1# @ohos.security.huks (Universal Keystore) 2 3<!--Kit: Universal Keystore Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @wutiantian-gitee--> 6<!--Designer: @HighLowWorld--> 7<!--Tester: @wxy1234564846--> 8<!--Adviser: @zengyawen--> 9 10The **HUKS** module provides KeyStore (KS) capabilities, including key management and cryptographic operations, for applications. 11The keys managed by OpenHarmony Universal KeyStore (HUKS) can be imported by applications or generated by calling the HUKS APIs. 12 13> **NOTE** 14> 15> The initial APIs of this module are supported since API version 8. Newly added APIs will be marked with a superscript to indicate their earliest API version. 16 17## Modules to Import 18 19```ts 20import { huks } from '@kit.UniversalKeystoreKit'; 21``` 22 23## HuksParam 24 25Defines the **param** field in the **properties** array of **options** used in the APIs. 26 27**System capability**: SystemCapability.Security.Huks.Core 28 29| Name| Type | Mandatory| Description | 30| ------ | ----------------------------------- | ---- | ------------ | 31| tag | [HuksTag](#hukstag) | Yes | Tag.<br>**Atomic service API**: This API can be used in atomic services since API version 11. | 32| value | boolean\|number\|bigint\|Uint8Array | Yes | Value of the tag.<br>**Atomic service API**: This API can be used in atomic services since API version 11.| 33 34## HuksOptions 35 36Defines **options** used in the APIs. 37 38**System capability**: SystemCapability.Security.Huks.Core 39 40| Name | Type | Mandatory| Description | 41| ---------- | ----------------- | ---- | ------------------------ | 42| properties | Array\<[HuksParam](#huksparam)> | No | Properties used to hold the **HuksParam** array.<br>**Atomic service API**: This API can be used in atomic services since API version 11.| 43| inData | Uint8Array | No | Input data.<br>**Atomic service API**: This API can be used in atomic services since API version 11. | 44 45## HuksSessionHandle<sup>9+</sup> 46 47Defines the struct for a HUKS handle. 48 49**System capability**: SystemCapability.Security.Huks.Core 50 51| Name | Type | Mandatory| Description | 52| --------- | ---------- | ---- | ---------------------------------------------------- | 53| handle | number | Yes | Handle of the unsigned integer type.<br>**Atomic service API**: This API can be used in atomic services since API version 11. | 54| challenge | Uint8Array | No | Challenge obtained after the [initSession](#huksinitsession9) operation.<br>**Atomic service API**: This API can be used in atomic services since API version 11.| 55 56## HuksReturnResult<sup>9+</sup> 57 58Represents the result returned. 59 60**System capability**: SystemCapability.Security.Huks.Core 61 62| Name | Type | Mandatory| Description | 63| ---------- | ------------------------------- | ---- | ---------------- | 64| outData | Uint8Array | No | Output data.<br>**Atomic service API**: This API can be used in atomic services since API version 11. | 65| properties | Array\<[HuksParam](#huksparam)> | No | Property information.<br>**Atomic service API**: This API can be used in atomic services since API version 11. | 66| certChains | Array\<string> | No | Certificate chain information.<br>**Atomic service API**: This API can be used in atomic services since API version 12.| 67 68## HuksListAliasesReturnResult<sup>12+</sup> 69 70Represents the result returned. 71 72**System capability**: SystemCapability.Security.Huks.Extension 73 74 75 76| Name | Type | Mandatory| Description | 77| ---------- | ------------------------------- | ---- | ---------------- | 78| keyAliases | Array\<string> | Yes | Array of key aliases.<br>**Atomic service API**: This API can be used in atomic services since API version 12.| 79 80## huks.generateKeyItem<sup>9+</sup> 81 82generateKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<void>) : void 83 84Generates a key. This API uses an asynchronous callback to return the result. 85 86**Atomic service API**: This API can be used in atomic services since API version 11. 87 88**System capability**: SystemCapability.Security.Huks.Core 89 90**Parameters** 91 92| Name | Type | Mandatory| Description | 93| -------- | --------------------------- | ---- | --------------------------------------------- | 94| keyAlias | string | Yes | Alias of the key. The value can contain up to 128 bytes and should not include sensitive data such as personal information. | 95| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key. The algorithm, key purpose, and key length are mandatory.| 96| callback | AsyncCallback\<void> | Yes | Callback used to return the result. <br/>If the operation is successful, this API does not return the key content because the key is always protected in a TEE. <br/>If an exception occurs in the generation process, an error is captured.| 97 98**Error codes** 99 100For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 101 102| ID| Error Message | 103| -------- | ------------- | 104| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 105| 801 | api is not supported. | 106| 12000001 | algorithm mode is not supported. | 107| 12000002 | algorithm param is missing. | 108| 12000003 | algorithm param is invalid. | 109| 12000004 | operating file failed. | 110| 12000005 | IPC communication failed. | 111| 12000006 | error occurred in crypto engine. | 112| 12000012 | Device environment or input parameter abnormal. | 113| 12000013 | queried credential does not exist. | 114| 12000014 | memory is insufficient. | 115| 12000015 | Failed to obtain the security information via UserIAM. | 116| 12000017 | The key with same alias is already exist. | 117 118**Example** 119 120```ts 121import { huks } from '@kit.UniversalKeystoreKit'; 122/* Generate a 256-bit ECC key. */ 123let keyAlias: string = 'keyAlias'; 124let properties: Array<huks.HuksParam> =[ 125 { 126 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 127 value: huks.HuksKeyAlg.HUKS_ALG_ECC 128 }, 129 { 130 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 131 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 132 }, 133 { 134 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 135 value: 136 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN | 137 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 138 }, 139 { 140 tag: huks.HuksTag.HUKS_TAG_DIGEST, 141 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 142 }, 143]; 144let options: huks.HuksOptions = { 145 properties: properties 146}; 147huks.generateKeyItem(keyAlias, options, (error, data) => { 148 if (error) { 149 console.error(`callback: generateKeyItem failed`); 150 } else { 151 console.info(`callback: generateKeyItem key success`); 152 } 153}); 154 155``` 156 157## huks.generateKeyItem<sup>9+</sup> 158 159generateKeyItem(keyAlias: string, options: HuksOptions) : Promise\<void> 160 161Generates a key. This API uses a promise to return the result. Because the key is always protected in a trusted environment (such as a TEE), the promise does not return the key content. It returns only the information indicating whether the API is successfully called. 162 163**Atomic service API**: This API can be used in atomic services since API version 11. 164 165**System capability**: SystemCapability.Security.Huks.Extension 166 167**Parameters** 168 169| Name | Type | Mandatory| Description | 170| -------- | --------------------------- | ---- | ------------------------ | 171| keyAlias | string | Yes | Alias of the key. The value can contain up to 128 bytes and should not include sensitive data such as personal information. | 172| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key. The algorithm, key purpose, and key length are mandatory.| 173 174**Return value** 175 176| Type | Description | 177| ---------------------------------------------- | --------------------------------------------- | 178| Promise\<void> | Promise that returns no value.| 179 180**Error codes** 181 182For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 183 184| ID| Error Message | 185| -------- | ------------- | 186| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 187| 801 | api is not supported. | 188| 12000001 | algorithm mode is not supported. | 189| 12000002 | algorithm param is missing. | 190| 12000003 | algorithm param is invalid. | 191| 12000004 | operating file failed. | 192| 12000005 | IPC communication failed. | 193| 12000006 | error occurred in crypto engine. | 194| 12000012 | Device environment or input parameter abnormal. | 195| 12000013 | queried credential does not exist. | 196| 12000014 | memory is insufficient. | 197| 12000015 | Failed to obtain the security information via UserIAM. | 198| 12000017 | The key with same alias is already exist. | 199 200**Example** 201 202```ts 203/* Generate a 256-bit ECC key. */ 204import { huks } from '@kit.UniversalKeystoreKit'; 205let keyAlias = 'keyAlias'; 206let properties: Array<huks.HuksParam> =[ 207 { 208 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 209 value: huks.HuksKeyAlg.HUKS_ALG_ECC 210 }, 211 { 212 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 213 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 214 }, 215 { 216 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 217 value: 218 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN | 219 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 220 }, 221 { 222 tag: huks.HuksTag.HUKS_TAG_DIGEST, 223 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 224 }, 225]; 226let options: huks.HuksOptions = { 227 properties: properties 228}; 229huks.generateKeyItem(keyAlias, options) 230 .then((data) => { 231 console.info(`promise: generateKeyItem success`); 232 }); 233``` 234 235## huks.deleteKeyItem<sup>9+</sup> 236 237deleteKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<void>) : void 238 239Deletes a key. This API uses an asynchronous callback to return the result. 240 241**Atomic service API**: This API can be used in atomic services since API version 11. 242 243**System capability**: SystemCapability.Security.Huks.Core 244 245**Parameters** 246 247| Name | Type | Mandatory| Description | 248| -------- | --------------------------- | ---- | --------------------------------------------- | 249| keyAlias | string | Yes | Alias of the key to delete. It must be the key alias passed in when the key was generated. | 250| options | [HuksOptions](#huksoptions) | Yes | Attribute of the key to be deleted. If [HuksAuthStorageLevel](#huksauthstoragelevel11) is used to specify the security level of the key to be deleted,<br>this parameter can be left empty. If the API version is 12 or later, the default value **CE** is passed in. If the API version is earlier than 12, the default value **DE** is passed in. | 251| callback | AsyncCallback\<void> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 252 253**Error codes** 254 255For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 256 257| ID| Error Message | 258| -------- | ------------- | 259| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 260| 801 | api is not supported. | 261| 12000004 | operating file failed. | 262| 12000005 | IPC communication failed. | 263| 12000011 | queried entity does not exist. | 264| 12000012 | Device environment or input parameter abnormal. | 265| 12000014 | memory is insufficient. | 266 267**Example** 268 269```ts 270import { huks } from '@kit.UniversalKeystoreKit'; 271/* Set options to emptyOptions. */ 272let keyAlias = 'keyAlias'; 273let emptyOptions: huks.HuksOptions = { 274 properties: [] 275}; 276huks.deleteKeyItem(keyAlias, emptyOptions, (error, data) => { 277 if (error) { 278 console.error(`callback: deleteKeyItem failed`); 279 } else { 280 console.info(`callback: deleteKeyItem key success`); 281 } 282}); 283``` 284 285## huks.deleteKeyItem<sup>9+</sup> 286 287deleteKeyItem(keyAlias: string, options: HuksOptions) : Promise\<void> 288 289Deletes a key. This API uses a promise to return the result. 290 291**Atomic service API**: This API can be used in atomic services since API version 11. 292 293**System capability**: SystemCapability.Security.Huks.Extension 294 295**Parameters** 296 297| Name | Type | Mandatory| Description | 298| -------- | --------------------------- | ---- | ----------------------------------- | 299| keyAlias | string | Yes | Alias of the key to delete. It must be the key alias passed in when the key was generated.| 300| options | [HuksOptions](#huksoptions) | Yes | Attribute tag of the key to be deleted. If [HuksAuthStorageLevel](#huksauthstoragelevel11) is used to specify the security level of the key to be deleted,<br>this parameter can be left empty. If the API version is 12 or later, the default value **CE** is passed in. If the API version is earlier than 12, the default value **DE** is passed in. | 301 302**Return value** 303 304| Type | Description | 305| ---------------------------------------------- | --------------------------------------------- | 306| Promise\<void> | Promise that returns no value.| 307 308**Error codes** 309 310For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 311 312| ID| Error Message | 313| -------- | ------------- | 314| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 315| 801 | api is not supported. | 316| 12000004 | operating file failed. | 317| 12000005 | IPC communication failed. | 318| 12000011 | queried entity does not exist. | 319| 12000012 | Device environment or input parameter abnormal. | 320| 12000014 | memory is insufficient. | 321 322**Example** 323 324```ts 325import { huks } from '@kit.UniversalKeystoreKit'; 326/* Set options to emptyOptions. */ 327let keyAlias = 'keyAlias'; 328let emptyOptions: huks.HuksOptions = { 329 properties: [] 330}; 331huks.deleteKeyItem(keyAlias, emptyOptions) 332 .then ((data) => { 333 console.info(`promise: deleteKeyItem key success`); 334 }); 335``` 336 337## huks.importKeyItem<sup>9+</sup> 338 339importKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<void>) : void 340 341Imports a key in plaintext. This API uses an asynchronous callback to return the result. 342 343**Atomic service API**: This API can be used in atomic services since API version 11. 344 345**System capability**: SystemCapability.Security.Huks.Core 346 347The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 348 349**Parameters** 350 351| Name | Type | Mandatory| Description | 352| -------- | --------------------------- | ---- | --------------------------------------------- | 353| keyAlias | string | Yes | Alias of the key. The value can contain up to 128 bytes and should not include sensitive data such as personal information. | 354| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import. The algorithm, key purpose, and key length are mandatory.| 355| callback | AsyncCallback\<void> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 356 357**Error codes** 358 359For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 360 361| ID| Error Message | 362| -------- | ------------- | 363| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 364| 801 | api is not supported. | 365| 12000001 | algorithm mode is not supported. | 366| 12000002 | algorithm param is missing. | 367| 12000003 | algorithm param is invalid. | 368| 12000004 | operating file failed. | 369| 12000005 | IPC communication failed. | 370| 12000006 | error occurred in crypto engine. | 371| 12000012 | Device environment or input parameter abnormal. | 372| 12000013 | queried credential does not exist. | 373| 12000014 | memory is insufficient. | 374| 12000015 | Failed to obtain the security information via UserIAM. | 375| 12000017 | The key with same alias is already exist. | 376 377**Example** 378 379```ts 380import { huks } from '@kit.UniversalKeystoreKit'; 381/* Import a 256-bit AES key. */ 382let plainTextSize32 = makeRandomArr(32); 383function makeRandomArr(size: number) { 384 let arr = new Uint8Array(size); 385 for (let i = 0; i < size; i++) { 386 arr[i] = Math.floor(Math.random() * 10); 387 } 388 return arr; 389}; 390let keyAlias = 'keyAlias'; 391let properties: Array<huks.HuksParam> = [ 392 { 393 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 394 value: huks.HuksKeyAlg.HUKS_ALG_AES 395 }, 396 { 397 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 398 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 399 }, 400 { 401 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 402 value: 403 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 404 }, 405 { 406 tag: huks.HuksTag.HUKS_TAG_PADDING, 407 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 408 }, 409 { 410 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 411 value: huks.HuksCipherMode.HUKS_MODE_ECB 412 } 413]; 414let options: huks.HuksOptions = { 415 properties: properties, 416 inData: plainTextSize32 417}; 418huks.importKeyItem(keyAlias, options, (error, data) => { 419 if (error) { 420 console.error(`callback: importKeyItem failed`); 421 } else { 422 console.info(`callback: importKeyItem success`); 423 } 424}); 425``` 426 427## huks.importKeyItem<sup>9+</sup> 428 429importKeyItem(keyAlias: string, options: HuksOptions) : Promise\<void> 430 431Imports a key in plaintext. This API uses a promise to return the result. 432 433**Atomic service API**: This API can be used in atomic services since API version 11. 434 435**System capability**: SystemCapability.Security.Huks.Extension 436 437**Parameters** 438 439| Name | Type | Mandatory| Description | 440| -------- | --------------------------- | ---- | ----------------------------------- | 441| keyAlias | string | Yes | Alias of the key. The value can contain up to 128 bytes and should not include sensitive data such as personal information. | 442| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import. The algorithm, key purpose, and key length are mandatory.| 443 444**Return value** 445 446| Type | Description | 447| ---------------------------------------------- | --------------------------------------------- | 448| Promise\<void> | Promise that returns no value.| 449 450**Error codes** 451 452For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 453 454| ID| Error Message | 455| -------- | ------------- | 456| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 457| 801 | api is not supported. | 458| 12000001 | algorithm mode is not supported. | 459| 12000002 | algorithm param is missing. | 460| 12000003 | algorithm param is invalid. | 461| 12000004 | operating file failed. | 462| 12000005 | IPC communication failed. | 463| 12000006 | error occurred in crypto engine. | 464| 12000012 | Device environment or input parameter abnormal. | 465| 12000013 | queried credential does not exist. | 466| 12000014 | memory is insufficient. | 467| 12000015 | Failed to obtain the security information via UserIAM. | 468| 12000017 | The key with same alias is already exist. | 469 470**Example** 471 472```ts 473import { huks } from '@kit.UniversalKeystoreKit'; 474/* Import an AES key of 256 bits. */ 475let plainTextSize32 = makeRandomArr(32); 476function makeRandomArr(size: number) { 477 let arr = new Uint8Array(size); 478 for (let i = 0; i < size; i++) { 479 arr[i] = Math.floor(Math.random() * 10); 480 } 481 return arr; 482}; 483/* Step 1 Generate a key. */ 484let keyAlias = 'keyAlias'; 485let properties: Array<huks.HuksParam> = [ 486 { 487 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 488 value: huks.HuksKeyAlg.HUKS_ALG_AES 489 }, 490 { 491 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 492 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 493 }, 494 { 495 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 496 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 497 }, 498 { 499 tag: huks.HuksTag.HUKS_TAG_PADDING, 500 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 501 }, 502 { 503 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 504 value: huks.HuksCipherMode.HUKS_MODE_ECB 505 } 506]; 507let huksOptions: huks.HuksOptions = { 508 properties: properties, 509 inData: plainTextSize32 510}; 511huks.importKeyItem(keyAlias, huksOptions) 512 .then((data) => { 513 console.info(`promise: importKeyItem success`); 514 }); 515``` 516 517## huks.attestKeyItem<sup>9+</sup> 518 519attestKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 520 521Obtains the certificate used to attest a key. This API uses an asynchronous callback to return the result. 