa, 0xc0, 0xf3, 0xf3, 0x7f, 0x92, 0x8e, 0x8a, 83 0x12, 0x52, 0xfe, 0x50, 0xb1, 0x5e, 0x8c, 0x01, 0xce, 0xfc, 0x7e, 0xf2, 0x4f, 0x5f, 0x03, 0xfe, 84 0xa7, 0xcd, 0xa1, 0xfc, 0x94, 0x52, 0x00, 0x8b, 0x9b, 0x7f, 0x09, 0xab, 0xa8, 0xa4, 0xf5, 0xb4, 85 0xa5, 0xaa, 0xfc, 0x72, 0xeb, 0x17, 0x40, 0xa9, 0xee, 0xbe, 0x8f, 0xc2, 0xd1, 0x80, 0xc2, 0x0d, 86 0x44, 0xa9, 0x59, 0x44, 0x59, 0x81, 0x3b, 0x5d, 0x4a, 0xde, 0xfb, 0xae, 0x24, 0xfc, 0xa3, 0xd9, 87 0xbc, 0x57, 0x55, 0xc2, 0x26, 0xbc, 0x19, 0xa7, 0x9a, 0xc5, 0x59, 0xa3, 0xee, 0x5a, 0xef, 0x41, 88 0x80, 0x7d, 0xf8, 0x5e, 0xc1, 0x1d, 0x32, 0x38, 0x41, 0x5b, 0xb6, 0x92, 0xb8, 0xb7, 0x03, 0x0d, 89 0x3e, 0x59, 0x0f, 0x1c, 0xb3, 0xe1, 0x2a, 0x95, 0x1a, 0x3b, 0x50, 0x4f, 0xc4, 0x1d, 0xcf, 0x73, 90 0x7c, 0x14, 0xca, 0xe3, 0x0b, 0xa7, 0xc7, 0x1a, 0x41, 0x4a, 0xee, 0xbe, 0x1f, 0x43, 0xdd, 0xf9, 91 // 公钥指数e 92 0x01, 0x00, 0x01, 93 // 私钥指数d 94 0x88, 0x4b, 0x82, 0xe7, 0xe3, 0xe3, 0x99, 0x75, 0x6c, 0x9e, 0xaf, 0x17, 0x44, 0x3e, 0xd9, 0x07, 95 0xfd, 0x4b, 0xae, 0xce, 0x92, 0xc4, 0x28, 0x44, 0x5e, 0x42, 0x79, 0x08, 0xb6, 0xc3, 0x7f, 0x58, 96 0x2d, 0xef, 0xac, 0x4a, 0x07, 0xcd, 0xaf, 0x46, 0x8f, 0xb4, 0xc4, 0x43, 0xf9, 0xff, 0x5f, 0x74, 97 0x2d, 0xb5, 0xe0, 0x1c, 0xab, 0xf4, 0x6e, 0xd5, 0xdb, 0xc8, 0x0c, 0xfb, 0x76, 0x3c, 0x38, 0x66, 98 0xf3, 0x7f, 0x01, 0x43, 0x7a, 0x30, 0x39, 0x02, 0x80, 0xa4, 0x11, 0xb3, 0x04, 0xd9, 0xe3, 0x57, 99 0x23, 0xf4, 0x07, 0xfc, 0x91, 0x8a, 0xc6, 0xcc, 0xa2, 0x16, 0x29, 0xb3, 0xe5, 0x76, 0x4a, 0xa8, 100 0x84, 0x19, 0xdc, 0xef, 0xfc, 0xb0, 0x63, 0x33, 0x0b, 0xfa, 0xf6, 0x68, 0x0b, 0x08, 0xea, 0x31, 101 0x52, 0xee, 0x99, 0xef, 0x43, 0x2a, 0xbe, 0x97, 0xad, 0xb3, 0xb9, 0x66, 0x7a, 0xae, 0xe1, 0x8f, 102 0x57, 0x86, 0xe5, 0xfe, 0x14, 0x3c, 0x81, 0xd0, 0x64, 0xf8, 0x86, 0x1a, 0x0b, 0x40, 0x58, 0xc9, 103 0x33, 0x49, 0xb8, 0x99, 0xc6, 0x2e, 0x94, 0x70, 0xee, 0x09, 0x88, 0xe1, 0x5c, 0x4e, 0x6c, 0x22, 104 0x72, 0xa7, 0x2a, 0x21, 0xdd, 0xd7, 0x1d, 0xfc, 0x63, 0x15, 0x0b, 0xde, 0x06, 0x9c, 0xf3, 0x28, 105 0xf3, 0xac, 0x4a, 0xa8, 0xb5, 0x50, 0xca, 0x9b, 0xcc, 0x0a, 0x04, 0xfe, 0x3f, 0x98, 0x68, 0x81, 106 0xac, 0x24, 0x53, 0xea, 0x1f, 0x1c, 0x6e, 0x5e, 0xca, 0xe8, 0x31, 0x0d, 0x08, 0x12, 0xf3, 0x26, 107 0xf8, 0x5e, 0xeb, 0x10, 0x27, 0xae, 0xaa, 0xc3, 0xad, 0x6c, 0xc1, 0x89, 0xdb, 0x7d, 0x5a, 0x12, 108 0x55, 0xad, 0x11, 0x19, 0xa1, 0xa9, 0x8f, 0x0b, 0x6d, 0x78, 0x8d, 0x1c, 0xdf, 0xe5, 0x63, 0x82, 109 0x0b, 0x7d, 0x23, 0x04, 0xb4, 0x75, 0x8c, 0xed, 0x77, 0xfc, 0x1a, 0x85, 0x29, 0x11, 0xe0, 0x61, 110]); 111 112/* 1.确定密钥别名 */ 113let keyAlias = 'RSA_sample'; 114/* 2.封装密钥属性集和密钥材料 */ 115let properties: Array<huks.HuksParam> = [ 116 { 117 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 118 value: huks.HuksKeyAlg.HUKS_ALG_RSA 119 }, 120 { 121 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 122 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 123 }, 124 { 125 // 此 tag表示密钥导入后的用途,导入后将不可更改。 126 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 127 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 128 }, 129 { 130 // 此 tag表示需导入的密钥类型。 131 tag: huks.HuksTag.HUKS_TAG_IMPORT_KEY_TYPE, 132 // 此 value表示导入密钥对,若改为HUKS_KEY_TYPE_PUBLIC_KEY时表示仅导入公钥。 