1# 密钥协商(ArkTS) 2 3以协商密钥类型为X25519,并密钥仅在HUKS内使用为例,完成密钥协商。具体的场景介绍及支持的算法规格,请参考[密钥生成支持的算法](huks-key-generation-overview.md#支持的算法)。 4 5## 开发步骤 6 7**生成密钥** 8 9设备A、设备B各自生成一个非对称密钥,具体请参考[密钥生成](huks-key-generation-overview.md)或[密钥导入](huks-key-import-overview.md)。 10 11密钥生成时,可指定参数HUKS_TAG_DERIVED_AGREED_KEY_STORAGE_FLAG(可选),用于标识基于该密钥协商出的密钥是否由HUKS管理。 12 13- 当TAG设置为HUKS_STORAGE_ONLY_USED_IN_HUKS时,表示基于该密钥协商出的密钥,由HUKS管理,可保证协商密钥全生命周期不出安全环境。 14 15- 当TAG设置为HUKS_STORAGE_KEY_EXPORT_ALLOWED时,表示基于该密钥协商出的密钥,返回给调用方管理,由业务自行保证密钥安全。 16 17- 若业务未设置TAG的具体值,表示基于该密钥协商出的密钥,可由HUKS管理,也可返回给调用方管理,业务可在后续协商时再选择使用何种方式保护密钥。 18 19**导出密钥** 20 21设备A、B导出非对称密钥对的公钥材料,具体请参考[密钥导出](huks-export-key-arkts.md)。 22 23**密钥协商** 24 25设备A、B分别基于本端私钥和对端设备的公钥,协商出共享密钥。 26 27密钥协商时,可指定参数HUKS_TAG_DERIVED_AGREED_KEY_STORAGE_FLAG(可选),用于标识协商得到的密钥是否由HUKS管理。 28 29| 生成 | 协商 | 规格 | 30| -------- | -------- | -------- | 31| HUKS_STORAGE_ONLY_USED_IN_HUKS | HUKS_STORAGE_ONLY_USED_IN_HUKS | 密钥由HUKS管理 | 32| HUKS_STORAGE_KEY_EXPORT_ALLOWED | HUKS_STORAGE_KEY_EXPORT_ALLOWED | 密钥返回给调用方管理 | 33| 未指定TAG具体值 | HUKS_STORAGE_ONLY_USED_IN_HUKS | 密钥由HUKS管理 | 34| 未指定TAG具体值 | HUKS_STORAGE_KEY_EXPORT_ALLOWED | 密钥返回给调用方管理 | 35| 未指定TAG具体值 | 未指定TAG具体值 | 密钥返回给调用方管理 | 36 37注:协商时指定的TAG值,不可与生成时指定的TAG值冲突。表格中仅列举有效的指定方式。 38 39**删除密钥** 40 41当密钥废弃不用时,设备A、B均需要删除密钥,具体请参考[密钥删除](huks-delete-key-arkts.md)。 42 43 44下面分别以X25519 与 DH密钥为例,进行协商。 45- X25519非对称密钥协商用例 46 ```ts 47 /* 48 *以下以X25519密钥的Promise操作使用为例 49 */ 50 import { huks } from '@kit.UniversalKeystoreKit'; 51 52 /* 53 * 确定密钥别名和封装密钥属性参数集 54 */ 55 let srcKeyAliasFirst = "AgreeX25519KeyFirstAlias"; 56 let srcKeyAliasSecond = "AgreeX25519KeySecondAlias"; 57 let agreeX25519InData = 'AgreeX25519TestIndata'; 58 let finishOutData: Uint8Array; 59 let handle: number; 60 let exportKey: Uint8Array; 61 let exportKeyFirst: Uint8Array; 62 let exportKeySecond: Uint8Array; 63 /* 集成生成密钥参数集 */ 64 let properties: Array<huks.HuksParam> = [{ 65 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 66 value: huks.HuksKeyAlg.HUKS_ALG_X25519, 67 }, { 68 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 69 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_AGREE, 70 }, { 71 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 72 value: huks.HuksKeySize.HUKS_CURVE25519_KEY_SIZE_256, 73 }, { 74 tag: huks.HuksTag.HUKS_TAG_DIGEST, 75 value: huks.HuksKeyDigest.HUKS_DIGEST_NONE, 76 }, { 77 tag: huks.HuksTag.HUKS_TAG_PADDING, 78 value: huks.HuksKeyPadding.HUKS_PADDING_NONE, 79 }, { 80 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 81 value: huks.HuksCipherMode.HUKS_MODE_CBC, 82 }, { 83 tag: huks.HuksTag.HUKS_TAG_DERIVED_AGREED_KEY_STORAGE_FLAG, 84 value: huks.HuksKeyStorageType.HUKS_STORAGE_ONLY_USED_IN_HUKS, 85 }]; 86 let HuksOptions: huks.HuksOptions = { 87 properties: properties, 88 inData: new Uint8Array(new Array()) 89 } 90 /* 集成第一个协商参数集 */ 91 const finishProperties: Array<huks.HuksParam> = [{ 92 tag: huks.HuksTag.HUKS_TAG_DERIVED_AGREED_KEY_STORAGE_FLAG, 93 value: huks.HuksKeyStorageType.HUKS_STORAGE_ONLY_USED_IN_HUKS, 94 }, { 95 tag: huks.HuksTag.HUKS_TAG_IS_KEY_ALIAS, 96 value: true 97 }, { 98 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 99 