522 523**Required permissions**: ohos.permission.ATTEST_KEY (available only for system applications) 524 525**System capability**: SystemCapability.Security.Huks.Extension 526 527**Parameters** 528 529| Name | Type | Mandatory| Description | 530| -------- | ---------------------------------------------------- | ---- | --------------------------------------------- | 531| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key. | 532| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for obtaining the certificate. | 533| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 534 535**Error codes** 536 537For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 538 539| ID| Error Message | 540| -------- | ------------- | 541| 201 | check permission failed. | 542| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 543| 801 | api is not supported. | 544| 12000001 | algorithm mode is not supported. | 545| 12000004 | operating file failed. | 546| 12000005 | IPC communication failed. | 547| 12000006 | error occurred in crypto engine. | 548| 12000011 | queried entity does not exist. | 549| 12000012 | Device environment or input parameter abnormal. | 550| 12000014 | memory is insufficient. | 551 552**Example** 553 554```ts 555import { huks } from '@kit.UniversalKeystoreKit'; 556 557function stringToUint8Array(str: string) { 558 let arr: number[] = []; 559 for (let i = 0, j = str.length; i < j; ++i) { 560 arr.push(str.charCodeAt(i)); 561 } 562 let tmpUint8Array = new Uint8Array(arr); 563 return tmpUint8Array; 564} 565 566let securityLevel = stringToUint8Array('sec_level'); 567let challenge = stringToUint8Array('challenge_data'); 568let versionInfo = stringToUint8Array('version_info'); 569let keyAliasString = "key attest"; 570 571async function generateKeyThenAttestKey() { 572 let aliasString = keyAliasString; 573 let aliasUint8 = stringToUint8Array(aliasString); 574 let generateProperties: Array<huks.HuksParam> = [ 575 { 576 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 577 value: huks.HuksKeyAlg.HUKS_ALG_RSA 578 }, 579 { 580 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 581 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 582 }, 583 { 584 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 585 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 586 }, 587 { 588 tag: huks.HuksTag.HUKS_TAG_DIGEST, 589 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 590 }, 591 { 592 tag: huks.HuksTag.HUKS_TAG_PADDING, 593 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 594 }, 595 { 596 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 597 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 598 }, 599 { 600 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 601 value: huks.HuksCipherMode.HUKS_MODE_ECB 602 } 603 ]; 604 let generateOptions: huks.HuksOptions = { 605 properties: generateProperties 606 }; 607 let attestProperties: Array<huks.HuksParam> = [ 608 { 609 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 610 value: securityLevel 611 }, 612 { 613 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 614 value: challenge 615 }, 616 { 617 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 618 value: versionInfo 619 }, 620 { 621 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 622 value: aliasUint8 623 } 624 ]; 625 let attestOptions: huks.HuksOptions = { 626 properties: attestProperties 627 }; 628 huks.generateKeyItem(aliasString, generateOptions, (error, data) => { 629 if (error) { 630 console.error(`callback: generateKeyItem failed`); 631 } else { 632 console.info(`callback: generateKeyItem success`); 633 huks.attestKeyItem(aliasString, attestOptions, (error, data) => { 634 if (error) { 635 console.error(`callback: attestKeyItem failed`); 636 } else { 637 console.info(`callback: attestKeyItem success`); 638 } 639 }); 640 } 641 }); 642} 643``` 644 645## huks.attestKeyItem<sup>9+</sup> 646 647attestKeyItem(keyAlias: string, options: HuksOptions) : Promise\<HuksReturnResult> 648 649Obtains the certificate used to verify a key. This API uses a promise to return the result. 650 651**Required permissions**: ohos.permission.ATTEST_KEY (available only for system applications) 652 653**System capability**: SystemCapability.Security.Huks.Extension 654 655**Parameters** 656 657| Name | Type | Mandatory| Description | 658| -------- | --------------------------- | ---- | ------------------------------------ | 659| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key.| 660| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for obtaining the certificate. | 661 662**Return value** 663 664| Type | Description | 665| ---------------------------------------------- | --------------------------------------------- | 666| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. When the call is successful, the **certChains** member of **HuksReturnResult** is not empty, and the obtained certificate chain is returned.| 667 668**Error codes** 669 670For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 671 672| ID| Error Message | 673| -------- | ------------- | 674| 201 | check permission failed. | 675| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 676| 801 | api is not supported. | 677| 12000001 | algorithm mode is not supported. | 678| 12000004 | operating file failed. | 679| 12000005 | IPC communication failed. | 680| 12000006 | error occurred in crypto engine. | 681| 12000011 | queried entity does not exist. | 682| 12000012 | Device environment or input parameter abnormal. | 683| 12000014 | memory is insufficient. | 684 685**Example** 686 687```ts 688import { huks } from '@kit.UniversalKeystoreKit'; 689 690function stringToUint8Array(str: string) { 691 let arr: number[] = []; 692 for (let i = 0, j = str.length; i < j; ++i) { 693 arr.push(str.charCodeAt(i)); 694 } 695 let tmpUint8Array = new Uint8Array(arr); 696 return tmpUint8Array; 697} 698 699let securityLevel = stringToUint8Array('sec_level'); 700let challenge = stringToUint8Array('challenge_data'); 701let versionInfo = stringToUint8Array('version_info'); 702let keyAliasString = "key attest"; 703 704async function generateKey(alias: string) { 705 let properties: Array<huks.HuksParam> = [ 706 { 707 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 708 value: huks.HuksKeyAlg.HUKS_ALG_RSA 709 }, 710 { 711 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 712 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 713 }, 714 { 715 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 716 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 717 }, 718 { 719 tag: huks.HuksTag.HUKS_TAG_DIGEST, 720 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 721 }, 722 { 723 tag: huks.HuksTag.HUKS_TAG_PADDING, 724 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 725 }, 726 { 727 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 728 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 729 }, 730 { 731 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 732 value: huks.HuksCipherMode.HUKS_MODE_ECB 733 } 734 ]; 735 let options: huks.HuksOptions = { 736 properties: properties 737 }; 738 await huks.generateKeyItem(alias, options) 739 .then((data) => { 740 console.info(`promise: generateKeyItem success`); 741 }); 742} 743async function attestKey() { 744 let aliasString = keyAliasString; 745 let aliasUint8 = stringToUint8Array(aliasString); 746 let properties: Array<huks.HuksParam> = [ 747 { 748 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 749 value: securityLevel 750 }, 751 { 752 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 753 value: challenge 754 }, 755 { 756 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 757 value: versionInfo 758 }, 759 { 760 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 761 value: aliasUint8 762 } 763 ]; 764 let options: huks.HuksOptions = { 765 properties: properties 766 }; 767 await generateKey(aliasString); 768 await huks.attestKeyItem(aliasString, options) 769 .then((data) => { 770 console.info(`promise: attestKeyItem success`); 771 }); 772} 773``` 774 775## huks.anonAttestKeyItem<sup>11+</sup> 776 777anonAttestKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 778 779Obtains the certificate for anonymous attestation. This API uses an asynchronous callback to return the result. 780 781This operation requires Internet access and takes time. If error code 12000012 is returned, the network is abnormal. If the device is not connected to the network, display a message, indicating that the network is not connected. If the network is connected, the failure may be caused by network jitter. Tray again later. 782 783<!--RP1--><!--RP1End--> 784 785**Atomic service API**: This API can be used in atomic services since API version 12. 786 787**System capability**: SystemCapability.Security.Huks.Extension 788 789**Parameters** 790 791| Name | Type | Mandatory| Description | 792| -------- | ---------------------------------------------------- | ---- | --------------------------------------------- | 793| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key. | 794| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for obtaining the certificate. | 795| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 796 797**Error codes** 798 799For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 800 801| ID| Error Message | 802| -------- | ------------- | 803| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 804| 801 | api is not supported. | 805| 12000001 | algorithm mode is not supported. | 806| 12000004 | operating file failed. | 807| 12000005 | IPC communication failed. | 808| 12000006 | error occurred in crypto engine. | 809| 12000011 | queried entity does not exist. | 810| 12000012 | Device environment or input parameter abnormal. | 811| 12000014 | memory is insufficient. | 812 813**Example** 814 815```ts 816import { huks } from '@kit.UniversalKeystoreKit'; 817 818function stringToUint8Array(str: string): Uint8Array { 819 let arr: number[] = []; 820 for (let i = 0, j = str.length; i < j; ++i) { 821 arr.push(str.charCodeAt(i)); 822 } 823 let tmpUint8Array = new Uint8Array(arr); 824 return tmpUint8Array; 825} 826 827let securityLevel = stringToUint8Array('sec_level'); 828let challenge = stringToUint8Array('challenge_data'); 829let versionInfo = stringToUint8Array('version_info'); 830let keyAliasString = "key anon attest"; 831 832async function generateKeyThenAttestKey(): Promise<void> { 833 let aliasString = keyAliasString; 834 let aliasUint8 = stringToUint8Array(aliasString); 835 let generateProperties: Array<huks.HuksParam> = [ 836 { 837 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 838 value: huks.HuksKeyAlg.HUKS_ALG_RSA 839 }, 840 { 841 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 842 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 843 }, 844 { 845 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 846 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 847 }, 848 { 849 tag: huks.HuksTag.HUKS_TAG_DIGEST, 850 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 851 }, 852 { 853 tag: huks.HuksTag.HUKS_TAG_PADDING, 854 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 855 }, 856 { 857 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 858 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 859 }, 860 { 861 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 862 value: huks.HuksCipherMode.HUKS_MODE_ECB 863 } 864 ]; 865 let generateOptions: huks.HuksOptions = { 866 properties: generateProperties 867 }; 868 let anonAttestProperties: Array<huks.HuksParam> = [ 869 { 870 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 871 value: securityLevel 872 }, 873 { 874 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 875 value: challenge 876 }, 877 { 878 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 879 value: versionInfo 880 }, 881 { 882 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 883 value: aliasUint8 884 } 885 ]; 886 let anonAttestOptions: huks.HuksOptions = { 887 properties: anonAttestProperties 888 }; 889 huks.generateKeyItem(aliasString, generateOptions, (error, data) => { 890 if (error) { 891 console.error(`callback: generateKeyItem failed`); 892 } else { 893 console.info(`callback: generateKeyItem success`); 894 huks.anonAttestKeyItem(aliasString, anonAttestOptions, (error, data) => { 895 if (error) { 896 console.error(`callback: anonAttestKeyItem failed`); 897 } else { 898 console.info(`callback: anonAttestKeyItem success`); 899 } 900 }); 901 } 902 }); 903} 904``` 905 906## huks.anonAttestKeyItem<sup>11+</sup> 907 908anonAttestKeyItem(keyAlias: string, options: HuksOptions) : Promise\<HuksReturnResult> 909 910Obtains the certificate for anonymous attestation. This API uses a promise to return the result. 911 912This operation requires Internet access and takes time. If error code 12000012 is returned, the network is abnormal. If the device is not connected to the network, display a message, indicating that the network is not connected. If the network is connected, the failure may be caused by network jitter. Tray again later. 913 914<!--RP1--><!--RP1End--> 915 916**Atomic service API**: This API can be used in atomic services since API version 12. 917 918**System capability**: SystemCapability.Security.Huks.Extension 919 920**Parameters** 921 922| Name | Type | Mandatory| Description | 923| -------- | --------------------------- | ---- | ------------------------------------ | 924| keyAlias | string | Yes | Alias of the key. The certificate to be obtained stores the key.| 925| options | [HuksOptions](#huksoptions) | Yes | Parameters and data required for obtaining the certificate. | 926 927**Return value** 928 929| Type | Description | 930| ---------------------------------------------- | --------------------------------------------- | 931| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. When the call is successful, the **certChains** member of **HuksReturnResult** is not empty, and the obtained certificate chain is returned.| 932 933**Error codes** 934 935For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 936 937| ID| Error Message | 938| -------- | ------------- | 939| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 940| 801 | api is not supported. | 941| 12000001 | algorithm mode is not supported. | 942| 12000004 | operating file failed. | 943| 12000005 | IPC communication failed. | 944| 12000006 | error occurred in crypto engine. | 945| 12000011 | queried entity does not exist. | 946| 12000012 | Device environment or input parameter abnormal. | 947| 12000014 | memory is insufficient. | 948 949**Example** 950 951```ts 952import { huks } from '@kit.UniversalKeystoreKit'; 953 954function stringToUint8Array(str: string): Uint8Array { 955 let arr: number[] = []; 956 for (let i = 0, j = str.length; i < j; ++i) { 957 arr.push(str.charCodeAt(i)); 958 } 959 let tmpUint8Array = new Uint8Array(arr); 960 return tmpUint8Array; 961} 962 963let securityLevel = stringToUint8Array('sec_level'); 964let challenge = stringToUint8Array('challenge_data'); 965let versionInfo = stringToUint8Array('version_info'); 966let keyAliasString = "key anon attest"; 967 968async function generateKey(alias: string): Promise<void> { 969 let properties: Array<huks.HuksParam> = [ 970 { 971 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 972 value: huks.HuksKeyAlg.HUKS_ALG_RSA 973 }, 974 { 975 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 976 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 977 }, 978 { 979 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 980 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 981 }, 982 { 983 tag: huks.HuksTag.HUKS_TAG_DIGEST, 984 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 985 }, 986 { 987 tag: huks.HuksTag.HUKS_TAG_PADDING, 988 value: huks.HuksKeyPadding.HUKS_PADDING_PSS 989 }, 990 { 991 tag: huks.HuksTag.HUKS_TAG_KEY_GENERATE_TYPE, 992 value: huks.HuksKeyGenerateType.HUKS_KEY_GENERATE_TYPE_DEFAULT 993 }, 994 { 995 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 996 value: huks.HuksCipherMode.HUKS_MODE_ECB 997 } 998 ]; 999 let options: huks.HuksOptions = { 1000 properties: properties 1001 }; 1002 1003 await huks.generateKeyItem(alias, options); 1004} 1005async function anonAttestKey(): Promise<void> { 1006 let aliasString = keyAliasString; 1007 let aliasUint8 = stringToUint8Array(aliasString); 1008 let properties: Array<huks.HuksParam> = [ 1009 { 1010 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO, 1011 value: securityLevel 1012 }, 1013 { 1014 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_CHALLENGE, 1015 value: challenge 1016 }, 1017 { 1018 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_VERSION_INFO, 1019 value: versionInfo 1020 }, 1021 { 1022 tag: huks.HuksTag.HUKS_TAG_ATTESTATION_ID_ALIAS, 1023 value: aliasUint8 1024 } 1025 ]; 1026 let options: huks.HuksOptions = { 1027 properties: properties 1028 }; 1029 1030 await generateKey(aliasString); 1031 await huks.anonAttestKeyItem(aliasString, options); 1032} 1033``` 1034 1035## huks.importWrappedKeyItem<sup>9+</sup> 1036 1037importWrappedKeyItem(keyAlias: string, wrappingKeyAlias: string, options: HuksOptions, callback: AsyncCallback\<void>) : void 1038 1039Imports a wrapped key. This API uses an asynchronous callback to return the result. 1040 1041**Atomic service API**: This API can be used in atomic services since API version 12. 1042 1043**System capability**: SystemCapability.Security.Huks.Core 1044 1045The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 1046 1047**Parameters** 1048 1049| Name | Type | Mandatory| Description | 1050| ---------------- | --------------------------- | ---- | --------------------------------------------- | 1051| keyAlias | string | Yes | Alias of the wrapped key to import. | 1052| wrappingKeyAlias | string | Yes | Alias of the data used to unwrap the key imported. | 1053| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and the wrapped key to import. The algorithm, key purpose, and key length are mandatory.| 1054| callback | AsyncCallback\<void> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned.| 1055 1056**Error codes** 1057 1058For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 1059 1060| ID| Error Message | 1061| -------- | ------------- | 1062| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1063| 801 | api is not supported. | 1064| 12000001 | algorithm mode is not supported. | 1065| 12000002 | algorithm param is missing. | 1066| 12000003 | algorithm param is invalid. | 1067| 12000004 | operating file failed. | 1068| 12000005 | IPC communication failed. | 1069| 12000006 | error occurred in crypto engine. | 1070| 12000011 | queried entity does not exist. | 1071| 12000012 | Device environment or input parameter abnormal. | 1072| 12000013 | queried credential does not exist. | 1073| 12000014 | memory is insufficient. | 1074| 12000015 | Failed to obtain the security information via UserIAM. | 1075| 12000017 | The key with same alias is already exist. | 1076 1077**Example** 1078 1079```ts 1080import { huks } from '@kit.UniversalKeystoreKit'; 1081 1082let alias1 = "importAlias"; 1083let alias2 = "wrappingKeyAlias"; 1084 1085async function TestGenFunc(alias: string, options: huks.HuksOptions) { 1086 await genKey(alias, options) 1087 .then((data) => { 1088 console.info(`callback: generateKeyItem success`); 1089 }); 1090} 1091 1092function genKey(alias: string, options: huks.HuksOptions) { 1093 return new Promise<void>((resolve, reject) => { 1094 huks.generateKeyItem(alias, options, (error, data) => { 1095 if (error) { 1096 reject(error); 1097 } else { 1098 resolve(data); 1099 } 1100 }); 1101 }); 1102} 1103 1104async function TestExportFunc(alias: string, options: huks.HuksOptions) { 1105 await exportKey(alias, options) 1106 .then((data) => { 1107 console.info(`callback: exportKeyItem success, data = ${JSON.stringify(data)}`); 1108 }); 1109} 1110 1111function exportKey(alias: string, options: huks.HuksOptions) { 1112 return new Promise<huks.HuksReturnResult>((resolve, reject) => { 1113 huks.exportKeyItem(alias, options, (error, data) => { 1114 if (error) { 1115 reject(error); 1116 } else { 1117 resolve(data); 1118 } 1119 }); 1120 }); 1121} 1122 1123async function TestImportWrappedFunc(alias: string, wrappingAlias: string, options: huks.HuksOptions) { 1124 await importWrappedKey(alias, wrappingAlias, options) 1125 .then((data) => { 1126 console.info(`callback: importWrappedKeyItem success`); 1127 }); 1128} 1129 1130function importWrappedKey(alias: string, wrappingAlias: string, options: huks.HuksOptions) { 1131 return new Promise<void>((resolve, reject) => { 1132 huks.importWrappedKeyItem(alias, wrappingAlias, options, (error, data) => { 1133 if (error) { 1134 reject(error); 1135 } else { 1136 resolve(data); 1137 } 1138 }); 1139 }); 1140} 1141 1142async function TestImportWrappedKeyFunc( 1143 alias: string, 1144 wrappingAlias: string, 1145 genOptions: huks.HuksOptions, 1146 importOptions: huks.HuksOptions 1147) { 1148 await TestGenFunc(wrappingAlias, genOptions); 1149 await TestExportFunc(wrappingAlias, genOptions); 1150 1151 /*The following operations do not invoke the HUKS APIs, and the specific implementation is not provided here. 1152 * For example, import **keyA**. 1153 * 1. Use ECC to generate a public and private key pair **keyB**. The public key is **keyB_pub**, and the private key is **keyB_pri**. 1154 * 2. Use **keyB_pri** and the public key obtained from **wrappingAlias** to negotiate the shared key **share_key**. 1155 * 3. Randomly generate a key **kek** and use it to encrypt **keyA** with AES-GCM. During the encryption, record **nonce1**, **aad1**, ciphertext **keyA_enc**, and encrypted **tag1**. 1156 * 4. Use **share_key** to encrypt **kek** with AES-GCM. During the encryption, record **nonce2**, **aad2**, ciphertext **kek_enc**, and encrypted **tag2**. 1157 * 5. Generate the **importOptions.inData** field in the following format: 1158 * keyB_pub length (4 bytes) + keyB_pub + aad2 length (4 bytes) + aad2 + 1159 * nonce2 length (4 bytes) + nonce2 + tag2 length (4 bytes) + tag2 + 1160 * kek_enc length (4 bytes) + kek_enc + aad1 length (4 bytes) + aad1 + 1161 * nonce1 length (4 bytes) + nonce1 + tag1 length (4 bytes) + tag1 + 1162 * Memory occupied by the keyA length (4 bytes) + keyA length + keyA_enc length (4 bytes) + keyA_enc 1163 */ 1164 /* The key data imported may be different from the sample code given below. The data structure is described in the preceding comments. */ 1165 let inputKey = new Uint8Array([0x02, 0x00, 0x00, 0x00]); 1166 importOptions.inData = inputKey; 1167 await TestImportWrappedFunc(alias, wrappingAlias, importOptions); 1168} 1169function makeGenerateOptions() { 1170 let properties: Array<huks.HuksParam> = [ 1171 { 1172 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 1173 value: huks.HuksKeyAlg.HUKS_ALG_ECC 1174 }, 1175 { 1176 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 1177 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 1178 }, 1179 { 1180 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 1181 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_UNWRAP 1182 }, 1183 { 1184 tag: huks.HuksTag.HUKS_TAG_DIGEST, 1185 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 1186 }, 1187 { 1188 tag: huks.HuksTag.HUKS_TAG_IMPORT_KEY_TYPE, 1189 value: huks.HuksImportKeyType.HUKS_KEY_TYPE_KEY_PAIR, 1190 } 1191 ]; 1192 let options: huks.HuksOptions = { 1193 properties: properties 1194 }; 1195 return options; 1196}; 1197function makeImportOptions() { 1198 let properties: Array<huks.HuksParam> = [ 1199 { 1200 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 1201 value: huks.HuksKeyAlg.HUKS_ALG_AES 1202 }, 1203 { 1204 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 1205 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 1206 }, 1207 { 1208 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 1209 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 1210 }, 1211 { 1212 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 1213 value: huks.HuksCipherMode.HUKS_MODE_CBC 1214 }, 1215 { 1216 tag: huks.HuksTag.HUKS_TAG_PADDING, 1217 value: huks.HuksKeyPadding.HUKS_PADDING_NONE 1218 }, 1219 { 1220 tag: huks.HuksTag.HUKS_TAG_UNWRAP_ALGORITHM_SUITE, 1221 value: huks.HuksUnwrapSuite.HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING 1222 } 1223 ]; 1224 let options: huks.HuksOptions = { 1225 properties: properties 1226 }; 1227 return options; 1228}; 1229function huksImportWrappedKey() { 1230 let genOptions = makeGenerateOptions(); 1231 let importOptions = makeImportOptions(); 1232 TestImportWrappedKeyFunc( 1233 alias1, 1234 alias2, 1235 genOptions, 1236 importOptions 1237 ); 1238} 1239``` 1240 1241## huks.importWrappedKeyItem<sup>9+</sup> 1242 1243importWrappedKeyItem(keyAlias: string, wrappingKeyAlias: string, options: HuksOptions) : Promise\<void> 1244 1245Imports a wrapped key. This API uses a promise to return the result. 