1# 非匿名密钥证明(ArkTS) 2 3在使用本功能前,需申请权限:[ohos.permission.ATTEST_KEY](../AccessToken/permissions-for-system-apps.md#ohospermissionattest_key)。请开发者根据应用的APL等级,参考具体的操作路径[权限申请](../AccessToken/determine-application-mode.md)。 4 5## 开发步骤 6 71. 确定密钥别名keyAlias,密钥别名最大长度为128字节。 8 92. 初始化参数集。[HuksOptions](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksoptions)中的properties字段中的参数必须包含[HUKS_TAG_ATTESTATION_CHALLENGE](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag)属性,可选参数包含[HUKS_TAG_ATTESTATION_ID_VERSION_INFO](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag),[HUKS_TAG_ATTESTATION_ID_ALIAS](../../reference/apis-universal-keystore-kit/js-apis-huks.md#hukstag)属性。 10 113. 生成非对称密钥,具体请参考[密钥生成](huks-key-generation-overview.md)。 12 134. 将密钥别名与参数集作为参数传入[huks.attestKeyItem](../../reference/apis-universal-keystore-kit/js-apis-huks.md#huksattestkeyitem9)方法中,即可证明密钥。 14 15```ts 16/* 17 * 以下以attestKey的Promise接口操作验证为例 18 */ 19import { huks } from '@kit.UniversalKeystoreKit'; 20 21/* 1.确定密钥别名 */ 22let keyAliasString = "key attest"; 23let aliasString = keyAliasString; 24let aliasUint8 = StringToUint8Array(keyAliasString); 25let securityLevel = StringToUint8Array('sec_level'); 26let challenge = StringToUint8Array('challenge_data'); 27let versionInfo = StringToUint8Array('version_info'); 28let attestCertChain: Array<string>; 29 30class throwObject { 31 isThrow: boolean = false; 32} 33 34/* 封装生成时的密钥参数集 */ 35let genKeyProperties: Array<huks.HuksParam> = [ 36 { 37 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 38 value: huks.HuksKeyAlg.HUKS_ALG_RSA 39 }, 40 { 41 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 42 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 43 }, 44 { 45 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 46 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 47 }, 48 { 49 tag: huks.HuksTag.HUKS_TAG_DIGEST, 50 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 51 }, 52 { 53 tag: huks.HuksTag.HUKS_TAG_PADDING, 54 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 55 }, 56 { 57 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 58 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 59 }, 60 { 61 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 62 value: huks.HuksCipherMode.HUKS_MODE_ECB 63 } 64] 65let genOptions: huks.HuksOptions = { 66 properties: genKeyProperties 67}; 68 69/* 2.封装证明密钥的参数集 */ 70let attestKeyproperties: Array<huks.HuksParam> = [ 71 { 72 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 73 value: securityLevel 74 }, 75 { 76 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 77 value: challenge 78 }, 79 { 80 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 81 value: versionInfo 82 }, 83 { 84 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 85 value: aliasUint8 86 } 87] 88let huksOptions: huks.HuksOptions = { 89 properties: attestKeyproperties 90}; 91 92function StringToUint8Array(str: string) { 93 let arr: number[] = []; 94 for (let i = 0, j = str.length; i < j; ++i) { 95 arr.push(str.charCodeAt(i)); 96 } 97 return new Uint8Array(arr); 98} 99 100function generateKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { 101 return new Promise<void>((resolve, reject) => { 102 try { 103 huks.generateKeyItem(keyAlias, huksOptions, (error, data) => { 104 if (error) { 105 reject(error); 106 } else { 107 resolve(data); 108 } 109 }); 110 } catch (error) { 111 throwObject.isThrow = true; 112 throw (error as Error); 113 } 114 }); 115} 116 117/* 3.生成密钥 */ 118async function publicGenKeyFunc(keyAlias: string, huksOptions: huks.HuksOptions) { 119 console.info(`enter promise generateKeyItem`); 120 let throwObject: throwObject = { isThrow: false }; 121 try { 122 await generateKeyItem(keyAlias, huksOptions, throwObject) 123 .then((data) => { 124 console.info(`promise: generateKeyItem success, data = ${JSON.stringify(data)}`); 125 }) 126 .catch((error: Error) => { 127 if (throwObject.isThrow) { 128 throw (error as Error); 129 } else { 130 console.error(`promise: generateKeyItem failed, ${JSON.stringify(error)}`); 131 } 132 }); 133 } catch (error) { 134 console.error(`promise: generateKeyItem input arg invalid, ${JSON.stringify(error)}`); 135 } 136} 137 138/* 4.证明密钥 */ 139function attestKeyItem(keyAlias: string, huksOptions: huks.HuksOptions, throwObject: throwObject) { 140 return new Promise<huks.HuksReturnResult>((resolve, reject) => { 141 try { 142 huks.attestKeyItem(keyAlias, huksOptions, (error, data) => { 143 if (error) { 144 reject(error); 145 } else { 146 resolve(data); 147 } 148 }); 149 } catch (error) { 150 throwObject.isThrow = true; 151 throw (error as Error); 152 } 153 }); 154} 155 156async function publicAttestKey(keyAlias: string, huksOptions: huks.HuksOptions) { 157 console.info(`enter promise attestKeyItem`); 158 let throwObject: throwObject = { isThrow: false }; 159 try { 160 await attestKeyItem(keyAlias, huksOptions, throwObject) 161 .then((data) => { 162 console.info(`promise: attestKeyItem success, data = ${JSON.stringify(data)}`); 163 if (data !== null && data.certChains !== null) { 164 attestCertChain = data.certChains as string[]; 165 } 166 }) 167 .catch((error: Error) => { 168 if (throwObject.isThrow) { 169 throw (error as Error); 170 } else { 171 console.error(`promise: attestKeyItem failed, ${JSON.stringify(error)}`); 172 } 173 }); 174 } catch (error) { 175 console.error(`promise: attestKeyItem input arg invalid, ${JSON.stringify(error)}`); 176 } 177} 178 179async function AttestKeyTest() { 180 await publicGenKeyFunc(aliasString, genOptions); 181 await publicAttestKey(aliasString, huksOptions); 182 console.info('attest certChain data: ' + attestCertChain) 183} 184``` 185