value: huks.HuksKeyAlg.HUKS_ALG_AES, 100 }, { 101 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 102 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256, 103 }, { 104 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 105 value: 106 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | 107 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT, 108 }, { 109 tag: huks.HuksTag.HUKS_TAG_DIGEST, 110 value: huks.HuksKeyDigest.HUKS_DIGEST_NONE, 111 }, { 112 tag: huks.HuksTag.HUKS_TAG_PADDING, 113 value: huks.HuksKeyPadding.HUKS_PADDING_NONE, 114 }, { 115 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 116 value: huks.HuksCipherMode.HUKS_MODE_ECB, 117 }]; 118 let finishOptionsFirst: huks.HuksOptions = { 119 properties: [ 120 ...finishProperties, { 121 tag: huks.HuksTag.HUKS_TAG_KEY_ALIAS, 122 value: StringToUint8Array(srcKeyAliasFirst + 'final'), 123 }], 124 inData: StringToUint8Array(agreeX25519InData) 125 } 126 /* 集成第二个协商参数集 */ 127 let finishOptionsSecond: huks.HuksOptions = { 128 properties: [ 129 ...finishProperties, { 130 tag: huks.HuksTag.HUKS_TAG_KEY_ALIAS, 131 value: StringToUint8Array(srcKeyAliasSecond + 'final'), 132 }], 133 inData: StringToUint8Array(agreeX25519InData) 134 } 135 136 function StringToUint8Array(str: string) { 137 let arr: number[] = new Array(); 138 for (let i = 0, j = str.length; i < j; ++i) { 139 arr.push(str.charCodeAt(i)); 140 } 141 return new Uint8Array(arr); 142 } 143 144 class throwObject { 145 isThrow: boolean = false 146 } 147 148 /* 生成密钥 */ 149 function generateKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { 150 return new Promise<void>((resolve, reject) => { 151 try { 152 huks.generateKeyItem(keyAlias, huksOptions, (error, data) => { 153 if (error) { 154 reject(error); 155 } else { 156 resolve(data); 157 } 158 }); 159 } catch (error) { 160 throwObject.isThrow = true; 161 throw (error as Error); 162 } 163 }); 164 } 165 166 /* 调用generateKeyItem生成密钥 */ 167 async function publicGenKeyFunc(keyAlias: string, huksOptions: huks.HuksOptions) { 168 console.info(`enter promise generateKeyItem`); 169 let throwObject: throwObject = { isThrow: false }; 170 try { 171 await generateKeyItem(keyAlias, huksOptions, throwObject) 172 .then((data) => { 173 console.info(`promise: generateKeyItem success, data = ${JSON.stringify(data)}`); 174 }) 175 .catch((error: Error) => { 176 if (throwObject.isThrow) { 177 throw (error as Error); 178 } else { 179 console.error(`promise: generateKeyItem failed, ${JSON.stringify(error)}`); 180 } 181 }); 182 } catch (error) { 183 console.error(`promise: generateKeyItem input arg invalid, ${JSON.stringify(error)}`); 184 } 185 } 186 187 /*初始化密钥会话接口,并获取一个句柄(必选)和挑战值(可选)*/ 188 function initSession(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { 189 return new Promise<huks.HuksSessionHandle>((resolve, reject) => { 190 try { 191 huks.initSession(keyAlias, huksOptions, (error, data) => { 192 if (error) { 193 reject(error); 194 } else { 195 resolve(data); 196 } 197 }); 198 } catch (error) { 199 throwObject.isThrow = true; 200 throw (error as Error); 201 } 202 }); 203 } 204 205 /*调用initSession获取handle*/ 206 async function