1246 1247**Atomic service API**: This API can be used in atomic services since API version 12. 1248 1249**System capability**: SystemCapability.Security.Huks.Extension 1250 1251**Parameters** 1252 1253| Name | Type | Mandatory| Description | 1254| ---------------- | --------------------------- | ---- | --------------------------------------------- | 1255| keyAlias | string | Yes | Alias of the wrapped key to import. | 1256| wrappingKeyAlias | string | Yes | Alias of the data used to unwrap the key imported. | 1257| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and the wrapped key to import. The algorithm, key purpose, and key length are mandatory.| 1258 1259**Return value** 1260 1261| Type | Description | 1262| ---------------------------------------------- | --------------------------------------------- | 1263| Promise\<void> | Promise that returns no value.| 1264 1265**Error codes** 1266 1267For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 1268 1269| ID| Error Message | 1270| -------- | ------------- | 1271| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1272| 801 | api is not supported. | 1273| 12000001 | algorithm mode is not supported. | 1274| 12000002 | algorithm param is missing. | 1275| 12000003 | algorithm param is invalid. | 1276| 12000004 | operating file failed. | 1277| 12000005 | IPC communication failed. | 1278| 12000006 | error occurred in crypto engine. | 1279| 12000011 | queried entity does not exist. | 1280| 12000012 | Device environment or input parameter abnormal. | 1281| 12000013 | queried credential does not exist. | 1282| 12000014 | memory is insufficient. | 1283| 12000015 | Failed to obtain the security information via UserIAM. | 1284| 12000017 | The key with same alias is already exist. | 1285 1286**Example** 1287 1288```ts 1289import { huks } from '@kit.UniversalKeystoreKit'; 1290/* The process is similar if a callback is used, except the following: */ 1291/* The key data imported may be different from the sample code given below. The data structure is described in the preceding comments. */ 1292async function TestImportWrappedFunc(alias: string, wrappingAlias: string, options: huks.HuksOptions) { 1293 await huks.importWrappedKeyItem(alias, wrappingAlias, options) 1294 .then ((data) => { 1295 console.info(`promise: importWrappedKeyItem success`); 1296 }); 1297} 1298``` 1299 1300## huks.exportKeyItem<sup>9+</sup> 1301 1302exportKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 1303 1304Exports a key. This API uses an asynchronous callback to return the result. 1305 1306**Atomic service API**: This API can be used in atomic services since API version 12. 1307 1308**System capability**: SystemCapability.Security.Huks.Core 1309 1310The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 1311 1312**Parameters** 1313 1314| Name | Type | Mandatory| Description | 1315| -------- | ---------------------------------------------------- | ---- | ------------------------------------------------------------ | 1316| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 1317| options | [HuksOptions](#huksoptions) | Yes | Attribute of the key to be imported. If [HuksAuthStorageLevel](#huksauthstoragelevel11) is used to specify the security level of the key to be imported,<br>this parameter can be left empty. If the API version is 12 or later, the default value **CE** is passed in. If the API version is earlier than 12, the default value **DE** is passed in. | 1318| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned. **outData** contains the public key exported.| 1319 1320**Error codes** 1321 1322For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 1323 1324| ID| Error Message | 1325| -------- | ------------- | 1326| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1327| 801 | api is not supported. | 1328| 12000001 | algorithm mode is not supported. | 1329| 12000004 | operating file failed. | 1330| 12000005 | IPC communication failed. | 1331| 12000006 | error occurred in crypto engine. | 1332| 12000011 | queried entity does not exist. | 1333| 12000012 | Device environment or input parameter abnormal. | 1334| 12000014 | memory is insufficient. | 1335 1336**Example** 1337 1338```ts 1339import { huks } from '@kit.UniversalKeystoreKit'; 1340/* Set options to emptyOptions. */ 1341let keyAlias = 'keyAlias'; 1342let emptyOptions: huks.HuksOptions = { 1343 properties: [] 1344}; 1345 1346huks.exportKeyItem(keyAlias, emptyOptions, (error, data) => { 1347 if (error) { 1348 console.error(`callback: exportKeyItem failed`); 1349 } else { 1350 console.info(`callback: exportKeyItem success, data = ${JSON.stringify(data)}`); 1351 } 1352}); 1353``` 1354 1355## huks.exportKeyItem<sup>9+</sup> 1356 1357exportKeyItem(keyAlias: string, options: HuksOptions) : Promise\<HuksReturnResult> 1358 1359Exports a key. This API uses a promise to return the result. 1360 1361**Atomic service API**: This API can be used in atomic services since API version 12. 1362 1363**System capability**: SystemCapability.Security.Huks.Extension 1364 1365**Parameters** 1366 1367| Name | Type | Mandatory| Description | 1368| -------- | --------------------------- | ---- | -------------------------------------------- | 1369| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.| 1370| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 1371 1372**Return value** 1373 1374| Type | Description | 1375| ---------------------------------------------- | ------------------------------------------------------------ | 1376| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, **outData** in **HuksReturnResult** is the public key exported.| 1377 1378**Error codes** 1379 1380For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 1381 1382| ID| Error Message | 1383| -------- | ------------- | 1384| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1385| 801 | api is not supported. | 1386| 12000001 | algorithm mode is not supported. | 1387| 12000004 | operating file failed. | 1388| 12000005 | IPC communication failed. | 1389| 12000006 | error occurred in crypto engine. | 1390| 12000011 | queried entity does not exist. | 1391| 12000012 | Device environment or input parameter abnormal. | 1392| 12000014 | memory is insufficient. | 1393 1394**Example** 1395 1396```ts 1397import { huks } from '@kit.UniversalKeystoreKit'; 1398/* Set options to emptyOptions. */ 1399let keyAlias = 'keyAlias'; 1400let emptyOptions: huks.HuksOptions = { 1401 properties: [] 1402}; 1403 1404huks.exportKeyItem(keyAlias, emptyOptions) 1405 .then ((data) => { 1406 console.info(`promise: exportKeyItem success, data = ${JSON.stringify(data)}`); 1407 }); 1408``` 1409 1410## huks.wrapKeyItem<sup>20+</sup> 1411 1412wrapKeyItem(keyAlias: string, params: HuksOptions): Promise\<HuksReturnResult> 1413 1414Exports a wrapped key. (This API corresponds to [unwrapKeyItem](#huksunwrapkeyitem20). Add [HUKS_TAG_IS_ALLOWED_WRAP](#hukstag) when generating the key to allow it to be exported.) This API uses a promise to return the result. 1415 1416<!--Del-->This feature is not supported currently.<!--DelEnd--> 1417 1418 1419**System capability**: SystemCapability.Security.Huks.Core 1420 1421**Parameters** 1422 1423| Name | Type | Mandatory| Description | 1424| -------- | --------------------------- | ---- | -------------------------------------------- | 1425| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.| 1426| params | [HuksOptions](#huksoptions) | Yes | Encryption type of the key to be exported. | 1427 1428**Return value** 1429 1430| Type | Description | 1431| ---------------------------------------------- | ------------------------------------------------------------ | 1432| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, **outData** in **HuksReturnResult** is the ciphertext of the key exported.| 1433 1434**Error codes** 1435 1436For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 1437 1438| ID| Error Message | 1439| -------- | ------------- | 1440| 801 | api is not supported. | 1441| 12000004 | operating file failed. | 1442| 12000005 | IPC communication failed. | 1443| 12000011 | queried entity does not exist. | 1444| 12000012 | Device environment or input parameter abnormal. | 1445| 12000014 | memory is insufficient. | 1446| 12000018 | the input parameter is invalid. | 1447 1448<!--RP2--><!--RP2End--> 1449 1450## huks.unwrapKeyItem<sup>20+</sup> 1451 1452unwrapKeyItem(keyAlias: string, params: HuksOptions, wrappedKey: Uint8Array): Promise\<HuksReturnResult> 1453 1454Imports a wrapped key, corresponding to [wrapKeyItem](#hukswrapkeyitem20). This API uses a promise to return the result. 1455 1456<!--Del-->This feature is not supported currently.<!--DelEnd--> 1457 1458 1459**System capability**: SystemCapability.Security.Huks.Core 1460 1461**Parameters** 1462 1463| Name | Type | Mandatory| Description | 1464| -------- | --------------------------- | ---- | -------------------------------------------- | 1465| keyAlias | string | Yes | Alias of the key to be imported.| 1466| params | [HuksOptions](#huksoptions) | Yes | Encryption type of the key to be imported. | 1467| wrappedKey | Uint8Array | Yes | Ciphertext of the key to be imported. | 1468 1469**Return value** 1470 1471| Type | Description | 1472| ---------------------------------------------- | ------------------------------------------------------------ | 1473| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result.| 1474 1475**Error codes** 1476 1477For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 1478 1479| ID| Error Message | 1480| -------- | ------------- | 1481| 801 | api is not supported. | 1482| 12000004 | operating file failed. | 1483| 12000005 | IPC communication failed. | 1484| 12000012 | Device environment or input parameter abnormal. | 1485| 12000014 | memory is insufficient. | 1486| 12000015 | Failed to obtain the security information via UserIAM. | 1487| 12000018 | the input parameter is invalid. | 1488 1489<!--RP3--><!--RP3End--> 1490 1491## huks.getKeyItemProperties<sup>9+</sup> 1492 1493getKeyItemProperties(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 1494 1495Obtains key properties. This API uses an asynchronous callback to return the result. 1496 1497**Atomic service API**: This API can be used in atomic services since API version 12. 1498 1499**System capability**: SystemCapability.Security.Huks.Core 1500 1501The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 1502 1503**Parameters** 1504 1505| Name | Type | Mandatory| Description | 1506| -------- | ---------------------------------------------------- | ---- | ------------------------------------------------------------ | 1507| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 1508| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 1509| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the result. If the operation is successful, no **err** value is returned; otherwise, an error code is returned. **properties** returns the parameters required for generating the key.| 1510 1511**Error codes** 1512 1513For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 1514 1515| ID| Error Message | 1516| -------- | ------------- | 1517| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1518| 801 | api is not supported. | 1519| 12000001 | algorithm mode is not supported. | 1520| 12000004 | operating file failed. | 1521| 12000005 | IPC communication failed. | 1522| 12000006 | error occurred in crypto engine. | 1523| 12000011 | queried entity does not exist. | 1524| 12000012 | Device environment or input parameter abnormal. | 1525| 12000014 | memory is insufficient. | 1526 1527**Example** 1528 1529```ts 1530import { huks } from '@kit.UniversalKeystoreKit'; 1531/* Set options to emptyOptions. */ 1532let keyAlias = 'keyAlias'; 1533let emptyOptions: huks.HuksOptions = { 1534 properties: [] 1535}; 1536 1537huks.getKeyItemProperties(keyAlias, emptyOptions, (error, data) => { 1538 if (error) { 1539 console.error(`callback: getKeyItemProperties failed`); 1540 } else { 1541 console.info(`callback: getKeyItemProperties success, data = ${JSON.stringify(data)}`); 1542 } 1543}); 1544``` 1545 1546## huks.getKeyItemProperties<sup>9+</sup> 1547 1548getKeyItemProperties(keyAlias: string, options: HuksOptions) : Promise\<HuksReturnResult> 1549 1550Obtains key properties. This API uses a promise to return the result. 1551 1552**Atomic service API**: This API can be used in atomic services since API version 12. 1553 1554**System capability**: SystemCapability.Security.Huks.Extension 1555 1556**Parameters** 1557 1558| Name | Type | Mandatory| Description | 1559| -------- | --------------------------- | ---- | -------------------------------------------- | 1560| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.| 1561| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 1562 1563**Return value** 1564 1565| Type | Description | 1566| ----------------------------------------------- | ------------------------------------------------------------ | 1567| Promise\<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. If the operation is successful, **properties** in **HuksReturnResult** holds the parameters required for generating the key.| 1568 1569**Error codes** 1570 1571For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 1572 1573| ID| Error Message | 1574| -------- | ------------- | 1575| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1576| 801 | api is not supported. | 1577| 12000001 | algorithm mode is not supported. | 1578| 12000004 | operating file failed. | 1579| 12000005 | IPC communication failed. | 1580| 12000006 | error occurred in crypto engine. | 1581| 12000011 | queried entity does not exist. | 1582| 12000012 | Device environment or input parameter abnormal. | 1583| 12000014 | memory is insufficient. | 1584 1585**Example** 1586 1587```ts 1588import { huks } from '@kit.UniversalKeystoreKit'; 1589/* Set options to emptyOptions. */ 1590let keyAlias = 'keyAlias'; 1591let emptyOptions: huks.HuksOptions = { 1592 properties: [] 1593}; 1594 1595huks.getKeyItemProperties(keyAlias, emptyOptions) 1596 .then ((data) => { 1597 console.info(`promise: getKeyItemProperties success, data = ${JSON.stringify(data)}`); 1598 }); 1599``` 1600 1601## huks.isKeyItemExist<sup>9+</sup> 1602 1603isKeyItemExist(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<boolean>) : void 1604 1605Checks whether a key exists. This API uses an asynchronous callback to return the result. 1606 1607**System capability**: SystemCapability.Security.Huks.Core 1608 1609**Parameters** 1610 1611| Name | Type | Mandatory| Description | 1612| -------- | --------------------------- | ---- |--------------------------------------------------------| 1613| keyAlias | string | Yes | Alias of the key to check. | 1614| options | [HuksOptions](#huksoptions) | Yes | Attribute tag of the key to be checked. If [HuksAuthStorageLevel](#huksauthstoragelevel11) is used to specify the security level of the key to be checked,<br>this parameter can be left empty. If the API version is 12 or later, the default value **CE** is passed in. If the API version is earlier than 12, the default value **DE** is passed in. | 1615| callback | AsyncCallback\<boolean> | Yes | Callback used to return the result. If the key exists, the value of **data** is **true**. If the key does not exist, the error code is stored in **err**.| 1616 1617**Error codes** 1618 1619For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 1620 1621| ID| Error Message | 1622| -------- | ------------- | 1623| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1624| 801 | api is not supported. | 1625| 12000004 | operating file failed. | 1626| 12000005 | IPC communication failed. | 1627| 12000006 | error occurred in crypto engine. | 1628| 12000011 | queried entity does not exist. | 1629| 12000012 | Device environment or input parameter abnormal. | 1630| 12000014 | memory is insufficient. | 1631 1632**Example** 1633 1634```ts 1635import { huks } from '@kit.UniversalKeystoreKit'; 1636/* Set options to emptyOptions. */ 1637let keyAlias = 'keyAlias'; 1638let emptyOptions: huks.HuksOptions = { 1639 properties: [] 1640}; 1641 1642huks.isKeyItemExist(keyAlias, emptyOptions, (error, data) => { 1643 if (error) { 1644 console.error(`callback: isKeyItemExist failed`); 1645 } else { 1646 if (data) { 1647 console.info(`keyAlias:${keyAlias} is existed!`) 1648 } else { 1649 console.error(`find key failed`) 1650 } 1651 } 1652}); 1653``` 1654 1655## huks.isKeyItemExist<sup>9+</sup> 1656 1657isKeyItemExist(keyAlias: string, options: HuksOptions) : Promise\<boolean> 1658 1659Checks whether a key exists. This API uses a promise to return the result. 1660 1661**System capability**: SystemCapability.Security.Huks.Extension 1662 1663**Parameters** 1664 1665| Name | Type | Mandatory| Description | 1666| -------- | --------------------------- | ---- | ------------------------ | 1667| keyAlias | string | Yes | Alias of the key to check. | 1668| options | [HuksOptions](#huksoptions) | Yes | Attribute tag of the key to be checked. If [HuksAuthStorageLevel](#huksauthstoragelevel11) is used to specify the security level of the key to be checked,<br>this parameter can be left empty. If the API version is 12 or later, the default value **CE** is passed in. If the API version is earlier than 12, the default value **DE** is passed in.| 1669 1670**Return value** 1671 1672| Type | Description | 1673| ----------------- | --------------------------------------- | 1674| Promise\<boolean> | Promise used to return the result. If the key exists, then() performs subsequent operations. If the key does not exist, error() performs the related service operations.| 1675 1676**Error codes** 1677 1678For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 1679 1680| ID| Error Message | 1681| -------- | ------------- | 1682| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1683| 801 | api is not supported. | 1684| 12000004 | operating file failed. | 1685| 12000005 | IPC communication failed. | 1686| 12000006 | error occurred in crypto engine. | 1687| 12000011 | queried entity does not exist. | 1688| 12000012 | Device environment or input parameter abnormal. | 1689| 12000014 | memory is insufficient. | 1690 1691**Example** 1692 1693```ts 1694import { huks } from '@kit.UniversalKeystoreKit'; 1695 1696/* Set options to emptyOptions. */ 1697let keyAlias = 'keyAlias'; 1698let emptyOptions: huks.HuksOptions = { 1699 properties: [] 1700}; 1701 1702huks.isKeyItemExist(keyAlias, emptyOptions).then((data) => { 1703 console.info(`keyAlias:${keyAlias} is existed!`) 1704}); 1705``` 1706 1707## huks.hasKeyItem<sup>11+</sup> 1708 1709hasKeyItem(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<boolean>) : void 1710 1711Checks whether a key exists. This API uses an asynchronous callback to return the result. 1712 1713**Atomic service API**: This API can be used in atomic services since API version 11. 1714 1715**System capability**: SystemCapability.Security.Huks.Core 1716 1717**Parameters** 1718 1719| Name | Type | Mandatory| Description | 1720| -------- | --------------------------- | ---- |--------------------------------------------------------| 1721| keyAlias | string | Yes | Alias of the key to check. | 1722| options | [HuksOptions](#huksoptions) | Yes | Attribute tag of the key to be checked. If [HuksAuthStorageLevel](#huksauthstoragelevel11) is used to specify the security level of the key to be checked,<br>this parameter can be left empty. If the API version is 12 or later, the default value **CE** is passed in. If the API version is earlier than 12, the default value **DE** is passed in. | 1723| callback | AsyncCallback\<boolean> | Yes | Callback used to return the result. If the key exists, **data** is **true**. Otherwise, **data** is **false**.| 1724 1725**Error codes** 1726 1727For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 1728 1729| ID| Error Message | 1730| -------- | ------------- | 1731| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1732| 801 | api is not supported. | 1733| 12000004 | operating file failed. | 1734| 12000005 | IPC communication failed. | 1735| 12000006 | error occurred in crypto engine. | 1736| 12000012 | Device environment or input parameter abnormal. | 1737| 12000014 | memory is insufficient. | 1738 1739**Example** 1740 1741```ts 1742import { huks } from '@kit.UniversalKeystoreKit'; 1743/* Set options to emptyOptions. */ 1744let keyAlias = 'keyAlias'; 1745let emptyOptions: huks.HuksOptions = { 1746 properties: [] 1747}; 1748 1749huks.hasKeyItem(keyAlias, emptyOptions, (error, data) => { 1750 if (error) { 1751 console.error(`callback: hasKeyItem failed`); 1752 } else { 1753 if (data) { 1754 console.info(`keyAlias:${keyAlias} is existed!`) 1755 } else { 1756 console.error(`find key failed`) 1757 } 1758 } 1759}); 1760``` 1761 1762## huks.hasKeyItem<sup>11+</sup> 1763 1764hasKeyItem(keyAlias: string, options: HuksOptions) : Promise\<boolean> 1765 1766Checks whether a key exists. This API uses a promise to return the result. 1767 1768**Atomic service API**: This API can be used in atomic services since API version 11. 