• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Certificate Management Overview
2
3<!--Kit: Device Certificate Kit-->
4<!--Subsystem: Security-->
5<!--Owner: @chaceli-->
6<!--Designer: @chande-->
7<!--Tester: @zhangzhi1995-->
8<!--Adviser: @zengyawen-->
9
10The **certManager** module provides system-level certificate management capabilities to implement management and secure use of certificates throughout their lifecycle (installation, storage, use, and destruction). In addition, it provides APIs for starting the certificate management dialog box so that you can view and manage certificates and credentials on the application UI.
11
12## Basic Concepts
13
14- Certificate: a file that is signed by a Certificate Authority (CA) and contains the public key owner information and public key. X.509 is a common certificate format.
15- Credential: private key corresponding to the public key in a certificate.
16- Keystore file: a file that contains the certificate and credential. PKCS#12 (.p12) is a common keystore file format.
17- Signature: ciphertext obtained by encrypting the message digest using the private key of an asymmetric key pair.
18- Signature verification: a process involving decrypting the signature using the signer's public key, generating a hash from the data received, and comparing the generated hash with the original hash. If the two hashes match, the signature is valid, which means the signed data has not been changed.
19
20### Certificate Lifecycle Management
21
22You can use the APIs provided by the **certManager** module to implement lifecycle management of service certificates/credentials and CA certificates. The certificate lifecycle management involves the following:
23
24- Certificate installation: You can use **install()** to pass in a certificate.
25
26- Certificate storage: The **certManager** module stores the installed certificate in a directory of the certificate manager service. The private key credential corresponding to the certificate is stored in the HUKS module.
27
28- Certificate usage: You can obtain a certificate file and perform service-related operations, and use the APIs provided by **certManager** module to implement signing and signature verification with the certificate and private key.
29
30- Certificate destruction: You can use APIs to destroy one or more certificates or credentials stored in the directory of the certificate manager service.
31
32### Certificate Management Dialog Box
33
34The certificate management dialog box allows you to view and manage certificates and credentials on the application UI.
35
36- Certificate viewing: View the list and details of CA certificates and credentials.
37
38- Certificate installation: Install user CA certificates and credentials from the storage device. For 2-in-1 devices, you can directly call the dialog box API for installing certificates to install CA certificates.
39
40- Certificate deletion: Delete a specified user CA certificate. For 2-in-1 devices, you can directly call the dialog box API for deleting certificates to delete CA certificates.
41
42- Certificate details: For 2-in-1 devices, you can call the dialog box API for viewing certificate details to display certificate details.
43
44## Constraints
45
46Currently, this module supports only the installation and use of application certificates and credentials of the RSA, ECC, and SM2 algorithms.
47
48## Development
49
50You can use this module to implement the following functionalities.
51
52- [Application Certificate Development](certManager-private-credential-guidelines.md)
53- [CA Certificate Development](certManager-ca-certs-guidelines.md)
54- [Certificate Management Dialog Box Development](certManagerDialog-guidelines.md)
55