publicInitFunc(keyAlias: string, huksOptions: huks.HuksOptions) { 207 console.info(`enter promise doInit`); 208 let throwObject: throwObject = { isThrow: false }; 209 try { 210 await initSession(keyAlias, huksOptions, throwObject) 211 .then((data) => { 212 console.info(`promise: doInit success, data = ${JSON.stringify(data)}`); 213 handle = data.handle; 214 }) 215 .catch((error: Error) => { 216 if (throwObject.isThrow) { 217 throw (error as Error); 218 } else { 219 console.error(`promise: doInit failed, ${JSON.stringify(error)}`); 220 } 221 }); 222 } catch (error) { 223 console.error(`promise: doInit input arg invalid, ${JSON.stringify(error)}`); 224 } 225 } 226 227 /* 分段添加密钥操作的数据并进行相应的密钥操作,输出处理数据 */ 228 function updateSession(handle: number, huksOptions: huks.HuksOptions, throwObject: throwObject) { 229 return new Promise<huks.HuksReturnResult>((resolve, reject) => { 230 try { 231 huks.updateSession(handle, huksOptions, (error, data) => { 232 if (error) { 233 reject(error); 234 } else { 235 resolve(data); 236 } 237 }); 238 } catch (error) { 239 throwObject.isThrow = true; 240 throw (error as Error); 241 } 242 }); 243 } 244 245 /* 调用updateSession进行协商操作 */ 246 async function publicUpdateFunc(handle: number, huksOptions: huks.HuksOptions) { 247 console.info(`enter promise doUpdate`); 248 let throwObject: throwObject = { isThrow: false }; 249 try { 250 await updateSession(handle, huksOptions, throwObject) 251 .then((data) => { 252 console.info(`promise: doUpdate success, data = ${JSON.stringify(data)}`); 253 }) 254 .catch((error: Error) => { 255 if (throwObject.isThrow) { 256 throw (error as Error); 257 } else { 258 console.error(`promise: doUpdate failed, ${JSON.stringify(error)}`); 259 } 260 }); 261 } catch (error) { 262 console.error(`promise: doUpdate input arg invalid, ${JSON.stringify(error)}`); 263 } 264 } 265 266 /* 结束密钥会话并进行相应的密钥操作,输出处理数据 */ 267 function finishSession(handle: number, huksOptions: huks.HuksOptions, throwObject: throwObject) { 268 return new Promise<huks.HuksReturnResult>((resolve, reject) => { 269 try { 270 huks.finishSession(handle, huksOptions, (error, data) => { 271 if (error) { 272 reject(error); 273 } else { 274 resolve(data); 275 } 276 }); 277 } catch (error) { 278 throwObject.isThrow = true; 279 throw (error as Error); 280 } 281 }); 282 } 283 284 /* 调用finishSession结束操作 */ 285 async function publicFinishFunc(handle: number, huksOptions: huks.HuksOptions) { 286 console.info(`enter promise doFinish`); 287 let throwObject: throwObject = { isThrow: false }; 288 try { 289 await finishSession(handle, huksOptions, throwObject) 290 .then((data) => { 291 finishOutData = data.outData as Uint8Array; 292 console.info(`promise: doFinish success, data = ${JSON.stringify(data)}`); 293 }) 294 .catch((error: Error) => { 295 if (throwObject.isThrow) { 296 throw (error as Error); 297 } else { 298 console.error(`promise: doFinish failed, ${JSON.stringify(error)}`); 299 } 300 }); 301 } catch (error) { 302 console.error(`promise: doFinish input arg invalid, ${JSON.stringify(error)}`); 303 } 304 } 305 306 /* 导出密钥 */ 307 function exportKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { 308 return new Promise<huks.HuksReturnResult>((resolve, reject) => { 309 try { 310 huks.exportKeyItem(keyAlias, huksOptions, (error, data) => { 311 if (error) { 312 reject(error); 313 } else { 314 resolve(data); 315 } 316 }); 317 } catch (error) { 318 throwObject.isThrow = true; 319 throw (error as Error); 320 } 321 }); 322 } 323 324 /* 调用exportKeyItem导出公钥操作 */ 325 async function publicExportKeyFunc(keyAlias: string, huksOptions: huks.HuksOptions) { 326 console.info(`enter promise export`); 327 let throwObject: throwObject = { isThrow: false }; 328 try { 329 await exportKeyItem(keyAlias, huksOptions, throwObject) 330 .then((data) => { 331 console.info(`promise: exportKeyItem success, data = ${JSON.stringify(data)}`); 332 exportKey = data.outData as Uint8Array; 333 }) 334 .catch((error: Error) => { 335 if (throwObject.isThrow) { 336 throw (error as Error); 337 } else { 338 console.error(`promise: exportKeyItem failed, ${JSON.stringify(error)}`); 339 } 340 }); 341 } catch (error) { 342 console.error(`promise: exportKeyItem input arg invalid, ${JSON.stringify(error)}`); 343 } 344 } 345 346 /* 删除密钥操作 */ 347 function deleteKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { 348 return new Promise<void>((resolve, reject) => { 349 try { 350 huks.deleteKeyItem(keyAlias, huksOptions, (error, data) => { 351 if (error) { 352 reject(error); 353 } else { 354 resolve(data); 355 } 356 }); 357 } catch (error) { 358 throwObject.isThrow = true; 359 throw (error as Error); 360 } 361 }); 362 } 363 364 /* 调用deleteKeyItem删除密钥操作 */ 365 async function publicDeleteKeyFunc(keyAlias: string, huksOptions: huks.HuksOptions) { 366 console.info(`enter promise deleteKeyItem`); 367 let throwObject: throwObject = { isThrow: false }; 368 try { 369 await deleteKeyItem(keyAlias, huksOptions, throwObject) 370 .then((data) => { 371 console.info(`promise: deleteKeyItem key success, data = ${JSON.stringify(data)}`); 372 }) 373 .catch((error: Error) => { 374 if (throwObject.isThrow) { 375 throw (error as Error); 376 } else { 377 console.error(`promise: deleteKeyItem failed, ${JSON.stringify(error)}`); 378 } 379 }); 380 } catch (error) { 381 console.error(`promise: deleteKeyItem input arg invalid, ${JSON.stringify(error)}`); 382 } 383 } 384 385 async function testAgree() { 386 /* 1.确定密钥别名并集成并集成要参数集 A设备:srcKeyAliasFirst B设备:srcKeyAliasSecond*/ 387 /* 2.设备A生成密钥 */ 388 await publicGenKeyFunc(srcKeyAliasFirst, HuksOptions); 389 /* 3.设备B生成密钥 */ 390 await publicGenKeyFunc(srcKeyAliasSecond, HuksOptions); 391 /* 4.设备A、B导出非对称密钥的公钥 */ 392 await publicExportKeyFunc(srcKeyAliasFirst, HuksOptions); 393 exportKeyFirst = exportKey; 394 await publicExportKeyFunc(srcKeyAliasSecond, HuksOptions); 395 exportKeySecond = exportKey; 396 /* 5.对第一个密钥进行协商(三段式)*/ 397 await publicInitFunc(srcKeyAliasFirst, HuksOptions); 398 HuksOptions.inData = exportKeySecond; 399 await publicUpdateFunc(handle, HuksOptions); 400 await publicFinishFunc(handle, finishOptionsFirst); 401 /* 5.对第二个密钥进行协商(三段式) */ 402 await publicInitFunc(srcKeyAliasSecond, HuksOptions); 403 HuksOptions.inData = exportKeyFirst; 404 await publicUpdateFunc(handle, HuksOptions); 405 await publicFinishFunc(handle, finishOptionsSecond); 406 /* 6.