1769 1770**System capability**: SystemCapability.Security.Huks.Extension 1771 1772**Parameters** 1773 1774| Name | Type | Mandatory| Description | 1775| -------- | --------------------------- | ---- | ------------------------ | 1776| keyAlias | string | Yes | Alias of the key to check. | 1777| options | [HuksOptions](#huksoptions) | Yes | Attribute tag of the key to be checked. If [HuksAuthStorageLevel](#huksauthstoragelevel11) is used to specify the security level of the key to be checked,<br>this parameter can be left empty. If the API version is 12 or later, the default value **CE** is passed in. If the API version is earlier than 12, the default value **DE** is passed in. | 1778 1779**Return value** 1780 1781| Type | Description | 1782| ----------------- | --------------------------------------- | 1783| Promise\<boolean> | Promise used to return the result. If the key exists, **true** is returned. If the key does not exist, **false** is returned.| 1784 1785**Error codes** 1786 1787For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 1788 1789| ID| Error Message | 1790| -------- | ------------- | 1791| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1792| 801 | api is not supported. | 1793| 12000004 | operating file failed. | 1794| 12000005 | IPC communication failed. | 1795| 12000006 | error occurred in crypto engine. | 1796| 12000012 | Device environment or input parameter abnormal. | 1797| 12000014 | memory is insufficient. | 1798 1799**Example** 1800 1801```ts 1802import { huks } from '@kit.UniversalKeystoreKit'; 1803 1804/* Set options to emptyOptions. */ 1805let keyAlias = 'keyAlias'; 1806let emptyOptions: huks.HuksOptions = { 1807 properties: [] 1808}; 1809 1810huks.hasKeyItem(keyAlias, emptyOptions).then((data) => { 1811 if (data) { 1812 console.info(`keyAlias:${keyAlias} is existed!`) 1813 } else { 1814 console.info(`find key failed!`) 1815 } 1816}); 1817``` 1818 1819## huks.initSession<sup>9+</sup> 1820 1821initSession(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksSessionHandle>) : void 1822 1823Initializes a session for a key operation. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1824 1825**Atomic service API**: This API can be used in atomic services since API version 11. 1826 1827**System capability**: SystemCapability.Security.Huks.Core 1828 1829**Parameters** 1830 1831| Name | Type | Mandatory| Description | 1832| -------- | ------------------------------------------------------- | ---- | ---------------------------------------------------- | 1833| keyAlias | string | Yes | Alias of the key involved in the **initSession** operation. | 1834| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **initSession** operation. | 1835| callback | AsyncCallback\<[HuksSessionHandle](#hukssessionhandle9)> | Yes | Callback used to return the result. The handle returned by the **initSession** operation is added to the callback.| 1836 1837**Error codes** 1838 1839For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 1840 1841| ID| Error Message | 1842| -------- | ------------- | 1843| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1844| 801 | api is not supported. | 1845| 12000001 | algorithm mode is not supported. | 1846| 12000002 | algorithm param is missing. | 1847| 12000003 | algorithm param is invalid. | 1848| 12000004 | operating file failed. | 1849| 12000005 | IPC communication failed. | 1850| 12000006 | error occurred in crypto engine. | 1851| 12000010 | the number of sessions has reached limit. | 1852| 12000011 | queried entity does not exist. | 1853| 12000012 | Device environment or input parameter abnormal. | 1854| 12000014 | memory is insufficient. | 1855 1856## huks.initSession<sup>9+</sup> 1857 1858initSession(keyAlias: string, options: HuksOptions) : Promise\<HuksSessionHandle> 1859 1860Initializes a session for a key operation. This API uses a promise to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1861 1862**Atomic service API**: This API can be used in atomic services since API version 11. 1863 1864**System capability**: SystemCapability.Security.Huks.Extension 1865 1866**Parameters** 1867 1868| Name | Type | Mandatory| Description | 1869| -------- | ------------------------------------------------- | ---- | ------------------------------------------------ | 1870| keyAlias | string | Yes | Alias of the key involved in the **initSession** operation. | 1871| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **initSession** operation. | 1872 1873**Return value** 1874 1875| Type | Description | 1876| ----------------------------------- | -------------------------------------------------- | 1877| Promise\<[HuksSessionHandle](#hukssessionhandle9)> | Promise used to return the result. The handle returned by the **initSession** operation is added to the callback.| 1878 1879**Error codes** 1880 1881For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 1882 1883| ID| Error Message | 1884| -------- | ------------- | 1885| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1886| 801 | api is not supported. | 1887| 12000001 | algorithm mode is not supported. | 1888| 12000002 | algorithm param is missing. | 1889| 12000003 | algorithm param is invalid. | 1890| 12000004 | operating file failed. | 1891| 12000005 | IPC communication failed. | 1892| 12000006 | error occurred in crypto engine. | 1893| 12000010 | the number of sessions has reached limit. | 1894| 12000011 | queried entity does not exist. | 1895| 12000012 | Device environment or input parameter abnormal. | 1896| 12000014 | memory is insufficient. | 1897 1898## huks.updateSession<sup>9+</sup> 1899 1900updateSession(handle: number, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 1901 1902Updates the key operation by segment. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1903 1904**Atomic service API**: This API can be used in atomic services since API version 11. 1905 1906**System capability**: SystemCapability.Security.Huks.Core 1907 1908**Parameters** 1909 1910| Name | Type | Mandatory| Description | 1911| -------- | ---------------------------------------------------- | ---- | -------------------------------------------- | 1912| handle | number | Yes | Handle of the **updateSession** operation, which is of the uint64 type. | 1913| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **updateSession** operation. | 1914| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the result. The result of the **updateSession** operation is added to the callback.| 1915 1916**Error codes** 1917 1918For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 1919 1920| ID| Error Message | 1921| -------- | ------------- | 1922| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1923| 801 | api is not supported. | 1924| 12000001 | algorithm mode is not supported. | 1925| 12000002 | algorithm param is missing. | 1926| 12000003 | algorithm param is invalid. | 1927| 12000004 | operating file failed. | 1928| 12000005 | IPC communication failed. | 1929| 12000006 | error occurred in crypto engine. | 1930| 12000007 | this credential is already invalidated permanently. | 1931| 12000008 | verify auth token failed. | 1932| 12000009 | auth token is already timeout. | 1933| 12000011 | queried entity does not exist. | 1934| 12000012 | Device environment or input parameter abnormal. | 1935| 12000014 | memory is insufficient. | 1936 1937## huks.updateSession<sup>9+</sup> 1938 1939updateSession(handle: number, options: HuksOptions, token: Uint8Array, callback: AsyncCallback\<HuksReturnResult>) : void 1940 1941Updates the key operation by segment. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1942 1943**Atomic service API**: This API can be used in atomic services since API version 12. 1944 1945**System capability**: SystemCapability.Security.Huks.Extension 1946 1947**Parameters** 1948 1949| Name | Type | Mandatory| Description | 1950| -------- | ---------------------------------------------------- | ---- | -------------------------------------------- | 1951| handle | number | Yes | Handle of the **updateSession** operation, which is of the uint64 type. | 1952| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **updateSession** operation. | 1953| token | Uint8Array | Yes | Authentication token for [refined key access control](../../security/UniversalKeystoreKit/huks-identity-authentication-overview.md#refined-key-access-control). | 1954| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the result. The result of the **updateSession** operation is added to the callback.| 1955 1956**Error codes** 1957 1958For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 1959 1960| ID| Error Message | 1961| -------- | ------------- | 1962| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 1963| 801 | api is not supported. | 1964| 12000001 | algorithm mode is not supported. | 1965| 12000002 | algorithm param is missing. | 1966| 12000003 | algorithm param is invalid. | 1967| 12000004 | operating file failed. | 1968| 12000005 | IPC communication failed. | 1969| 12000006 | error occurred in crypto engine. | 1970| 12000007 | this credential is already invalidated permanently. | 1971| 12000008 | verify auth token failed. | 1972| 12000009 | auth token is already timeout. | 1973| 12000011 | queried entity does not exist. | 1974| 12000012 | Device environment or input parameter abnormal. | 1975| 12000014 | memory is insufficient. | 1976 1977## huks.updateSession<sup>9+</sup> 1978 1979updateSession(handle: number, options: HuksOptions, token?: Uint8Array) : Promise\<HuksReturnResult> 1980 1981Updates the key operation by segment. This API uses a promise to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 1982 1983**Atomic service API**: This API can be used in atomic services since API version 11. 1984 1985**System capability**: SystemCapability.Security.Huks.Extension 1986 1987**Parameters** 1988 1989| Name | Type | Mandatory| Description | 1990| ------- | ---------------------------------------------- | ---- | -------------------------------------------- | 1991| handle | number | Yes | Handle of the **updateSession** operation, which is of the uint64 type. | 1992| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **updateSession** operation. | 1993| token | Uint8Array | No |Authentication token for [refined key access control](../../security/UniversalKeystoreKit/huks-identity-authentication-overview.md#refined-key-access-control). If this parameter is left blank, refined key access control is not performed. | 1994 1995**Return value** 1996 1997| Type | Description | 1998| ----------------------------------- | -------------------------------------------------- | 1999| Promise<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result. The result of the **updateSession** operation is added to the callback.| 2000 2001**Error codes** 2002 2003For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 2004 2005| ID| Error Message | 2006| -------- | ------------- | 2007| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2008| 801 | api is not supported. | 2009| 12000001 | algorithm mode is not supported. | 2010| 12000002 | algorithm param is missing. | 2011| 12000003 | algorithm param is invalid. | 2012| 12000004 | operating file failed. | 2013| 12000005 | IPC communication failed. | 2014| 12000006 | error occurred in crypto engine. | 2015| 12000007 | this credential is already invalidated permanently. | 2016| 12000008 | verify auth token failed. | 2017| 12000009 | auth token is already timeout. | 2018| 12000011 | queried entity does not exist. | 2019| 12000012 | Device environment or input parameter abnormal. | 2020| 12000014 | memory is insufficient. | 2021 2022## huks.finishSession<sup>9+</sup> 2023 2024finishSession(handle: number, options: HuksOptions, callback: AsyncCallback\<HuksReturnResult>) : void 2025 2026Finishes the key operation. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 2027 2028**Atomic service API**: This API can be used in atomic services since API version 11. 2029 2030**System capability**: SystemCapability.Security.Huks.Core 2031 2032**Parameters** 2033 2034| Name | Type | Mandatory| Description | 2035| -------- | ---------------------------------------------------- | ---- | -------------------------------------------- | 2036| handle | number | Yes | Handle of the **finishSession** operation, which is of the uint64 type. | 2037| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finishSession** operation. | 2038| callback | AsyncCallback<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the result. The result of the **finishSession** operation is added to the callback.| 2039 2040**Error codes** 2041 2042For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 2043 2044| ID| Error Message | 2045| -------- | ------------- | 2046| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2047| 801 | api is not supported. | 2048| 12000001 | algorithm mode is not supported. | 2049| 12000002 | algorithm param is missing. | 2050| 12000003 | algorithm param is invalid. | 2051| 12000004 | operating file failed. | 2052| 12000005 | IPC communication failed. | 2053| 12000006 | error occurred in crypto engine. | 2054| 12000007 | this credential is already invalidated permanently. | 2055| 12000008 | verify auth token failed. | 2056| 12000009 | auth token is already timeout. | 2057| 12000011 | queried entity does not exist. | 2058| 12000012 | Device environment or input parameter abnormal. | 2059| 12000014 | memory is insufficient. | 2060| 12000017 | The key with same alias is already exist. | 2061 2062## huks.finishSession<sup>9+</sup> 2063 2064finishSession(handle: number, options: HuksOptions, token: Uint8Array, callback: AsyncCallback\<HuksReturnResult>) : void 2065 2066Finishes the key operation. This API uses an asynchronous callback to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 2067 2068**Atomic service API**: This API can be used in atomic services since API version 12. 2069 2070**System capability**: SystemCapability.Security.Huks.Extension 2071 2072**Parameters** 2073 2074| Name | Type | Mandatory| Description | 2075| -------- | ----------------------------------------------------- | ---- | -------------------------------------------- | 2076| handle | number | Yes | Handle of the **finishSession** operation, which is of the uint64 type. | 2077| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finishSession** operation. | 2078| token | Uint8Array | Yes | Authentication token for [refined key access control](../../security/UniversalKeystoreKit/huks-identity-authentication-overview.md#refined-key-access-control). | 2079| callback | AsyncCallback\<[HuksReturnResult](#huksreturnresult9)> | Yes | Callback used to return the result. The result of the **finishSession** operation is added to the callback.| 2080 2081**Error codes** 2082 2083For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 2084 2085| ID| Error Message | 2086| -------- | ------------- | 2087| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2088| 801 | api is not supported. | 2089| 12000001 | algorithm mode is not supported. | 2090| 12000002 | algorithm param is missing. | 2091| 12000003 | algorithm param is invalid. | 2092| 12000004 | operating file failed. | 2093| 12000005 | IPC communication failed. | 2094| 12000006 | error occurred in crypto engine. | 2095| 12000007 | this credential is already invalidated permanently. | 2096| 12000008 | verify auth token failed. | 2097| 12000009 | auth token is already timeout. | 2098| 12000011 | queried entity does not exist. | 2099| 12000012 | Device environment or input parameter abnormal. | 2100| 12000014 | memory is insufficient. | 2101| 12000017 | The key with same alias is already exist. | 2102 2103## huks.finishSession<sup>9+</sup> 2104 2105finishSession(handle: number, options: HuksOptions, token?: Uint8Array) : Promise\<HuksReturnResult> 2106 2107Finishes the key operation. This API uses a promise to return the result. **huks.initSession**, **huks.updateSession**, and **huks.finishSession** must be used together. 2108 2109**Atomic service API**: This API can be used in atomic services since API version 11. 2110 2111**System capability**: SystemCapability.Security.Huks.Extension 2112 2113**Parameters** 2114 2115| Name | Type | Mandatory| Description | 2116| ------- | ----------------------------------------------- | ---- | ----------------------------------- | 2117| handle | number | Yes | Handle of the **finishSession** operation, which is of the uint64 type. | 2118| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finishSession** operation. | 2119| token | Uint8Array | No | Authentication token for [refined key access control](../../security/UniversalKeystoreKit/huks-identity-authentication-overview.md#refined-key-access-control). If this parameter is left blank, refined key access control is not performed. | 2120 2121**Return value** 2122 2123| Type | Description | 2124| ----------------------------------- | -------------------------------------------------- | 2125| Promise\<[HuksReturnResult](#huksreturnresult9)> | Promise used to return the result.| 2126 2127**Error codes** 2128 2129For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 2130 2131| ID| Error Message | 2132| -------- | ------------- | 2133| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2134| 801 | api is not supported. | 2135| 12000001 | algorithm mode is not supported. | 2136| 12000002 | algorithm param is missing. | 2137| 12000003 | algorithm param is invalid. | 2138| 12000004 | operating file failed. | 2139| 12000005 | IPC communication failed. | 2140| 12000006 | error occurred in crypto engine. | 2141| 12000007 | this credential is already invalidated permanently. | 2142| 12000008 | verify auth token failed. | 2143| 12000009 | auth token is already timeout. | 2144| 12000011 | queried entity does not exist. | 2145| 12000012 | Device environment or input parameter abnormal. | 2146| 12000014 | memory is insufficient. | 2147| 12000017 | The key with same alias is already exist. | 2148 2149## huks.abortSession<sup>9+</sup> 2150 2151abortSession(handle: number, options: HuksOptions, callback: AsyncCallback\<void>) : void 2152 2153Aborts a key operation. This API uses an asynchronous callback to return the result. 2154 2155**Atomic service API**: This API can be used in atomic services since API version 11. 2156 2157**System capability**: SystemCapability.Security.Huks.Core 2158 2159**Parameters** 2160 2161| Name | Type | Mandatory| Description | 2162| -------- | --------------------------- | ---- | ------------------------------------------- | 2163| handle | number | Yes | Handle of the **abortSession** operation, which is of the uint64 type. | 2164| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abortSession** operation. | 2165| callback | AsyncCallback\<void> | Yes | Callback used to return the result. The result of the **abortSession** operation is added to the callback.| 2166 2167**Error codes** 2168 2169For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 2170 2171| ID| Error Message | 2172| -------- | ------------- | 2173| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2174| 801 | api is not supported. | 2175| 12000004 | operating file failed. | 2176| 12000005 | IPC communication failed. | 2177| 12000006 | error occurred in crypto engine. | 2178| 12000012 | Device environment or input parameter abnormal. | 2179| 12000014 | memory is insufficient. | 2180 2181**Example** 2182 2183```ts 2184import { huks } from '@kit.UniversalKeystoreKit'; 2185/* huks.initSession, huks.updateSession, and huks.finishSession must be used together. 2186 * If an error occurs in any of huks.initSession, huks.updateSession, 2187 * and huks.finishSession operations, 2188 * huks.abortSession must be called to terminate the use of the key. 2189 * 2190 * The following uses a 2048-bit RSA key as an example. The callback-based APIs are used. 2191 */ 2192 2193let keyAlias = "HuksDemoRSA"; 2194let properties: Array<huks.HuksParam> = [] 2195let options: huks.HuksOptions = { 2196 properties: properties, 2197 inData: new Uint8Array(0) 2198}; 2199let handle: number = 0; 2200async function huksAbort() { 2201 properties[0] = { 2202 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 2203 value: huks.HuksKeyAlg.HUKS_ALG_RSA 2204 }; 2205 properties[1] = { 2206 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 2207 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 2208 }; 2209 properties[2] = { 2210 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 2211 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 2212 }; 2213 properties[3] = { 2214 tag: huks.HuksTag.HUKS_TAG_PADDING, 2215 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5 2216 }; 2217 properties[4] = { 2218 tag: huks.HuksTag.HUKS_TAG_DIGEST, 2219 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 2220 }; 2221 properties[5] = { 2222 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 2223 value: huks.HuksCipherMode.HUKS_MODE_ECB, 2224 } 2225 2226 huks.generateKeyItem(keyAlias, options, (error, data) => { 2227 if (error) { 2228 console.error(`callback: generateKeyItem failed`); 2229 } else { 2230 console.info(`callback: generateKeyItem success`); 2231 huks.initSession(keyAlias, options, (error, data) => { // Use abortSession to abort initSession. 2232 if (error) { 2233 console.error(`callback: initSession failed`); 2234 } else { 2235 console.info(`callback: initSession success, data = ${JSON.stringify(data)}`); 2236 handle = data.handle; 2237 huks.abortSession(handle, options, (error, data) => { 2238 if (error) { 2239 console.error(`callback: abortSession failed`); 2240 } else { 2241 console.info(`callback: abortSession success`); 2242 } 2243 }); 2244 } 2245 }); 2246 } 2247 }); 2248} 2249``` 2250 2251## huks.abortSession<sup>9+</sup> 2252 2253abortSession(handle: number, options: HuksOptions) : Promise\<void>; 2254 2255Aborts a key operation. This API uses a promise to return the result. 2256 2257**Atomic service API**: This API can be used in atomic services since API version 11. 2258 2259**System capability**: SystemCapability.Security.Huks.Extension 2260 2261**Parameters** 2262 2263| Name | Type | Mandatory| Description | 2264| ------- | --------------------------- | ---- | ------------------------------------------- | 2265| handle | number | Yes | Handle of the **abortSession** operation, which is of the uint64 type. | 2266| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abortSession** operation. | 2267 2268**Return value** 2269 2270| Type | Description | 2271| ----------------------------------- | -------------------------------------------------- | 2272| Promise\<void> | Promise used to return the result. The result of the **abortSession** operation is added to the callback.