133 value: huks.HuksImportKeyType.HUKS_KEY_TYPE_KEY_PAIR 134 }, 135] 136let options: huks.HuksOptions = { 137 properties: properties, 138 inData: rsa2048KeyPairMaterial 139}; 140/* 3.明文导入密钥 */ 141try { 142 huks.importKeyItem(keyAlias, options, (error, data) => { 143 if (error) { 144 console.error(`callback: importKeyItem failed` + error); 145 } else { 146 console.info(`callback: importKeyItem success`); 147 } 148 }); 149} catch (error) { 150 console.error(`callback: importKeyItem input arg invalid` + error); 151} 152``` 153### 导入X25519密钥公钥 154```ts 155/* 以下以导入X25519密钥的Callback操作使用为例 */ 156import { huks } from '@kit.UniversalKeystoreKit' 157// X25519的公钥数据。X25519 密钥对中的私钥和公钥都是 32 字节(256 位),关于算法原理请自行参考相关密钥学资料。 158let x25519KeyPubMaterial = new Uint8Array([ 159 0x30, 0x2A, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x6E, 0x03, 0x21, 0x00, 0xD2, 0x36, 0x9E, 0xCF, 160 0xF0, 0x61, 0x5B, 0x73, 0xCE, 0x4F, 0xF0, 0x40, 0x2B, 0x89, 0x18, 0x3E, 0x06, 0x33, 0x60, 0xC6 161]); 162 163/* 1.确定密钥别名 */ 164let keyAlias = 'X25519_Pub_import_sample'; 165/* 2.封装密钥属性集和密钥材料 */ 166let properties: Array<huks.HuksParam> = [ 167 { 168 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 169 value: huks.HuksKeyAlg.HUKS_ALG_X25519 170 }, 171 { 172 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 173 value: huks.HuksKeySize.HUKS_CURVE25519_KEY_SIZE_256 174 }, 175 { 176 // 此 tag表示密钥导入后的用途,导入后将不可更改。 177 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 178 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 179 }, 180 { 181 // 此 tag表示需导入的密钥类型。 182 tag: huks.HuksTag.HUKS_TAG_IMPORT_KEY_TYPE, 183 // 此 value表示导入密钥的公钥,若改为HUKS_KEY_TYPE_KEY_PAIR时表示导入密钥对。 184 value: huks.HuksImportKeyType.HUKS_KEY_TYPE_PUBLIC_KEY 185 }, 186] 187let options: huks.HuksOptions = { 188 properties: properties, 189 inData: x25519KeyPubMaterial 190}; 191/* 3.明文导入密钥 */ 192try { 193 huks.importKeyItem(keyAlias, options, (error, data) => { 194 if (error) { 195 console.error(`callback: importKeyItem failed` + error); 196 } else { 197 console.info(`callback: importKeyItem success`); 198 } 199 }); 200} catch (error) { 201 console.error(`callback: importKeyItem input arg invalid` + error); 202} 203``` 204## 调测验证 205 206调用[huks.isKeyItemExist](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksiskeyitemexist9)验证密钥是否存在,如密钥存在即表示密钥导入成功。 207 208```ts 209import { huks } from '@kit.UniversalKeystoreKit'; 210 211let keyAlias = 'AES256Alias_sample'; 212let isKeyExist = false; 213 214let keyProperties: Array<huks.HuksParam> = [ 215 { 216 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 217 value: huks.HuksKeyAlg.HUKS_ALG_AES 218 } 219] 220let huksOptions: huks.HuksOptions = { 221 properties: keyProperties, // 非空填充。 222 inData: new Uint8Array(new Array()) // 非空填充。 223} 224try { 225 huks.isKeyItemExist(keyAlias, huksOptions, (error, data) => { 226 if (error) { 227 console.error(`callback: isKeyItemExist failed, ` + JSON.stringify(error)); 228 } else { 229 if (data !== null && data.valueOf() !== null) { 230 isKeyExist = data.valueOf(); 231 console.info(`callback: isKeyItemExist success, isKeyExist = ${isKeyExist}`); 232 } 233 } 234 }); 235} catch (error) { 236 console.error(`callback: isKeyItemExist input arg invalid, ` + JSON.stringify(error)); 237} 238``` 239