设备A、B删除密钥 */ 407 await publicDeleteKeyFunc(srcKeyAliasFirst, HuksOptions); 408 await publicDeleteKeyFunc(srcKeyAliasSecond, HuksOptions); 409 } 410 ``` 411 412- DH密钥协商用例 413 414 ```ts 415 /* 416 *以下以 DH密钥的Promise操作使用为例 417 */ 418 import { huks } from '@kit.UniversalKeystoreKit' 419 420 function StringToUint8Array(str: string) { 421 let arr: number[] = [] 422 for (let i = 0, j = str.length; i < j; ++i) { 423 arr.push(str.charCodeAt(i)) 424 } 425 return new Uint8Array(arr) 426 } 427 428 function Uint8ArrayToBigInt(arr: Uint8Array): bigint { 429 let i = 0 430 const byteMax: bigint = BigInt('0x100') 431 let result: bigint = BigInt('0') 432 while (i < arr.length) { 433 result = result * byteMax 434 result = result + BigInt(arr[i]) 435 i += 1 436 } 437 return result 438 } 439 440 const dhAgree: Array<huks.HuksParam> = [{ 441 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 442 value: huks.HuksKeyAlg.HUKS_ALG_DH, 443 }, { 444 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 445 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_AGREE, 446 }] 447 const dh2048Agree: Array<huks.HuksParam> = [ 448 ...dhAgree, { 449 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 450 value: huks.HuksKeySize.HUKS_DH_KEY_SIZE_2048, 451 }] 452 const dhGenOptions: huks.HuksOptions = { 453 properties: dh2048Agree, 454 inData: new Uint8Array([]) 455 } 456 const emptyOptions: huks.HuksOptions = { 457 properties: [], 458 inData: new Uint8Array([]) 459 } 460 461 async function HuksDhAgreeExportKey(keyAlias: string, 462 peerPubKey: huks.HuksReturnResult): Promise<huks.HuksReturnResult> { 463 const initHandle = await huks.initSession(keyAlias, dhGenOptions) 464 const dhAgreeUpdateBobPubKey: huks.HuksOptions = { 465 properties: [ 466 ...dh2048Agree, { 467 tag: huks.HuksTag.HUKS_TAG_DERIVED_AGREED_KEY_STORAGE_FLAG, 468 value: huks.HuksKeyStorageType.HUKS_STORAGE_KEY_EXPORT_ALLOWED, 469 }], 470 inData: peerPubKey.outData 471 } 472 await huks.updateSession(initHandle.handle, dhAgreeUpdateBobPubKey) 473 return await huks.finishSession(initHandle.handle, emptyOptions) 474 } 475 476 async function HuksDhAgreeExportTest( 477 aliasA: string, aliasB: string, 478 pubKeyA: huks.HuksReturnResult, pubKeyB: huks.HuksReturnResult) { 479 480 const agreedKeyFromAlice = await HuksDhAgreeExportKey(aliasA, pubKeyB) 481 console.info(`ok! agreedKeyFromAlice export is 0x${Uint8ArrayToBigInt(agreedKeyFromAlice.outData).toString(16)}`) 482 483 const agreedKeyFromBob = await HuksDhAgreeExportKey(aliasB, pubKeyA) 484 console.info(`ok! agreedKeyFromBob export is 0x${Uint8ArrayToBigInt(agreedKeyFromBob.outData).toString(16)}`) 485 } 486 487 async function HuksDhAgreeInHuks(keyAlias: string, peerPubKey: huks.HuksReturnResult, 488 aliasAgreedKey: string): Promise<huks.HuksReturnResult> { 489 const onlyUsedInHuks: Array<huks.HuksParam> = [{ 490 tag: huks.HuksTag.HUKS_TAG_KEY_STORAGE_FLAG, 491 value: huks.HuksKeyStorageType.HUKS_STORAGE_ONLY_USED_IN_HUKS, 492 }, { 493 tag: huks.HuksTag.HUKS_TAG_DERIVED_AGREED_KEY_STORAGE_FLAG, 494 value: huks.HuksKeyStorageType.HUKS_STORAGE_ONLY_USED_IN_HUKS, 