| 2273 2274**Error codes** 2275 2276For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 2277 2278| ID| Error Message | 2279| -------- | ------------- | 2280| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2281| 801 | api is not supported. | 2282| 12000004 | operating file failed. | 2283| 12000005 | IPC communication failed. | 2284| 12000006 | error occurred in crypto engine. | 2285| 12000012 | Device environment or input parameter abnormal. | 2286| 12000014 | memory is insufficient. | 2287 2288**Example** 2289 2290```ts 2291import { huks } from '@kit.UniversalKeystoreKit'; 2292/* huks.initSession, huks.updateSession, and huks.finishSession must be used together. 2293 * If an error occurs in any of huks.initSession, huks.updateSession, 2294 * and huks.finishSession operations, 2295 * huks.abortSession must be called to terminate the use of the key. 2296 * 2297 * The following uses a 2048-bit RSA key as an example. The promise-based APIs are used. 2298 */ 2299 2300function stringToUint8Array(str: string) { 2301 let arr: number[] = []; 2302 for (let i = 0, j = str.length; i < j; ++i) { 2303 arr.push(str.charCodeAt(i)); 2304 } 2305 let tmpUint8Array = new Uint8Array(arr); 2306 return tmpUint8Array; 2307} 2308 2309let keyAlias = "HuksDemoRSA"; 2310let properties: Array<huks.HuksParam> = [] 2311let options: huks.HuksOptions = { 2312 properties: properties, 2313 inData: new Uint8Array(0) 2314}; 2315let handle: number = 0; 2316 2317async function generateKey() { 2318 properties[0] = { 2319 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 2320 value: huks.HuksKeyAlg.HUKS_ALG_RSA 2321 }; 2322 properties[1] = { 2323 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 2324 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 2325 }; 2326 properties[2] = { 2327 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 2328 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 2329 }; 2330 properties[3] = { 2331 tag: huks.HuksTag.HUKS_TAG_PADDING, 2332 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS1_V1_5 2333 }; 2334 properties[4] = { 2335 tag: huks.HuksTag.HUKS_TAG_DIGEST, 2336 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 2337 }; 2338 properties[5] = { 2339 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 2340 value: huks.HuksCipherMode.HUKS_MODE_ECB, 2341 } 2342 2343 await huks.generateKeyItem(keyAlias, options) 2344 .then((data) => { 2345 console.info(`promise: generateKeyItem success`); 2346 }); 2347} 2348 2349async function huksInit() { 2350 console.info('enter huksInit'); 2351 await huks.initSession(keyAlias, options) 2352 .then((data) => { 2353 console.info(`promise: initSession success, data = ${JSON.stringify(data)}`); 2354 handle = data.handle; 2355 }); 2356} 2357 2358async function huksUpdate() { 2359 console.info('enter huksUpdate'); 2360 options.inData = stringToUint8Array("huksHmacTest"); 2361 await huks.updateSession(handle, options) 2362 .then((data) => { 2363 console.info(`promise: updateSession success, data = ${JSON.stringify(data)}`); 2364 }); 2365} 2366 2367async function huksFinish() { 2368 console.info('enter huksFinish'); 2369 options.inData = new Uint8Array(0); 2370 await huks.finishSession(handle, options) 2371 .then((data) => { 2372 console.info(`promise: finishSession success, data = ${JSON.stringify(data)}`); 2373 }); 2374} 2375 2376async function huksAbort() { 2377 console.info('enter huksAbort'); 2378 await huks.abortSession(handle, options) 2379 .then((data) => { 2380 console.info(`promise: abortSession success`); 2381 }); 2382} 2383 2384async function testAbort() { 2385 await generateKey(); 2386 await huksInit(); // Use abortSession to abort initSession. 2387 await huksAbort(); 2388} 2389``` 2390 2391## huks.listAliases<sup>12+</sup> 2392 2393listAliases(options: HuksOptions): Promise\<HuksListAliasesReturnResult>; 2394 2395Lists key aliases. This API uses a promise to return the result. 2396 2397**Atomic service API**: This API can be used in atomic services since API version 12. 2398 2399**System capability**: SystemCapability.Security.Huks.Extension 2400 2401**Parameters** 2402 2403| Name | Type | Mandatory| Description | 2404| ------- | --------------------------- | ---- | ------------------------------------------- | 2405| options | [HuksOptions](#huksoptions) | Yes | Parameters for listing key aliases. | 2406 2407 2408**Return value** 2409 2410| Type | Description | 2411| ----------------------------------- | -------------------------------------------------- | 2412| Promise<[HuksListAliasesReturnResult](#hukslistaliasesreturnresult12)> | Promise used to return the result. The result of the **listAliases** operation is added to the callback.| 2413 2414**Error codes** 2415 2416For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 2417 2418| ID| Error Message | 2419| -------- | ------------- | 2420| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified. 2. Incorrect parameter types. 3. Parameter verification failed. | 2421| 12000004 | operating file failed. | 2422| 12000005 | IPC communication failed. | 2423| 12000012 | Device environment or input parameter abnormal. | 2424| 12000014 | memory is insufficient. | 2425 2426**Example** 2427 2428```ts 2429import { huks } from '@kit.UniversalKeystoreKit' 2430 2431async function testListAliases() { 2432 let queryProperties: Array<huks.HuksParam> = [ 2433 { 2434 tag: huks.HuksTag.HUKS_TAG_AUTH_STORAGE_LEVEL, 2435 value: huks.HuksAuthStorageLevel.HUKS_AUTH_STORAGE_LEVEL_DE 2436 } 2437 ]; 2438 let queryOptions: huks.HuksOptions = { 2439 properties: queryProperties 2440 }; 2441 2442 let result: huks.HuksListAliasesReturnResult = await huks.listAliases(queryOptions); 2443 console.info(`promise: listAliases success`); 2444} 2445``` 2446 2447 2448## HuksExceptionErrCode<sup>9+</sup> 2449 2450Enumerates error codes and error details. 2451 2452For details about the error codes, see [Universal Error Codes](../errorcode-universal.md) and [HUKS Error Codes](errorcode-huks.md). 2453 2454**System capability**: SystemCapability.Security.Huks.Core 2455 2456| Name | Value| Description | 2457| ---------------------------------------------- | -------- |--------------------------- | 2458| HUKS_ERR_CODE_PERMISSION_FAIL | 201 | Permission verification failed.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2459| HUKS_ERR_CODE_NOT_SYSTEM_APP<sup>12+</sup> | 202 | The caller is not a system application and cannot call the system API.<br> **System capability**: SystemCapability.Security.Huks.Core | 2460| HUKS_ERR_CODE_ILLEGAL_ARGUMENT | 401 | Invalid parameters are detected. Possible causes: 1. Mandatory parameters are left unspecified.2. Incorrect parameter types.3. Parameter verification failed.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2461| HUKS_ERR_CODE_NOT_SUPPORTED_API | 801 | The API is not supported.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2462| HUKS_ERR_CODE_FEATURE_NOT_SUPPORTED | 12000001 | The feature is not supported.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2463| HUKS_ERR_CODE_MISSING_CRYPTO_ALG_ARGUMENT | 12000002 | Key algorithm parameters are missing.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2464| HUKS_ERR_CODE_INVALID_CRYPTO_ALG_ARGUMENT | 12000003 | Invalid key algorithm parameters are detected.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2465| HUKS_ERR_CODE_FILE_OPERATION_FAIL | 12000004 | The file operation failed.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2466| HUKS_ERR_CODE_COMMUNICATION_FAIL | 12000005 | The communication failed.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2467| HUKS_ERR_CODE_CRYPTO_FAIL | 12000006 | Failed to operate the algorithm library.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2468| HUKS_ERR_CODE_KEY_AUTH_PERMANENTLY_INVALIDATED | 12000007 | Failed to access the key because the key has expired.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2469| HUKS_ERR_CODE_KEY_AUTH_VERIFY_FAILED | 12000008 | Failed to access the key because the authentication has failed.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2470| HUKS_ERR_CODE_KEY_AUTH_TIME_OUT | 12000009 | Key access timed out.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2471| HUKS_ERR_CODE_SESSION_LIMIT | 12000010 | The number of key operation sessions has reached the limit.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2472| HUKS_ERR_CODE_ITEM_NOT_EXIST | 12000011 | The target object does not exist.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2473| HUKS_ERR_CODE_EXTERNAL_ERROR | 12000012 | An external error occurs.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2474| HUKS_ERR_CODE_CREDENTIAL_NOT_EXIST | 12000013 | The credential does not exist.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2475| HUKS_ERR_CODE_INSUFFICIENT_MEMORY | 12000014 | The memory is insufficient.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2476| HUKS_ERR_CODE_CALL_SERVICE_FAILED | 12000015 | Failed to call other system services.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core | 2477| HUKS_ERR_CODE_DEVICE_PASSWORD_UNSET<sup>11+</sup> | 12000016 | The required lock screen password is not set.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension | 2478| HUKS_ERR_CODE_KEY_ALREADY_EXIST<sup>20+</sup> | 12000017 | A key with the same name already exists.<br>**Atomic service API**: This API can be used in atomic services since API version 20.<br> **System capability**: SystemCapability.Security.Huks.Core | 2479| HUKS_ERR_CODE_INVALID_ARGUMENT<sup>20+</sup> | 12000018 | The argument is invalid.<br>**Atomic service API**: This API can be used in atomic services since API version 20.<br> **System capability**: SystemCapability.Security.Huks.Core | 2480 2481## HuksKeyPurpose 2482 2483Enumerates the key purposes. 2484 2485A key can be used only for a single purpose. You cannot use the same key for both encryption/decryption and signature verification. 2486 2487**System capability**: SystemCapability.Security.Huks.Core 2488 2489| Name | Value | Description | 2490| ------------------------ | ---- | -------------------------------- | 2491| HUKS_KEY_PURPOSE_ENCRYPT | 1 | Used to encrypt the plaintext.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2492| HUKS_KEY_PURPOSE_DECRYPT | 2 | Used to decrypt the cipher text.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2493| HUKS_KEY_PURPOSE_SIGN | 4 | Used for signing.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2494| HUKS_KEY_PURPOSE_VERIFY | 8 | Used to verify the signature.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2495| HUKS_KEY_PURPOSE_DERIVE | 16 | Used to derive a key.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2496| HUKS_KEY_PURPOSE_WRAP | 32 | Used for an encrypted export.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2497| HUKS_KEY_PURPOSE_UNWRAP | 64 | Used for an encrypted import.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2498| HUKS_KEY_PURPOSE_MAC | 128 | Used to generate a message authentication code (MAC).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2499| HUKS_KEY_PURPOSE_AGREE | 256 | Used for key agreement.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2500 2501## HuksKeyDigest 2502 2503Enumerates the digest algorithms. 2504 2505**Atomic service API**: This API can be used in atomic services since API version 12. 2506 2507**System capability**: SystemCapability.Security.Huks.Core 2508 2509The system capability is **SystemCapability.Security.Huks.Extension** in API versions 8 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 2510 2511| Name | Value | Description | 2512| ---------------------- | ---- | ---------------------------------------- | 2513| HUKS_DIGEST_NONE | 0 | No digest algorithm<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2514| HUKS_DIGEST_MD5 | 1 | MD5<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2515| HUKS_DIGEST_SM3<sup>9+</sup> | 2 | SM3<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup>| 2516| HUKS_DIGEST_SHA1 | 10 | SHA-1<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2517| HUKS_DIGEST_SHA224 | 11 | SHA-224<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2518| HUKS_DIGEST_SHA256 | 12 | SHA-256<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2519| HUKS_DIGEST_SHA384 | 13 | SHA-384<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2520| HUKS_DIGEST_SHA512 | 14 | SHA-512<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2521 2522## HuksKeyPadding 2523 2524Enumerates the padding algorithms. 2525 2526**System capability**: SystemCapability.Security.Huks.Core 2527 2528| Name | Value | Description | 2529| ---------------------- | ---- | ---------------------------------------- | 2530| HUKS_PADDING_NONE | 0 | No padding algorithm is used.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2531| HUKS_PADDING_OAEP | 1 | Optimal Asymmetric Encryption Padding (OAEP).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2532| HUKS_PADDING_PSS | 2 | Probabilistic Signature Scheme (PSS).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2533| HUKS_PADDING_PKCS1_V1_5 | 3 | Public Key Cryptography Standards (PKCS) #1 v1.5.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2534| HUKS_PADDING_PKCS5 | 4 | PKCS #5.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2535| HUKS_PADDING_PKCS7 | 5 | PKCS #7.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2536| HUKS_PADDING_ISO_IEC_9796_2<sup>12+</sup> | 6 | ISO_IEC_9796_2<!--Del--> (not supported currently) <!--DelEnd-->.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2537| HUKS_PADDING_ISO_IEC_9797_1<sup>12+</sup> | 7 | ISO_IEC_9797_1<!--Del--> (not supported currently) <!--DelEnd-->.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2538 2539## HuksCipherMode 2540 2541Enumerates the cipher modes. 2542 2543**System capability**: SystemCapability.Security.Huks.Core 2544 2545| Name | Value | Description | 2546| ------------- | ---- | --------------------- | 2547| HUKS_MODE_ECB | 1 | Electronic Code Block (ECB) mode.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2548| HUKS_MODE_CBC | 2 | Cipher Block Chaining (CBC) mode.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2549| HUKS_MODE_CTR | 3 | Counter (CTR) mode.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2550| HUKS_MODE_OFB | 4 | Output Feedback (OFB) mode.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2551| HUKS_MODE_CFB<sup>12+</sup> | 5 | Ciphertext Feedback (CFB) mode.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2552| HUKS_MODE_CCM | 31 | Counter with CBC-MAC (CCM) mode.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2553| HUKS_MODE_GCM | 32 | Galois/Counter (GCM) mode.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2554 2555## HuksKeySize 2556 2557Enumerates the key sizes. 2558 2559**System capability**: SystemCapability.Security.Huks.Core 2560 2561| Name | Value | Description | 2562| ---------------------------------- | ---- | ------------------------------------------ | 2563| HUKS_RSA_KEY_SIZE_512 | 512 | Rivest-Shamir-Adleman (RSA) key of 512 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2564| HUKS_RSA_KEY_SIZE_768 | 768 | RSA key of 768 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2565| HUKS_RSA_KEY_SIZE_1024 | 1024 | RSA key of 1024 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2566| HUKS_RSA_KEY_SIZE_2048 | 2048 | RSA key of 2048 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2567| HUKS_RSA_KEY_SIZE_3072 | 3072 | RSA key of 3072 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2568| HUKS_RSA_KEY_SIZE_4096 | 4096 | RSA key of 4096 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2569| HUKS_ECC_KEY_SIZE_224 | 224 | Elliptic Curve Cryptography (ECC) key of 224 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2570| HUKS_ECC_KEY_SIZE_256 | 256 | ECC key of 256 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2571| HUKS_ECC_KEY_SIZE_384 | 384 | ECC key of 384 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2572| HUKS_ECC_KEY_SIZE_521 | 521 | ECC key of 521 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2573| HUKS_AES_KEY_SIZE_128 | 128 | Advanced Encryption Standard (AES) key of 128 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2574| HUKS_AES_KEY_SIZE_192 | 192 | AES key of 192 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2575| HUKS_AES_KEY_SIZE_256 | 256 | AES key of 256 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2576| HUKS_AES_KEY_SIZE_512<sup>(deprecated)</sup> | 512 | AES key of 512 bits. This API is deprecated since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2577| HUKS_CURVE25519_KEY_SIZE_256 | 256 | Curve25519 key of 256 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2578| HUKS_DH_KEY_SIZE_2048 | 2048 | Diffie-Hellman (DH) key of 2048 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2579| HUKS_DH_KEY_SIZE_3072 | 3072 | DH key of 3072 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2580| HUKS_DH_KEY_SIZE_4096 | 4096 | DH key of 4096 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2581| HUKS_SM2_KEY_SIZE_256<sup>9+</sup> | 256 | ShangMi2 (SM2) key of 256 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup>| 2582| HUKS_SM4_KEY_SIZE_128<sup>9+</sup> | 128 | ShangMi4 (SM4) key of 128 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup>| 2583| HUKS_DES_KEY_SIZE_64<sup>12+</sup> | 64 | DES key of 64 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2584| HUKS_3DES_KEY_SIZE_128<sup>12+</sup> | 128 | 3DES key of 128 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2585| HUKS_3DES_KEY_SIZE_192<sup>12+</sup> | 192 | 3DES key of 192 bits.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2586 2587## HuksKeyAlg 2588 2589Enumerates the key algorithms. 2590 2591**System capability**: SystemCapability.Security.Huks.Core 2592 2593| Name | Value | Description | 2594| ------------------------- | ---- | --------------------- | 2595| HUKS_ALG_RSA | 1 | RSA.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2596| HUKS_ALG_ECC | 2 | ECC.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2597| HUKS_ALG_DSA | 3 | DSA.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2598| HUKS_ALG_AES | 20 | AES.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2599| HUKS_ALG_HMAC | 50 | HMAC.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2600| HUKS_ALG_HKDF | 51 | HKDF.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2601| HUKS_ALG_PBKDF2 | 52 | PBKDF2.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2602| HUKS_ALG_ECDH | 100 | ECDH.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2603| HUKS_ALG_X25519 | 101 | X25519. <br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2604| HUKS_ALG_ED25519 | 102 | Ed25519.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2605| HUKS_ALG_DH | 103 | DH.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2606| HUKS_ALG_SM2<sup>9+</sup> | 150 | SM2.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup>| 2607| HUKS_ALG_SM3<sup>9+</sup> | 151 | SM3.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup>| 2608| HUKS_ALG_SM4<sup>9+</sup> | 152 | SM4.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup>| 2609| HUKS_ALG_DES<sup>12+</sup> | 160 | DES (supported<!--RP4--> for lightweight devices<!--RP4End--> since API version 12; supported<!--RP5--> for standard devices<!--RP5End--> since API version 18).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2610| HUKS_ALG_3DES<sup>12+</sup> | 161 | 3DES (supported<!--RP4--> for lightweight devices<!--RP4End--> since API version 12; supported<!--RP5--> for standard devices<!--RP5End--> since API version 18).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2611| HUKS_ALG_CMAC<sup>12+</sup> | 162 | CMAC (supported<!--RP4--> for lightweight devices<!--RP4End--> since API version 12; supported<!--RP5--> for standard devices<!--RP5End--> since API version 18).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2612 2613## HuksKeyGenerateType 2614 2615Enumerates the key generation types. 2616 2617**Atomic service API**: This API can be used in atomic services since API version 12. 2618 2619**System capability**: SystemCapability.Security.Huks.Core 2620 2621The system capability is **SystemCapability.Security.Huks.Extension** in API versions 8 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 2622 2623| Name | Value | Description | 2624| ------------------------------ | ---- | ---------------- | 2625| HUKS_KEY_GENERATE_TYPE_DEFAULT | 0 | Key generated by default.| 2626| HUKS_KEY_GENERATE_TYPE_DERIVE | 1 | Derived key.| 2627| HUKS_KEY_GENERATE_TYPE_AGREE | 2 | Key generated by agreement.| 2628 2629## HuksKeyFlag 2630 2631Enumerates the key generation modes. 2632 2633**Atomic service API**: This API can be used in atomic services since API version 12. 2634 2635**System capability**: SystemCapability.Security.Huks.Core 2636 2637| Name | Value | Description | 2638| -------------------------- | ---- | ------------------------------------ | 2639| HUKS_KEY_FLAG_IMPORT_KEY | 1 | Import a key using an API. | 2640| HUKS_KEY_FLAG_GENERATE_KEY | 2 | Generate a key by using an API. | 2641| HUKS_KEY_FLAG_AGREE_KEY | 3 | Generate a key by using a key agreement API.| 2642| HUKS_KEY_FLAG_DERIVE_KEY | 4 | Derive a key by using an API.| 2643 2644## HuksKeyStorageType 2645 2646Enumerates the key storage modes. 2647 2648**System capability**: SystemCapability.Security.Huks.Core 2649 2650| Name | Value | Description | 2651| -------------------------------------------- | ---- | ------------------------------ | 2652| HUKS_STORAGE_TEMP<sup>(deprecated)</sup> | 0 | The key is managed locally.<br> > **NOTE**<br>This tag is deprecated since API version 10. No substitute is provided because this tag is not used in key management. In key derivation scenarios, use **HUKS_STORAGE_ONLY_USED_IN_HUKS** or **HUKS_STORAGE_KEY_EXPORT_ALLOWED**.<br> **System capability**: SystemCapability.Security.Huks.Core| 2653| HUKS_STORAGE_PERSISTENT<sup>(deprecated)</sup> | 1 | The key is managed by the HUKS service.<br> > **NOTE**<br>This tag is deprecated since API version 10. No substitute is provided because this tag is not used in key management. In key derivation scenarios, use **HUKS_STORAGE_ONLY_USED_IN_HUKS** or **HUKS_STORAGE_KEY_EXPORT_ALLOWED**.<br> **System capability**: SystemCapability.Security.Huks.Core| 2654| HUKS_STORAGE_ONLY_USED_IN_HUKS<sup>10+</sup> | 2 | The key derived from the master key is stored in the HUKS and managed by the HUKS.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>10-11</sup>| 2655| HUKS_STORAGE_KEY_EXPORT_ALLOWED<sup>10+</sup> | 3 | The key derived from the master key is exported to the service, and not managed by the HUKS.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>10-11</sup>| 2656 2657## HuksSendType 2658 2659Enumerates the tag transfer modes. 2660 2661**Atomic service API**: This API can be used in atomic services since API version 12. 2662 2663**System capability**: SystemCapability.Security.Huks.Core 2664 2665The system capability is **SystemCapability.Security.Huks.Extension** in API versions 8 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 2666 2667| Name | Value | Description | 2668| -------------------- | ---- | ----------------- | 2669| HUKS_SEND_TYPE_ASYNC | 0 | The tag is sent asynchronously.| 2670| HUKS_SEND_TYPE_SYNC | 1 | The tag is sent synchronously.| 2671 2672## HuksUnwrapSuite<sup>9+</sup> 2673 2674Enumerates the algorithm suites that can be used for importing a key in ciphertext. 2675 2676**Atomic service API**: This API can be used in atomic services since API version 12. 2677 2678**System capability**: SystemCapability.Security.Huks.Core 2679 2680The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 2681 2682| Name | Value | Description | 2683| ---------------------------------------------- | ---- | ----------------------------------------------------- | 2684| HUKS_UNWRAP_SUITE_X25519_AES_256_GCM_NOPADDING | 1 | Use X25519 for key agreement and then use AES-256 GCM to encrypt the key.| 2685| HUKS_UNWRAP_SUITE_ECDH_AES_256_GCM_NOPADDING | 2 | Use ECDH for key agreement and then use AES-256 GCM to encrypt the key. | 2686 2687## HuksImportKeyType<sup>9+</sup> 2688 2689Enumerates the types of keys to import. By default, a public key is imported. This field is not required when a symmetric key is imported. 2690 2691**Atomic service API**: This API can be used in atomic services since API version 12. 2692 2693**System capability**: SystemCapability.Security.Huks.Core 2694 2695The system capability is **SystemCapability.Security.Huks.Extension** in API versions 9 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 2696 2697| Name | Value | Description | 2698| ------------------------- | ---- | ------------------------------ | 2699| HUKS_KEY_TYPE_PUBLIC_KEY | 0 | Public key | 2700| HUKS_KEY_TYPE_PRIVATE_KEY | 1 | Private key | 2701| HUKS_KEY_TYPE_KEY_PAIR | 2 | Public and private key pair| 2702 2703## HuksRsaPssSaltLenType<sup>10+</sup> 2704 2705Enumerates the **salt_len** types to set when PSS padding is used in RSA signing or signature verification. 2706 2707**Atomic service API**: This API can be used in atomic services since API version 12. 2708 2709**System capability**: SystemCapability.Security.Huks.Core 2710 2711The system capability is **SystemCapability.Security.Huks.Extension** in API versions 10 to 11, and **SystemCapability.Security.Huks.Core** since API version 12. 2712 2713| Name | Value | Description | 2714| ------------------------------------------ | ---- | ---------------------------- | 2715| HUKS_RSA_PSS_SALT_LEN_DIGEST | 0 | **salt_len** is set to the digest length.| 2716| HUKS_RSA_PSS_SALT_LEN_MAX | 1 | **salt_len** is set to the maximum length.| 2717 2718## HuksUserAuthType<sup>9+</sup> 2719 2720Enumerates the user authentication types. 2721 2722**System capability**: SystemCapability.Security.Huks.Extension 2723 2724| Name | Value | Description | 2725| ------------------------------- | ---- | ------------------------- | 2726| HUKS_USER_AUTH_TYPE_FINGERPRINT | 1 << 0 | Fingerprint authentication.<br>**Atomic service API**: This API can be used in atomic services since API version 12. | 2727| HUKS_USER_AUTH_TYPE_FACE | 1 << 1 | Facial authentication.<br>**Atomic service API**: This API can be used in atomic services since API version 12.| 2728| HUKS_USER_AUTH_TYPE_PIN | 1 << 2 | PIN authentication.<br>**Atomic service API**: This API can be used in atomic services since API version 12.| 2729| HUKS_USER_AUTH_TYPE_TUI_PIN<sup>20+</sup> | 1 << 5 | TUI PIN authentication. <!--Del--> (not supported currently)<!--DelEnd--> | 2730 2731## HuksUserAuthMode<sup>12+</sup> 2732 2733Enumerates the user authentication modes. 2734 2735**Atomic service API**: This API can be used in atomic services since API version 12. 2736 2737**System capability**: SystemCapability.Security.Huks.Extension 2738 2739| Name | Value | Description | 2740| ------------------------------- | ---- | ------------------------- | 2741| HUKS_USER_AUTH_MODE_LOCAL | 0 | Local authentication. | 2742| HUKS_USER_AUTH_MODE_COAUTH | 1 | Cross-device collaborative authentication.| 2743 2744## HuksAuthAccessType<sup>9+</sup> 2745 2746Enumerates the access control types. 2747 2748**Atomic service API**: This API can be used in atomic services since API version 12. 2749 2750**System capability**: SystemCapability.Security.Huks.Extension 2751 2752| Name | Value | Description | 2753| --------------------------------------- | ---- | ------------------------------------------------ | 2754| HUKS_AUTH_ACCESS_INVALID_CLEAR_PASSWORD | 1 << 0 | The key becomes invalid after the password is cleared. | 2755| HUKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL | 1 << 1 | The key becomes invalid after a new biometric feature is added.| 2756| HUKS_AUTH_ACCESS_ALWAYS_VALID<sup>11+</sup> | 1 << 2 | The key is always valid.| 2757 2758## HuksChallengeType<sup>9+</sup> 2759 2760Enumerates the types of the challenges generated when a key is used. 2761 2762**Atomic service API**: This API can be used in atomic services since API version 12. 2763 2764**System capability**: SystemCapability.Security.Huks.Extension 2765 2766| Name | Value | Description | 2767| ------------------------------- | ---- | ------------------------------ | 2768| HUKS_CHALLENGE_TYPE_NORMAL | 0 | Normal challenge, which is of 32 bytes by default.| 2769| HUKS_CHALLENGE_TYPE_CUSTOM | 1 | Custom challenge, which supports only one authentication for multiple keys.| 2770| HUKS_CHALLENGE_TYPE_NONE | 2 | Challenge is not required.| 2771 2772## HuksChallengePosition<sup>9+</sup> 2773 2774Enumerates the positions of the 8-byte valid value in a custom challenge generated. 2775 2776**Atomic service API**: This API can be used in atomic services since API version 12. 2777 2778**System capability**: SystemCapability.Security.Huks.Extension 2779 2780| Name | Value | Description | 2781| ------------------------------- | ---- | ------------------------------ | 2782| HUKS_CHALLENGE_POS_0 | 0 | Bytes 0 to 7.| 2783| HUKS_CHALLENGE_POS_1 | 1 | Bytes 8 to 15.| 2784| HUKS_CHALLENGE_POS_2 | 2 | Bytes 16 to 23.| 2785| HUKS_CHALLENGE_POS_3 | 3 | Bytes 24 to 31.| 2786 2787## HuksSecureSignType<sup>9+</sup> 2788 2789Enumerates the signature types of the key generated or imported. 2790 2791**Atomic service API**: This API can be used in atomic services since API version 12. 2792 2793**System capability**: SystemCapability.Security.Huks.Extension 2794 2795| Name | Value | Description | 2796| ------------------------------ | ---- | ------------------------------------------------------------ | 2797| HUKS_SECURE_SIGN_WITH_AUTHINFO | 1 | The signature carries authentication information. This field is specified when a key is generated or imported. When the key is used for signing, the data will be added with the authentication information and then be signed.<br>Note: The carried authentication information includes identity information. You need to describe the purpose, retention policy, and destruction method of the identity information in the privacy statement.| 2798 2799## HuksAuthStorageLevel<sup>11+</sup> 2800 2801Enumerates the storage security levels of a key. 2802 2803**Atomic service API**: This API can be used in atomic services since API version 12. 2804 2805**System capability**: SystemCapability.Security.Huks.Core 2806 2807The system capability is **SystemCapability.Security.Huks.Extension** in API version 11, and **SystemCapability.Security.Huks.Core** since API version 12. 2808 2809| Name | Value | Description | 2810| ------------------------------ | ---- | ------------------------------------------------------------ | 2811| HUKS_AUTH_STORAGE_LEVEL_DE | 0 | The key can be accessed only after the device is started.| 2812| HUKS_AUTH_STORAGE_LEVEL_CE | 1 | The key can be accessed only after the first unlock of the device.| 2813| HUKS_AUTH_STORAGE_LEVEL_ECE | 2 | The key can be accessed only when the device is unlocked.| 2814 2815## HuksKeyWrapType<sup>20+</sup> 2816 2817Enumerates the key encryption types (exporting or importing keys). 2818 2819**Atomic service API**: This API can be used in atomic services since API version 20. 2820 2821**System capability**: SystemCapability.Security.Huks.Core 2822 2823| Name | Value | Description | 2824| ------------------------------ | ---- | ------------------------------------------------------------ | 2825| HUKS_KEY_WRAP_TYPE_HUK_BASED | 2 | Hardware unique key encryption type. <!--Del--> (not supported currently)<!--DelEnd--> | 2826 2827## HuksTagType 2828 2829Enumerates the tag data types. 2830 2831**Atomic service API**: This API can be used in atomic services since API version 11. 2832 2833**System capability**: SystemCapability.Security.Huks.Core 2834 2835| Name | Value | Description | 2836| --------------------- | ------- | --------------------------------------- | 2837| HUKS_TAG_TYPE_INVALID | 0 << 28 | Invalid tag type. | 2838| HUKS_TAG_TYPE_INT | 1 << 28 | Number of the int type. | 2839| HUKS_TAG_TYPE_UINT | 2 << 28 | Number of the uint type.| 2840| HUKS_TAG_TYPE_ULONG | 3 << 28 | BigInt. | 2841| HUKS_TAG_TYPE_BOOL | 4 << 28 | Boolean. | 2842| HUKS_TAG_TYPE_BYTES | 5 << 28 | Uint8Array. | 2843 2844## HuksTag 2845 2846Enumerates the tags used to invoke parameters. 2847 2848**System capability**: SystemCapability.Security.Huks.Core 2849 2850| Name | Value | Description | 2851| ----------------------------------------------------------- | ---------------------------------------- | ------------------------------------------------------------ | 2852| HUKS_TAG_INVALID<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_INVALID \| 0 | Invalid tag. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core| 2853| HUKS_TAG_ALGORITHM | HuksTagType.HUKS_TAG_TYPE_UINT \| 1 | Algorithm.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2854| HUKS_TAG_PURPOSE | HuksTagType.HUKS_TAG_TYPE_UINT \| 2 | Purpose of the key.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2855| HUKS_TAG_KEY_SIZE | HuksTagType.HUKS_TAG_TYPE_UINT \| 3 | Key size.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2856| HUKS_TAG_DIGEST | HuksTagType.HUKS_TAG_TYPE_UINT \| 4 | Digest algorithm.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2857| HUKS_TAG_PADDING | HuksTagType.HUKS_TAG_TYPE_UINT \| 5 | Padding mode.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2858| HUKS_TAG_BLOCK_MODE | HuksTagType.HUKS_TAG_TYPE_UINT \| 6 | Cipher mode.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2859| HUKS_TAG_KEY_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 7 | Key type.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2860| HUKS_TAG_ASSOCIATED_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 8 | Associated authentication data.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2861| HUKS_TAG_NONCE | HuksTagType.HUKS_TAG_TYPE_BYTES \| 9 | Nonce for key encryption and decryption.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2862| HUKS_TAG_IV | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10 | IV.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2863| HUKS_TAG_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 11 | Information generated during key derivation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2864| HUKS_TAG_SALT | HuksTagType.HUKS_TAG_TYPE_BYTES \| 12 | Salt value used for key derivation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2865| HUKS_TAG_PWD<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 13 | Password used for key derivation. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core| 2866| HUKS_TAG_ITERATION | HuksTagType.HUKS_TAG_TYPE_UINT \| 14 | Number of iterations for key derivation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2867| HUKS_TAG_KEY_GENERATE_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 15 | Key generation type.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2868| HUKS_TAG_DERIVE_MAIN_KEY<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 16 | Main key for key derivation. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2869| HUKS_TAG_DERIVE_FACTOR<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 17 | Factor for key derivation. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2870| HUKS_TAG_DERIVE_ALG<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 18 | Type of the algorithm used for key derivation. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2871| HUKS_TAG_AGREE_ALG | HuksTagType.HUKS_TAG_TYPE_UINT \| 19 | Type of the algorithm used for key agreement.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2872| HUKS_TAG_AGREE_PUBLIC_KEY_IS_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 20 | Public key alias used in key agreement.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2873| HUKS_TAG_AGREE_PRIVATE_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 21 | Private key alias used in key agreement.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2874| HUKS_TAG_AGREE_PUBLIC_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES \| 22 | Public key used in key agreement.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2875| HUKS_TAG_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 23 | Key alias.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2876| HUKS_TAG_DERIVE_KEY_SIZE | HuksTagType.HUKS_TAG_TYPE_UINT \| 24 | Size of the derived key.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2877| HUKS_TAG_IMPORT_KEY_TYPE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 25 | Type of the imported key.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup>| 2878| HUKS_TAG_UNWRAP_ALGORITHM_SUITE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 26 | Algorithm suite required for encrypted imports.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>9-11</sup>| 2879| HUKS_TAG_DERIVED_AGREED_KEY_STORAGE_FLAG<sup>10+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \|29 | Storage type of the derived key or agreed key.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>10-11</sup>| 2880| HUKS_TAG_RSA_PSS_SALT_LEN_TYPE<sup>10+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \|30 | Type of the **rsa_pss_salt_length**.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>10-11</sup>| 2881| HUKS_TAG_ACTIVE_DATETIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 201 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2882| HUKS_TAG_ORIGINATION_EXPIRE_DATETIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 202 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.<br> **System capability**: SystemCapability.Security.Huks.Core| 2883| HUKS_TAG_USAGE_EXPIRE_DATETIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 203 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.<br> **System capability**: SystemCapability.Security.Huks.Core| 2884| HUKS_TAG_CREATION_DATETIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 204 | Parameter originally reserved for certificate management. It is deprecated because certificate management is no longer implemented in this module.<br> **System capability**: SystemCapability.Security.Huks.Core| 2885| HUKS_TAG_ALL_USERS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 301 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2886| HUKS_TAG_USER_ID | HuksTagType.HUKS_TAG_TYPE_UINT \| 302 | ID of the user to which the key belongs.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2887| HUKS_TAG_NO_AUTH_REQUIRED | HuksTagType.HUKS_TAG_TYPE_BOOL \| 303 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2888| HUKS_TAG_USER_AUTH_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 304 | User authentication type. For details, see [HuksUserAuthType](#huksuserauthtype9). This parameter must be set together with [HuksAuthAccessType](#huksauthaccesstype9). You can set a maximum of two user authentication types at a time. For example, if **HuksAuthAccessType** is **HUKS_AUTH_ACCESS_INVALID_NEW_BIO_ENROLL**, you can set two of **HUKS_USER_AUTH_TYPE_FACE**, **HUKS_USER_AUTH_TYPE_FINGERPRINT**, and **HUKS_USER_AUTH_TYPE_FACE \**| **HUKS_USER_AUTH_TYPE_FINGERPRINT**.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2889| HUKS_TAG_AUTH_TIMEOUT | HuksTagType.HUKS_TAG_TYPE_UINT \| 305 | One-time validity period of the authentication token.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2890| HUKS_TAG_AUTH_TOKEN | HuksTagType.HUKS_TAG_TYPE_BYTES \| 306 | Authentication token.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2891| HUKS_TAG_KEY_AUTH_ACCESS_TYPE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 307 | Access control type. For details, see [HuksAuthAccessType](#huksauthaccesstype9). This parameter must be set together with [HuksUserAuthType](#huksuserauthtype9).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2892| HUKS_TAG_KEY_SECURE_SIGN_TYPE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 308 | Signature type of the key generated or imported.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2893| HUKS_TAG_CHALLENGE_TYPE<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 309 | Type of the challenge generated for a key. For details, see [HuksChallengeType](#hukschallengetype9).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2894| HUKS_TAG_CHALLENGE_POS<sup>9+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 310 | Position of the 8-byte valid value in a custom challenge. For details, see [HuksChallengePosition](#hukschallengeposition9).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2895| HUKS_TAG_KEY_AUTH_PURPOSE<sup>10+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \|311 | Key authentication purpose.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2896| HUKS_TAG_AUTH_STORAGE_LEVEL<sup>11+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \|316 | Key storage security level, which is a value of [HuksAuthStorageLevel](#huksauthstoragelevel11).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2897| HUKS_TAG_USER_AUTH_MODE<sup>12+</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 319 | User authentication mode, which is a value of [HuksUserAuthMode](#huksuserauthmode12).<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2898| HUKS_TAG_ATTESTATION_CHALLENGE | HuksTagType.HUKS_TAG_TYPE_BYTES \| 501 | Challenge value used in the attestation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2899| HUKS_TAG_ATTESTATION_APPLICATION_ID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 502 | Application ID used in the attestation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2900| HUKS_TAG_ATTESTATION_ID_BRAND<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 503 | Brand of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2901| HUKS_TAG_ATTESTATION_ID_DEVICE<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 504 | ID of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2902| HUKS_TAG_ATTESTATION_ID_PRODUCT<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 505 | Product name of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2903| HUKS_TAG_ATTESTATION_ID_SERIAL<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 506 | SN of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2904| HUKS_TAG_ATTESTATION_ID_IMEI<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 507 | International mobile equipment identity (IMEI) of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2905| HUKS_TAG_ATTESTATION_ID_MEID<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 508 | Mobile equipment identity (MEID) of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2906| HUKS_TAG_ATTESTATION_ID_MANUFACTURER<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 509 | Manufacturer of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2907| HUKS_TAG_ATTESTATION_ID_MODEL<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 510 | Device model. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2908| HUKS_TAG_ATTESTATION_ID_ALIAS | HuksTagType.HUKS_TAG_TYPE_BYTES \| 511 | Key alias used in the attestation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2909| HUKS_TAG_ATTESTATION_ID_SOCID<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 512 | System-on-a-chip (SoCID) of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2910| HUKS_TAG_ATTESTATION_ID_UDID<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 513 | Unique device identifier (UDID) of the device. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2911| HUKS_TAG_ATTESTATION_ID_SEC_LEVEL_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 514 | Security level used in the attestation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2912| HUKS_TAG_ATTESTATION_ID_VERSION_INFO | HuksTagType.HUKS_TAG_TYPE_BYTES \| 515 | Version information used in the attestation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2913| HUKS_TAG_KEY_OVERRIDE<sup>20+</sup> | HuksTagType.HUKS_TAG_TYPE_BOOL \| 520 | Whether to overwrite the key with the same name.<br>**Atomic service API**: This API can be used in atomic services since API version 20.<br> **System capability**: SystemCapability.Security.Huks.Core| 2914| HUKS_TAG_IS_KEY_ALIAS | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1001 | Whether to use the alias passed in during key generation.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2915| HUKS_TAG_KEY_STORAGE_FLAG | HuksTagType.HUKS_TAG_TYPE_UINT \| 1002 | Key storage mode.