495 }] 496 const dhAgreeInit: huks.HuksOptions = { 497 properties: [ 498 ...dhAgree, 499 { tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256, }, 500 ...onlyUsedInHuks], 501 inData: new Uint8Array([]) 502 } 503 const dhAgreeFinishParams: Array<huks.HuksParam> = [ 504 ...onlyUsedInHuks, 505 { tag: huks.HuksTag.HUKS_TAG_IS_KEY_ALIAS, value: true }, 506 { tag: huks.HuksTag.HUKS_TAG_ALGORITHM, value: huks.HuksKeyAlg.HUKS_ALG_AES }, 507 { tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 }, 508 { 509 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 510 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 511 }] 512 513 const handle = await huks.initSession(keyAlias, dhAgreeInit) 514 const dhAgreeUpdatePubKey: huks.HuksOptions = { 515 properties: [...dhAgree, ...onlyUsedInHuks], 516 inData: peerPubKey.outData 517 } 518 await huks.updateSession(handle.handle, dhAgreeUpdatePubKey) 519 const dhAgreeAliceFinnish: huks.HuksOptions = { 520 properties: [...dhAgreeFinishParams, { 521 tag: huks.HuksTag.HUKS_TAG_KEY_ALIAS, value: StringToUint8Array(aliasAgreedKey) 522 }], inData: new Uint8Array([]) 523 } 524 return await huks.finishSession(handle.handle, dhAgreeAliceFinnish) 525 } 526 527 async function HuksDhAgreeInHuksTest( 528 aliasA: string, aliasB: string, 529 pubKeyA: huks.HuksReturnResult, pubKeyB: huks.HuksReturnResult, 530 aliasAgreedKeyFromA: string, aliasAgreedKeyFromB: string) { 531 532 const finishAliceResult = await HuksDhAgreeInHuks(aliasA, pubKeyB, aliasAgreedKeyFromA) 533 console.info(`ok! finishAliceResult in huks is 0x${Uint8ArrayToBigInt(finishAliceResult.outData).toString(16)}`) 534 const aliceAgreedExist = await huks.isKeyItemExist(aliasAgreedKeyFromA, emptyOptions) 535 console.info(`ok! aliceAgreedExist in huks is ${aliceAgreedExist}`) 536 537 const finishBobResult = await HuksDhAgreeInHuks(aliasB, pubKeyA, aliasAgreedKeyFromB) 538 console.info(`ok! finishBobResult in huks is 0x${Uint8ArrayToBigInt(finishBobResult.outData).toString(16)}`) 539 const bobAgreedExist = await huks.isKeyItemExist(aliasAgreedKeyFromB, emptyOptions) 540 console.info(`ok! bobAgreedExist in huks is ${bobAgreedExist}`) 541 542 await huks.deleteKeyItem(aliasAgreedKeyFromA, emptyOptions) 543 await huks.deleteKeyItem(aliasAgreedKeyFromB, emptyOptions) 544 } 545 546 export default async function HuksDhAgreeTest() { 547 const aliasAlice = 'alice' 548 const aliasBob = 'bob' 549 550 /* 调用generateKeyItem生成别名为alice与bob的两个密钥 */ 551 await huks.generateKeyItem(aliasAlice, dhGenOptions) 552 await huks.generateKeyItem(aliasBob, dhGenOptions) 553 554 /* 导出非对称密钥alice与bob的的公钥 */ 555 const pubKeyAlice = await huks.exportKeyItem(aliasAlice, emptyOptions) 556 const pubKeyBob = await huks.exportKeyItem(aliasBob, emptyOptions) 557 558 /* 开始协商,协商生成的密钥返回给业务管理 */ 559 await HuksDhAgreeExportTest(aliasAlice, aliasBob, pubKeyAlice, pubKeyBob) 560 561 /* 开始协商,协商生成的密钥由HUKS管理 */ 562 await HuksDhAgreeInHuksTest(aliasAlice, aliasBob, pubKeyAlice, pubKeyBob, 'agreedKeyFromAlice', 'agreedKeyFromBob') 563 564 await huks.deleteKeyItem(aliasAlice, emptyOptions) 565 await huks.deleteKeyItem(aliasBob, emptyOptions) 566 } 567 ``` 568