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2916| HUKS_TAG_IS_ALLOWED_WRAP | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1003 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2917| HUKS_TAG_KEY_WRAP_TYPE | HuksTagType.HUKS_TAG_TYPE_UINT \| 1004 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2918| HUKS_TAG_KEY_AUTH_ID | HuksTagType.HUKS_TAG_TYPE_BYTES \| 1005 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2919| HUKS_TAG_KEY_ROLE | HuksTagType.HUKS_TAG_TYPE_UINT \| 1006 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2920| HUKS_TAG_KEY_FLAG | HuksTagType.HUKS_TAG_TYPE_UINT \| 1007 | Flag of the key.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2921| HUKS_TAG_IS_ASYNCHRONIZED | HuksTagType.HUKS_TAG_TYPE_UINT \| 1008 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2922| HUKS_TAG_SECURE_KEY_ALIAS<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1009 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core| 2923| HUKS_TAG_SECURE_KEY_UUID<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 1010 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2924| HUKS_TAG_KEY_DOMAIN | HuksTagType.HUKS_TAG_TYPE_UINT \| 1011 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2925| HUKS_TAG_IS_DEVICE_PASSWORD_SET<sup>11+</sup> | HuksTagType.HUKS_TAG_TYPE_BOOL \| 1012 | Whether the key is accessible only when the user sets a lock screen password.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2926| HUKS_TAG_PROCESS_NAME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10001 | Process name. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core| 2927| HUKS_TAG_PACKAGE_NAME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10002 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2928| HUKS_TAG_ACCESS_TIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10003 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2929| HUKS_TAG_USES_TIME<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10004 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2930| HUKS_TAG_CRYPTO_CTX<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 10005 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2931| HUKS_TAG_KEY | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10006 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2932| HUKS_TAG_KEY_VERSION<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10007 | Key version. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2933| HUKS_TAG_PAYLOAD_LEN<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10008 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Extension| 2934| HUKS_TAG_AE_TAG | HuksTagType.HUKS_TAG_TYPE_BYTES \| 10009 | Used to pass in the AEAD in GCM mode.<br>**Atomic service API**: This API can be used in atomic services since API version 11.<br> **System capability**: SystemCapability.Security.Huks.Core| 2935| HUKS_TAG_IS_KEY_HANDLE<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_ULONG \| 10010 | Reserved field, which is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core| 2936| HUKS_TAG_OS_VERSION<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10101 | OS version. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core| 2937| HUKS_TAG_OS_PATCHLEVEL<sup>(deprecated)</sup> | HuksTagType.HUKS_TAG_TYPE_UINT \| 10102 | OS patch level. It is deprecated since API version 9.<br> **System capability**: SystemCapability.Security.Huks.Core| 2938| HUKS_TAG_SYMMETRIC_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20001 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core| 2939| HUKS_TAG_ASYMMETRIC_PUBLIC_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20002 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2940| HUKS_TAG_ASYMMETRIC_PRIVATE_KEY_DATA | HuksTagType.HUKS_TAG_TYPE_BYTES \| 20003 | Reserved.<br>**Atomic service API**: This API can be used in atomic services since API version 12.<br> **System capability**: SystemCapability.Security.Huks.Core<sup>12+</sup><br>SystemCapability.Security.Huks.Extension<sup>8-11</sup>| 2941 2942## huks.getSdkVersion<sup>(deprecated)</sup> 2943 2944getSdkVersion(options: HuksOptions) : string 2945 2946Obtains the SDK version of the current system. 2947 2948> **NOTE** 2949> 2950> This API is deprecated since API version 11. 2951 2952**System capability**: SystemCapability.Security.Huks.Extension 2953 2954**Parameters** 2955 2956| Name | Type | Mandatory| Description | 2957| ------- | ---------- | ---- | ------------------------- | 2958| options | [HuksOptions](#huksoptions) | Yes | Empty object, which is used to hold the SDK version.| 2959 2960**Return value** 2961 2962| Type | Description | 2963| ------ | ------------- | 2964| string | SDK version obtained.| 2965 2966**Example** 2967 2968```ts 2969import { huks } from '@kit.UniversalKeystoreKit'; 2970/* Set options to emptyOptions. */ 2971let emptyOptions: huks.HuksOptions = { 2972 properties: [] 2973}; 2974let result = huks.getSdkVersion(emptyOptions); 2975``` 2976 2977## huks.generateKey<sup>(deprecated)</sup> 2978 2979generateKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 2980 2981Generates a key. This API uses an asynchronous callback to return the result. 2982 2983> **NOTE** 2984> 2985> This API is deprecated since API version 9. You are advised to use [huks.generateKeyItem<sup>9+</sup>](#huksgeneratekeyitem9). 2986 2987**System capability**: SystemCapability.Security.Huks.Extension 2988 2989**Parameters** 2990 2991| Name | Type | Mandatory| Description | 2992| -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ | 2993| keyAlias | string | Yes | Alias of the key. The value can contain up to 128 bytes and should not include sensitive data such as personal information. | 2994| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key. | 2995| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code defined in **HuksResult** is returned.| 2996 2997**Example** 2998 2999```ts 3000import { huks } from '@kit.UniversalKeystoreKit'; 3001/* Generate an RSA key of 512 bits. */ 3002 3003let keyAlias = 'keyAlias'; 3004let properties: Array<huks.HuksParam> = [ 3005 { 3006 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3007 value: huks.HuksKeyAlg.HUKS_ALG_RSA 3008 }, 3009 { 3010 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3011 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_512 3012 }, 3013 { 3014 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3015 value: 3016 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | 3017 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 3018 }, 3019 { 3020 tag: huks.HuksTag.HUKS_TAG_PADDING, 3021 value: huks.HuksKeyPadding.HUKS_PADDING_OAEP 3022 }, 3023 { 3024 tag: huks.HuksTag.HUKS_TAG_DIGEST, 3025 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 3026 } 3027]; 3028let options: huks.HuksOptions = { 3029 properties: properties 3030}; 3031huks.generateKey(keyAlias, options, (err, data) => { 3032}); 3033``` 3034 3035## huks.generateKey<sup>(deprecated)</sup> 3036 3037generateKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 3038 3039Generates a key. This API uses a promise to return the result. 3040 3041> **NOTE** 3042> 3043> This API is deprecated since API version 9. You are advised to use [huks.generateKeyItem<sup>9+</sup>](#huksgeneratekeyitem9-1). 3044 3045**System capability**: SystemCapability.Security.Huks.Extension 3046 3047**Parameters** 3048 3049| Name | Type | Mandatory| Description | 3050| -------- | --------------------------- | ---- | ------------------------ | 3051| keyAlias | string | Yes | Alias of the key. The value can contain up to 128 bytes and should not include sensitive data such as personal information. | 3052| options | [HuksOptions](#huksoptions) | Yes | Tags required for generating the key.| 3053 3054**Return value** 3055 3056| Type | Description | 3057| ----------------------------------- | -------------------------------------------------- | 3058| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.| 3059 3060**Example** 3061 3062```ts 3063import { huks } from '@kit.UniversalKeystoreKit'; 3064/* Generate a 256-bit ECC key. */ 3065 3066let keyAlias = 'keyAlias'; 3067let properties: Array<huks.HuksParam> = [ 3068 { 3069 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3070 value: huks.HuksKeyAlg.HUKS_ALG_ECC 3071 }, 3072 { 3073 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3074 value: huks.HuksKeySize.HUKS_ECC_KEY_SIZE_256 3075 }, 3076 { 3077 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3078 value: 3079 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_SIGN | 3080 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_VERIFY 3081 }, 3082 { 3083 tag: huks.HuksTag.HUKS_TAG_DIGEST, 3084 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 3085 } 3086]; 3087let options: huks.HuksOptions = { 3088 properties: properties 3089}; 3090let result = huks.generateKey(keyAlias, options); 3091``` 3092 3093## huks.deleteKey<sup>(deprecated)</sup> 3094 3095deleteKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3096 3097Deletes a key. This API uses an asynchronous callback to return the result. 3098 3099> **NOTE** 3100> 3101> This API is deprecated since API version 9. You are advised to use [huks.deleteKeyItem<sup>9+</sup>](#huksdeletekeyitem9). 3102 3103**System capability**: SystemCapability.Security.Huks.Extension 3104 3105**Parameters** 3106 3107| Name | Type | Mandatory| Description | 3108| -------- | ----------------------------------------- | ---- |----------------------------------------------------| 3109| keyAlias | string | Yes | Alias of the key to delete. It must be the key alias passed in when the key was generated. | 3110| options | [HuksOptions](#huksoptions) | Yes | Options for deleting the key.| 3111| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned. | 3112 3113**Example** 3114 3115```ts 3116import { huks } from '@kit.UniversalKeystoreKit'; 3117/* Set options to emptyOptions. */ 3118let keyAlias = 'keyAlias'; 3119let emptyOptions: huks.HuksOptions = { 3120 properties: [] 3121}; 3122huks.deleteKey(keyAlias, emptyOptions, (err, data) => { 3123}); 3124``` 3125 3126## huks.deleteKey<sup>(deprecated)</sup> 3127 3128deleteKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 3129 3130Deletes a key. This API uses a promise to return the result. 3131 3132> **NOTE** 3133> 3134> This API is deprecated since API version 9. You are advised to use [huks.deleteKeyItem<sup>9+</sup>](#huksdeletekeyitem9-1). 3135 3136**System capability**: SystemCapability.Security.Huks.Extension 3137 3138**Parameters** 3139 3140| Name | Type | Mandatory| Description | 3141| -------- | ----------- | ---- | ----------------------------------------------------- | 3142| keyAlias | string | Yes | Alias of the key to delete. It must be the key alias passed in when the key was generated.| 3143| options | [HuksOptions](#huksoptions) | Yes | Options for deleting the key.| 3144 3145**Return value** 3146 3147| Type | Description | 3148| ----------------------------------- | -------------------------------------------------- | 3149| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.| 3150 3151**Example** 3152 3153```ts 3154import { huks } from '@kit.UniversalKeystoreKit'; 3155/* Set options to emptyOptions. */ 3156let keyAlias = 'keyAlias'; 3157let emptyOptions: huks.HuksOptions = { 3158 properties: [] 3159}; 3160let result = huks.deleteKey(keyAlias, emptyOptions); 3161``` 3162 3163## huks.importKey<sup>(deprecated)</sup> 3164 3165importKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3166 3167Imports a key in plaintext. This API uses an asynchronous callback to return the result. 3168 3169> **NOTE** 3170> 3171> This API is deprecated since API version 9. You are advised to use [huks.importKeyItem<sup>9+</sup>](#huksimportkeyitem9). 3172 3173**System capability**: SystemCapability.Security.Huks.Extension 3174 3175**Parameters** 3176 3177| Name | Type | Mandatory| Description | 3178| -------- | ------------------------ | ---- | ------------------------------------------------- | 3179| keyAlias | string | Yes | Alias of the key.| 3180| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import.| 3181| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.| 3182 3183**Example** 3184 3185```ts 3186import { huks } from '@kit.UniversalKeystoreKit'; 3187/* Import a 256-bit AES key. */ 3188 3189let plainTextSize32 = makeRandomArr(32); 3190function makeRandomArr(size: number) { 3191 let arr = new Uint8Array(size); 3192 for (let i = 0; i < size; i++) { 3193 arr[i] = Math.floor(Math.random() * 10); 3194 } 3195 return arr; 3196}; 3197let keyAlias = 'keyAlias'; 3198let properties: Array<huks.HuksParam> = [ 3199 { 3200 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3201 value: huks.HuksKeyAlg.HUKS_ALG_AES 3202 }, 3203 { 3204 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3205 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_256 3206 }, 3207 { 3208 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3209 value: 3210 huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 3211 }, 3212 { 3213 tag: huks.HuksTag.HUKS_TAG_PADDING, 3214 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 3215 }, 3216 { 3217 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 3218 value: huks.HuksCipherMode.HUKS_MODE_ECB 3219 } 3220]; 3221let options: huks.HuksOptions = { 3222 properties: properties, 3223 inData: plainTextSize32 3224}; 3225huks.importKey(keyAlias, options, (err, data) => { 3226}); 3227``` 3228 3229## huks.importKey<sup>(deprecated)</sup> 3230 3231importKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 3232 3233Imports a key in plaintext. This API uses a promise to return the result. 3234 3235> **NOTE** 3236> 3237> This API is deprecated since API version 9. You are advised to use [huks.importKeyItem<sup>9+</sup>](#huksimportkeyitem9-1). 3238 3239**System capability**: SystemCapability.Security.Huks.Extension 3240 3241**Parameters** 3242 3243| Name | Type | Mandatory| Description | 3244| -------- | ----------- | ---- | ------------------------------------ | 3245| keyAlias | string | Yes | Alias of the key. The value can contain up to 128 bytes and should not include sensitive data such as personal information.| 3246| options | [HuksOptions](#huksoptions) | Yes | Tags required for the import and key to import.| 3247 3248**Return value** 3249 3250| Type | Description | 3251| ----------------------------------- | -------------------------------------------------- | 3252| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned.| 3253 3254**Example** 3255 3256```ts 3257import { huks } from '@kit.UniversalKeystoreKit'; 3258/* Import an AES key of 128 bits. */ 3259 3260let plainTextSize32 = makeRandomArr(32); 3261function makeRandomArr(size: number) { 3262 let arr = new Uint8Array(size); 3263 for (let i = 0; i < size; i++) { 3264 arr[i] = Math.floor(Math.random() * 10); 3265 } 3266 return arr; 3267}; 3268/* Step 1 Generate a key. */ 3269let keyAlias = 'keyAlias'; 3270let properties: Array<huks.HuksParam> = [ 3271 { 3272 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3273 value: huks.HuksKeyAlg.HUKS_ALG_AES 3274 }, 3275 { 3276 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3277 value: huks.HuksKeySize.HUKS_AES_KEY_SIZE_128 3278 }, 3279 { 3280 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3281 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT | huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_DECRYPT 3282 }, 3283 { 3284 tag: huks.HuksTag.HUKS_TAG_PADDING, 3285 value: huks.HuksKeyPadding.HUKS_PADDING_PKCS7 3286 }, 3287 { 3288 tag: huks.HuksTag.HUKS_TAG_BLOCK_MODE, 3289 value: huks.HuksCipherMode.HUKS_MODE_ECB 3290 } 3291]; 3292let huksOptions: huks.HuksOptions = { 3293 properties: properties, 3294 inData: plainTextSize32 3295}; 3296let result = huks.importKey(keyAlias, huksOptions); 3297``` 3298 3299## huks.exportKey<sup>(deprecated)</sup> 3300 3301exportKey(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3302 3303Exports a key. This API uses an asynchronous callback to return the result. 3304 3305> **NOTE** 3306> 3307> This API is deprecated since API version 9. You are advised to use [huks.exportKeyItem<sup>9+</sup>](#huksexportkeyitem9). 3308 3309**System capability**: SystemCapability.Security.Huks.Extension 3310 3311**Parameters** 3312 3313| Name | Type | Mandatory| Description | 3314| -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ | 3315| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 3316| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 3317| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned. **outData** contains the public key exported.| 3318 3319**Example** 3320 3321```ts 3322import { huks } from '@kit.UniversalKeystoreKit'; 3323/* Set options to emptyOptions. */ 3324let keyAlias = 'keyAlias'; 3325let emptyOptions: huks.HuksOptions = { 3326 properties: [] 3327}; 3328huks.exportKey(keyAlias, emptyOptions, (err, data) => { 3329}); 3330``` 3331 3332## huks.exportKey<sup>(deprecated)</sup> 3333 3334exportKey(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 3335 3336Exports a key. This API uses a promise to return the result. 3337 3338> **NOTE** 3339> 3340> This API is deprecated since API version 9. You are advised to use [huks.exportKeyItem<sup>9+</sup>](#huksexportkeyitem9-1). 3341 3342**System capability**: SystemCapability.Security.Huks.Extension 3343 3344**Parameters** 3345 3346| Name | Type | Mandatory| Description | 3347| -------- | ----------- | ---- | ------------------------------------------------------------ | 3348| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.| 3349| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty).| 3350 3351**Return value** 3352 3353| Type | Description | 3354| ----------------------------------- | ------------------------------------------------------------ | 3355| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. If the operation is successful, **HUKS_SUCCESS** is returned. If the operation fails, an error code is returned. **outData** contains the public key exported.| 3356 3357**Example** 3358 3359```ts 3360import { huks } from '@kit.UniversalKeystoreKit'; 3361/* Set options to emptyOptions. */ 3362let keyAlias = 'keyAlias'; 3363let emptyOptions: huks.HuksOptions = { 3364 properties: [] 3365}; 3366let result = huks.exportKey(keyAlias, emptyOptions); 3367``` 3368 3369## huks.getKeyProperties<sup>(deprecated)</sup> 3370 3371getKeyProperties(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3372 3373Obtains key properties. This API uses an asynchronous callback to return the result. 3374 3375> **NOTE** 3376> 3377> This API is deprecated since API version 9. You are advised to use [huks.getKeyItemProperties<sup>9+</sup>](#huksgetkeyitemproperties9). 3378 3379**System capability**: SystemCapability.Security.Huks.Extension 3380 3381**Parameters** 3382 3383| Name | Type | Mandatory| Description | 3384| -------- | ----------------------------------------- | ---- | ------------------------------------------------------------ | 3385| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated. | 3386| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty). | 3387| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the result. If the operation is successful, **errorCode** is **HUKS_SUCCESS**; otherwise, an error code is returned.| 3388 3389**Example** 3390 3391```ts 3392import { huks } from '@kit.UniversalKeystoreKit'; 3393/* Set options to emptyOptions. */ 3394let keyAlias = 'keyAlias'; 3395let emptyOptions: huks.HuksOptions = { 3396 properties: [] 3397}; 3398huks.getKeyProperties(keyAlias, emptyOptions, (err, data) => { 3399}); 3400``` 3401 3402## huks.getKeyProperties<sup>(deprecated)</sup> 3403 3404getKeyProperties(keyAlias: string, options: HuksOptions) : Promise\<HuksResult> 3405 3406Obtains key properties. This API uses a promise to return the result. 3407 3408> **NOTE** 3409> 3410> This API is deprecated since API version 9. You are advised to use [huks.getKeyItemProperties<sup>9+</sup>](#huksgetkeyitemproperties9-1). 3411 3412**System capability**: SystemCapability.Security.Huks.Extension 3413 3414**Parameters** 3415 3416| Name | Type | Mandatory| Description | 3417| -------- | ----------- | ---- | ------------------------------------------------------------ | 3418| keyAlias | string | Yes | Key alias, which must be the same as the alias used when the key was generated.| 3419| options | [HuksOptions](#huksoptions) | Yes | Empty object (leave this parameter empty).| 3420 3421**Return value** 3422 3423| Type | Description | 3424| ------------------ | ------------------------------------------------------------ | 3425| Promise\<[HuksResult](#huksoptions)> | Promise used to return the result. If the operation is successful, **errorCode** is **HUKS_SUCCESS** and **properties** returns the parameters required for generating the key.| 3426 3427**Example** 3428 3429```ts 3430import { huks } from '@kit.UniversalKeystoreKit'; 3431/* Set options to emptyOptions. */ 3432let keyAlias = 'keyAlias'; 3433let emptyOptions: huks.HuksOptions = { 3434 properties: [] 3435}; 3436let result = huks.getKeyProperties(keyAlias, emptyOptions); 3437``` 3438 3439## huks.isKeyExist<sup>(deprecated)</sup> 3440 3441isKeyExist(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<boolean>) : void 3442 3443Checks whether a key exists. This API uses an asynchronous callback to return the result. 3444 3445> **NOTE** 3446> 3447> This API is deprecated since API version 9. You are advised to use [huks.isKeyItemExist<sup>9+</sup>](#huksiskeyitemexist9). 3448 3449**System capability**: SystemCapability.Security.Huks.Extension 3450 3451**Parameters** 3452 3453| Name | Type | Mandatory| Description | 3454| -------- | ---------------------- | ---- | ------------------------------------- | 3455| keyAlias | string | Yes | Alias of the key to check.| 3456| options | [HuksOptions](#huksoptions) | Yes | Options for checking the key.| 3457| callback | AsyncCallback\<boolean> | Yes | Callback used to return the result. The value **true** means the key exists; the value **false** means the opposite.| 3458 3459**Example** 3460 3461```ts 3462import { huks } from '@kit.UniversalKeystoreKit'; 3463/* Set options to emptyOptions. */ 3464let keyAlias = 'keyAlias'; 3465let emptyOptions: huks.HuksOptions = { 3466 properties: [] 3467}; 3468huks.isKeyExist(keyAlias, emptyOptions, (err, data) => { 3469}); 3470``` 3471 3472## huks.isKeyExist<sup>(deprecated)</sup> 3473 3474isKeyExist(keyAlias: string, options: HuksOptions) : Promise\<boolean> 3475 3476Checks whether a key exists. This API uses a promise to return the result. 3477 3478> **NOTE** 3479> 3480> This API is deprecated since API version 9. You are advised to use [huks.isKeyItemExist<sup>9+</sup>](#huksiskeyitemexist9-1). 3481 3482**System capability**: SystemCapability.Security.Huks.Extension 3483 3484**Parameters** 3485 3486| Name | Type | Mandatory| Description | 3487| -------- | ----------- | ---- | -------------------------------- | 3488| keyAlias | string | Yes | Alias of the key to check.| 3489| options | [HuksOptions](#huksoptions) | Yes | Options for checking the key.| 3490 3491**Return value** 3492 3493| Type | Description | 3494| ----------------- | --------------------------------------- | 3495| Promise\<boolean> | Promise used to return the result. The value **true** means the key exists; the value **false** means the opposite.| 3496 3497**Example** 3498 3499```ts 3500import { huks } from '@kit.UniversalKeystoreKit'; 3501/* Set options to emptyOptions. */ 3502let keyAlias = 'keyAlias'; 3503let emptyOptions: huks.HuksOptions = { 3504 properties: [] 3505}; 3506let result = huks.isKeyExist(keyAlias, emptyOptions); 3507``` 3508 3509## huks.init<sup>(deprecated)</sup> 3510 3511init(keyAlias: string, options: HuksOptions, callback: AsyncCallback\<HuksHandle>) : void 3512 3513Initializes a session for a key operation. This API uses an asynchronous callback to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3514 3515> **NOTE** 3516> 3517> This API is deprecated since API version 9. You are advised to use [huks.initSession<sup>9+</sup>](#huksinitsession9-1). 3518 3519**System capability**: SystemCapability.Security.Huks.Extension 3520 3521**Parameters** 3522 3523| Name | Type | Mandatory| Description | 3524| -------- | ---------------------- | ---- | ------------------------------------- | 3525| keyAlias | string | Yes | Alias of the target key.| 3526| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **init** operation.| 3527| callback | AsyncCallback\<[HuksHandle](#hukshandledeprecated)> | Yes | Callback used to return the result. The handle returned by the **Init** operation is added to the callback.| 3528 3529## huks.init<sup>(deprecated)</sup> 3530 3531init(keyAlias: string, options: HuksOptions) : Promise\<HuksHandle> 3532 3533Initializes a session for a key operation. This API uses a promise to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3534 3535> **NOTE** 3536> 3537> This API is deprecated since API version 9. You are advised to use [huks.initSession<sup>9+</sup>](#huksinitsession9-1). 3538 3539**System capability**: SystemCapability.Security.Huks.Extension 3540 3541**Parameters** 3542 3543| Name | Type | Mandatory| Description | 3544| -------- | ---------------------- | ---- | ------------------------------------- | 3545| keyAlias | string | Yes | Alias of the target key.| 3546| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **init** operation.| 3547 3548**Return value** 3549 3550| Type | Description | 3551| ----------------------------------- | -------------------------------------------------- | 3552| Promise\<[HuksHandle](#hukshandledeprecated)> | Promise used to return the result. The handle returned by the **Init** operation is added to the callback.| 3553 3554## huks.update<sup>(deprecated)</sup> 3555 3556update(handle: number, token?: Uint8Array, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3557 3558Updates the key operation by segment. This API uses an asynchronous callback to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3559 3560> **NOTE** 3561> 3562> This API is deprecated since API version 9. You are advised to use [huks.updateSession<sup>9+</sup>](#huksupdatesession9-1). 3563 3564**System capability**: SystemCapability.Security.Huks.Extension 3565 3566**Parameters** 3567 3568| Name | Type | Mandatory| Description | 3569| -------- | ----------------------------------------- | ---- | -------------------------------------------- | 3570| handle | number | Yes | Handle of the **update** operation, which is of the uint64 type. | 3571| token | Uint8Array | No | Token of the **update** operation. | 3572| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **update** operation. | 3573| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes | Callback used to return the result. The result of the **Update** operation is added to the callback.| 3574 3575## huks.update<sup>(deprecated)</sup> 3576 3577update(handle: number, token?: Uint8Array, options: HuksOptions) : Promise\<HuksResult>; 3578 3579Updates the key operation by segment. This API uses a promise to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3580 3581> **NOTE** 3582> 3583> This API is deprecated since API version 9. You are advised to use [huks.updateSession<sup>9+</sup>](#huksupdatesession9-2). 3584 3585**System capability**: SystemCapability.Security.Huks.Extension 3586 3587**Parameters** 3588 3589| Name | Type | Mandatory| Description | 3590| ------- | ----------------------------------- | ---- | -------------------------------------------- | 3591| handle | number | Yes | Handle of the **update** operation, which is of the uint64 type. | 3592| token | Uint8Array | No | Token of the **update** operation. | 3593| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **update** operation. | 3594 3595**Return value** 3596 3597| Type | Description | 3598| ----------------------------------- | -------------------------------------------------- | 3599| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. The result of the **Update** operation is added to the callback.| 3600 3601## huks.finish<sup>(deprecated)</sup> 3602 3603finish(handle: number, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3604 3605Finishes the key operation. This API uses an asynchronous callback to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3606 3607> **NOTE** 3608> 3609> This API is deprecated since API version 9. You are advised to use [huks.finishSession<sup>9+</sup>](#huksfinishsession9). 3610 3611**System capability**: SystemCapability.Security.Huks.Extension 3612 3613**Parameters** 3614 3615| Name | Type | Mandatory| Description | 3616| -------- | ---------------------- | ---- | ------------------------------------- | 3617| handle | number | Yes | Handle of the **finish** operation, which is of the uint64 type.| 3618| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finish** operation.| 3619| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes| Callback used to return the result. The result of the **Finish** operation is added to the callback.| 3620 3621## huks.finish<sup>(deprecated)</sup> 3622 3623finish(handle: number, options: HuksOptions) : Promise\<HuksResult> 3624 3625Finishes the key operation. This API uses a promise to return the result. **huks.init**, **huks.update**, and **huks.finish** must be used together. 3626 3627> **NOTE** 3628> 3629> This API is deprecated since API version 9. You are advised to use [huks.finishSession<sup>9+</sup>](#huksfinishsession9-1). 3630 3631**System capability**: SystemCapability.Security.Huks.Extension 3632 3633**Parameters** 3634 3635| Name | Type | Mandatory| Description | 3636| -------- | ---------------------- | ---- | ------------------------------------- | 3637| handle | number | Yes | Handle of the **finish** operation, which is of the uint64 type.| 3638| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **finish** operation.| 3639 3640**Return value** 3641 3642| Type | Description | 3643| ----------------------------------- | -------------------------------------------------- | 3644| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result.| 3645 3646## huks.abort<sup>(deprecated)</sup> 3647 3648abort(handle: number, options: HuksOptions, callback: AsyncCallback\<HuksResult>) : void 3649 3650Aborts the use of the key. This API uses an asynchronous callback to return the result. 3651 3652> **NOTE** 3653> 3654> This API is deprecated since API version 9. You are advised to use [huks.abortSession<sup>9+</sup>](#huksabortsession9). 3655 3656**System capability**: SystemCapability.Security.Huks.Extension 3657 3658**Parameters** 3659 3660| Name | Type | Mandatory| Description | 3661| -------- | ---------------------- | ---- | ------------------------------------- | 3662| handle | number | Yes | Handle of the **abort** operation, which is of the uint64 type.| 3663| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abort** operation.| 3664| callback | AsyncCallback\<[HuksResult](#huksresultdeprecated)> | Yes| Callback used to return the result. The result of the **Abort** operation is added to the callback.| 3665 3666**Example** 3667 3668```ts 3669import { huks } from '@kit.UniversalKeystoreKit'; 3670/* huks.init, huks.update, and huks.finish must be used together. 3671 * If an error occurs in any of them, call huks.abort to terminate the use of the key. 3672 * 3673 * The following uses a 2048-bit RSA key as an example. The callback-based APIs are used. 3674 */ 3675 3676let keyAlias = "HuksDemoRSA"; 3677let properties: Array<huks.HuksParam> = []; 3678let options: huks.HuksOptions = { 3679 properties: properties, 3680 inData: new Uint8Array(0) 3681}; 3682let handle: number = 0; 3683let resultMessage = ""; 3684 3685async function generateKey() { 3686 properties[0] = { 3687 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3688 value: huks.HuksKeyAlg.HUKS_ALG_RSA 3689 }; 3690 properties[1] = { 3691 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3692 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 3693 }; 3694 properties[2] = { 3695 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3696 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 3697 }; 3698 properties[3] = { 3699 tag: huks.HuksTag.HUKS_TAG_PADDING, 3700 value: huks.HuksKeyPadding.HUKS_PADDING_OAEP 3701 }; 3702 properties[4] = { 3703 tag: huks.HuksTag.HUKS_TAG_DIGEST, 3704 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 3705 }; 3706 huks.generateKey(keyAlias, options); 3707} 3708 3709function stringToUint8Array(str: string) { 3710 let arr: number[] = []; 3711 for (let i = 0, j = str.length; i < j; ++i) { 3712 arr.push(str.charCodeAt(i)); 3713 } 3714 let tmpUint8Array = new Uint8Array(arr); 3715 return tmpUint8Array; 3716} 3717 3718async function huksInit() { 3719 await huks.init(keyAlias, options).then((data) => { 3720 console.info(`test init data: ${JSON.stringify(data)}`); 3721 handle = data.handle; 3722 }); 3723} 3724 3725async function huksUpdate() { 3726 options.inData = stringToUint8Array("huksHmacTest"); 3727 await huks.update(handle, options.inData, options).then((data) => { 3728 if (data.errorCode === 0) { 3729 resultMessage += "update success!"; 3730 } else { 3731 resultMessage += "update fail!"; 3732 } 3733 }); 3734 console.info(resultMessage); 3735} 3736 3737function huksFinish() { 3738 options.inData = stringToUint8Array("HuksDemoHMAC"); 3739 huks.finish(handle, options).then((data) => { 3740 if (data.errorCode === 0) { 3741 resultMessage = "finish success!"; 3742 console.info(resultMessage); 3743 } else { 3744 resultMessage = "finish fail errorCode: " + data.errorCode; 3745 console.error(resultMessage); 3746 } 3747 }); 3748} 3749 3750async function huksAbort() { 3751 new Promise<huks.HuksResult>((resolve, reject) => { 3752 huks.abort(handle, options, (err, data) => { 3753 console.info(`huksAbort data ${JSON.stringify(data)}`); 3754 console.error(`huksAbort err ${JSON.stringify(err)}`); 3755 }); 3756 }); 3757} 3758 3759``` 3760 3761## huks.abort<sup>(deprecated)</sup> 3762 3763abort(handle: number, options: HuksOptions) : Promise\<HuksResult>; 3764 3765Aborts the use of the key. This API uses a promise to return the result. 3766 3767> **NOTE** 3768> 3769> This API is deprecated since API version 9. You are advised to use [huks.abortSession<sup>9+</sup>](#huksabortsession9-1). 3770 3771**System capability**: SystemCapability.Security.Huks.Extension 3772 3773**Parameters** 3774 3775| Name | Type | Mandatory| Description | 3776| -------- | ---------------------- | ---- | ------------------------------------- | 3777| handle | number | Yes | Handle of the **abort** operation, which is of the uint64 type.| 3778| options | [HuksOptions](#huksoptions) | Yes | Parameter set used for the **abort** operation.| 3779 3780**Return value** 3781 3782| Type | Description | 3783| ----------------------------------- | -------------------------------------------------- | 3784| Promise\<[HuksResult](#huksresultdeprecated)> | Promise used to return the result. The result of the **Abort** operation is added to the callback.| 3785 3786**Example** 3787 3788```ts 3789import { huks } from '@kit.UniversalKeystoreKit'; 3790/* huks.init, huks.update, and huks.finish must be used together. 3791 * If an error occurs in any of them, call huks.abort to terminate the use of the key. 3792 * 3793 * The following uses a 2048-bit RSA key as an example. The promise-based APIs are used. 3794 */ 3795let keyAlias = "HuksDemoRSA"; 3796let properties: Array<huks.HuksParam> = []; 3797let options: huks.HuksOptions = { 3798 properties: properties, 3799 inData: new Uint8Array(0) 3800}; 3801let handle: number = 0; 3802let resultMessage = ""; 3803 3804function stringToUint8Array(str: string) { 3805 let arr: number[] = []; 3806 for (let i = 0, j = str.length; i < j; ++i) { 3807 arr.push(str.charCodeAt(i)); 3808 } 3809 let tmpUint8Array = new Uint8Array(arr); 3810 return tmpUint8Array; 3811} 3812 3813async function generateKey() { 3814 properties[0] = { 3815 tag: huks.HuksTag.HUKS_TAG_ALGORITHM, 3816 value: huks.HuksKeyAlg.HUKS_ALG_RSA 3817 }; 3818 properties[1] = { 3819 tag: huks.HuksTag.HUKS_TAG_KEY_SIZE, 3820 value: huks.HuksKeySize.HUKS_RSA_KEY_SIZE_2048 3821 }; 3822 properties[2] = { 3823 tag: huks.HuksTag.HUKS_TAG_PURPOSE, 3824 value: huks.HuksKeyPurpose.HUKS_KEY_PURPOSE_ENCRYPT 3825 }; 3826 properties[3] = { 3827 tag: huks.HuksTag.HUKS_TAG_PADDING, 3828 value: huks.HuksKeyPadding.HUKS_PADDING_OAEP 3829 }; 3830 properties[4] = { 3831 tag: huks.HuksTag.HUKS_TAG_DIGEST, 3832 value: huks.HuksKeyDigest.HUKS_DIGEST_SHA256 3833 }; 3834 huks.generateKey(keyAlias, options, (err, data) => { 3835 }); 3836} 3837 3838async function huksInit() { 3839 return new Promise<huks.HuksHandle>((resolve, reject) => { 3840 huks.init(keyAlias, options, async (err, data) => { 3841 if (data.errorCode === 0) { 3842 resultMessage = "init success!" 3843 handle = data.handle; 3844 } else { 3845 resultMessage = "init fail errorCode: " + data.errorCode 3846 } 3847 }); 3848 }); 3849} 3850 3851async function huksUpdate() { 3852 options.inData = stringToUint8Array("huksHmacTest"); 3853 new Promise<huks.HuksResult>((resolve, reject) => { 3854 huks.update(handle, options.inData, options, (err, data) => { 3855 if (data.errorCode === 0) { 3856 resultMessage += "update success!"; 3857 console.info(resultMessage); 3858 } else { 3859 resultMessage += "update fail!"; 3860 console.error(resultMessage); 3861 } 3862 }); 3863 }); 3864} 3865 3866async function huksFinish() { 3867 options.inData = stringToUint8Array("0"); 3868 new Promise<huks.HuksResult>((resolve, reject) => { 3869 huks.finish(handle, options, (err, data) => { 3870 if (data.errorCode === 0) { 3871 resultMessage = "finish success!"; 3872 } else { 3873 resultMessage = "finish fail errorCode: " + data.errorCode; 3874 } 3875 }); 3876 }); 3877} 3878 3879function huksAbort() { 3880 huks.abort(handle, options).then((data) => { 3881 if (data.errorCode === 0) { 3882 console.info("abort success!"); 3883 } else { 3884 console.error("abort fail errorCode: " + data.errorCode); 3885 } 3886 }); 3887} 3888``` 3889 3890## HuksHandle<sup>(deprecated)</sup> 3891 3892Defines the struct for a HUKS handle. 3893 3894**System capability**: SystemCapability.Security.Huks.Extension 3895 3896> **NOTE** 3897> 3898> This API is deprecated since API version 9. You are advised to use [HuksSessionHandle<sup>9+</sup>](#hukssessionhandle9). 3899 3900| Name | Type | Mandatory| Description | 3901| ---------- | ---------------- | ---- | -------- | 3902| errorCode | number | Yes | Error code.| 3903| handle | number | Yes| Handle of the unsigned integer type.| 3904| token | Uint8Array | No| Challenge obtained after the [init](#huksinitdeprecated) operation.| 3905 3906## HuksResult<sup>(deprecated)</sup> 3907 3908Represents the result returned. 3909 3910**System capability**: SystemCapability.Security.Huks.Extension 3911 3912> **NOTE** 3913> 3914> - This API is deprecated since API version 9. You are advised to use [HuksReturnResult<sup>9+</sup>](#huksreturnresult9). 3915> - For details about the error codes, see [HUKS Error Codes](errorcode-huks.md). 3916 3917| Name | Type | Mandatory| Description | 3918| ---------- | ------------------------------- | ---- | ---------------- | 3919| errorCode | number | Yes | Error code. | 3920| outData | Uint8Array | No | Output data. | 3921| properties | Array\<[HuksParam](#huksparam)> | No | Property information. | 3922| certChains | Array\<string> | No | Certificate chain information.| 3923 3924## HuksErrorCode<sup>(deprecated)</sup> 3925 3926Enumerates the error codes. 3927 3928**System capability**: SystemCapability.Security.Huks.Extension 3929 3930> **NOTE** 3931> 3932> This API is deprecated since API version 9. You are advised to use [HuksExceptionErrCode<sup>9+</sup>](#huksexceptionerrcode9). 3933 3934| Name | Value | Description| 3935| -------------------------- | ----- | ---- | 3936| HUKS_SUCCESS | 0 |Success.| 3937| HUKS_FAILURE | -1 |Failure.| 3938| HUKS_ERROR_BAD_STATE | -2 |Incorrect state.| 3939| HUKS_ERROR_INVALID_ARGUMENT | -3 |Invalid argument.| 3940| HUKS_ERROR_NOT_SUPPORTED | -4 |Not supported.| 3941| HUKS_ERROR_NO_PERMISSION | -5 |No permission.| 3942| HUKS_ERROR_INSUFFICIENT_DATA | -6 |Insufficient data.| 3943| HUKS_ERROR_BUFFER_TOO_SMALL | -7 |Insufficient buffer.| 3944| HUKS_ERROR_INSUFFICIENT_MEMORY | -8 |Insufficient memory.| 3945| HUKS_ERROR_COMMUNICATION_FAILURE | -9 |Communication failure.| 3946| HUKS_ERROR_STORAGE_FAILURE | -10 |Insufficient storage space.| 3947| HUKS_ERROR_HARDWARE_FAILURE | -11 |Hardware fault.| 3948| HUKS_ERROR_ALREADY_EXISTS | -12 |The object already exists.| 3949| HUKS_ERROR_NOT_EXIST | -13 |The object does not exist.| 3950| HUKS_ERROR_NULL_POINTER | -14 |Null pointer.| 3951| HUKS_ERROR_FILE_SIZE_FAIL | -15 |Incorrect file size.| 3952| HUKS_ERROR_READ_FILE_FAIL | -16 |Failed to read the file.| 3953| HUKS_ERROR_INVALID_PUBLIC_KEY | -17 |Invalid public key.| 3954| HUKS_ERROR_INVALID_PRIVATE_KEY | -18 |Invalid private key.| 3955| HUKS_ERROR_INVALID_KEY_INFO | -19 |Invalid key information.| 3956| HUKS_ERROR_HASH_NOT_EQUAL | -20 |The hash values are not equal.| 3957| HUKS_ERROR_MALLOC_FAIL | -21 |MALLOC failed.| 3958| HUKS_ERROR_WRITE_FILE_FAIL | -22 |Failed to write the file.| 3959| HUKS_ERROR_REMOVE_FILE_FAIL | -23 |Failed to delete the file.| 3960| HUKS_ERROR_OPEN_FILE_FAIL | -24 |Failed to open the file.| 3961| HUKS_ERROR_CLOSE_FILE_FAIL | -25 |Failed to close the file.| 3962| HUKS_ERROR_MAKE_DIR_FAIL | -26 |Failed to create the directory.| 3963| HUKS_ERROR_INVALID_KEY_FILE | -27 |Invalid key file.| 3964| HUKS_ERROR_IPC_MSG_FAIL | -28 |Incorrect IPC information.| 3965| HUKS_ERROR_REQUEST_OVERFLOWS | -29 |Request overflows.| 3966| HUKS_ERROR_PARAM_NOT_EXIST | -30 |The parameter does not exist.| 3967| HUKS_ERROR_CRYPTO_ENGINE_ERROR | -31 |CRYPTO ENGINE error.| 3968| HUKS_ERROR_COMMUNICATION_TIMEOUT | -32 |Communication timed out.| 3969| HUKS_ERROR_IPC_INIT_FAIL | -33 |IPC initialization failed.| 3970| HUKS_ERROR_IPC_DLOPEN_FAIL | -34 |IPC DLOPEN failed.| 3971| HUKS_ERROR_EFUSE_READ_FAIL | -35 |Failed to read eFuse.| 3972| HUKS_ERROR_NEW_ROOT_KEY_MATERIAL_EXIST | -36 |New root key material exists.| 3973| HUKS_ERROR_UPDATE_ROOT_KEY_MATERIAL_FAIL | -37 |Failed to update the root key material.| 3974| HUKS_ERROR_VERIFICATION_FAILED | -38 |Failed to verify the certificate chain.| 3975| HUKS_ERROR_CHECK_GET_ALG_FAIL | -100 |Failed to obtain the ALG. | 3976| HUKS_ERROR_CHECK_GET_KEY_SIZE_FAIL | -101 |Failed to obtain the key size.| 3977| HUKS_ERROR_CHECK_GET_PADDING_FAIL | -102 |Failed to obtain the padding algorithm.| 3978| HUKS_ERROR_CHECK_GET_PURPOSE_FAIL | -103 |Failed to obtain the key purpose.| 3979| HUKS_ERROR_CHECK_GET_DIGEST_FAIL | -104 |Failed to obtain the digest algorithm.| 3980| HUKS_ERROR_CHECK_GET_MODE_FAIL | -105 |Failed to obtain the cipher mode.| 3981| HUKS_ERROR_CHECK_GET_NONCE_FAIL | -106 |Failed to obtain the nonce.| 3982| HUKS_ERROR_CHECK_GET_AAD_FAIL | -107 |Failed to obtain the AAD.| 3983| HUKS_ERROR_CHECK_GET_IV_FAIL | -108 |Failed to obtain the initialization vector (IV).| 3984| HUKS_ERROR_CHECK_GET_AE_TAG_FAIL | -109 |Failed to obtain the AE flag.| 3985| HUKS_ERROR_CHECK_GET_SALT_FAIL | -110 |Failed to obtain the salt value.| 3986| HUKS_ERROR_CHECK_GET_ITERATION_FAIL | -111 |Failed to obtain the number of iterations.| 3987| HUKS_ERROR_INVALID_ALGORITHM | -112 |Invalid algorithm.| 3988| HUKS_ERROR_INVALID_KEY_SIZE | -113 |Invalid key size.| 3989| HUKS_ERROR_INVALID_PADDING | -114 |Invalid padding algorithm.| 3990| HUKS_ERROR_INVALID_PURPOSE | -115 |Invalid key purpose.| 3991| HUKS_ERROR_INVALID_MODE | -116 |Invalid cipher mode.| 3992| HUKS_ERROR_INVALID_DIGEST | -117 |Invalid digest algorithm.| 3993| HUKS_ERROR_INVALID_SIGNATURE_SIZE | -118 |Invalid signature size.| 3994| HUKS_ERROR_INVALID_IV | -119 |Invalid IV.| 3995| HUKS_ERROR_INVALID_AAD | -120 |Invalid AAD.| 3996| HUKS_ERROR_INVALID_NONCE | -121 |Invalid nonce.| 3997| HUKS_ERROR_INVALID_AE_TAG | -122 |Invalid AE tag.| 3998| HUKS_ERROR_INVALID_SALT | -123 |Invalid salt value.| 3999| HUKS_ERROR_INVALID_ITERATION | -124 |Invalid iteration count.| 4000| HUKS_ERROR_INVALID_OPERATION | -125 |Invalid operation.| 4001| HUKS_ERROR_INTERNAL_ERROR | -999 |Internal error.| 4002| HUKS_ERROR_UNKNOWN_ERROR | -1000 |Unknown error.| 4003