1# Specifying the User for Key Operations (for System Applications Only) 2 3<!--Kit: Universal Keystore Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @wutiantian-gitee--> 6<!--Designer: @HighLowWorld--> 7<!--Tester: @wxy1234564846--> 8<!--Adviser: @zengyawen--> 9 10To implement isolation and access control for key data, HUKS provides APIs with the user ID specified for concurrent key operations initiated by multiple users. 11 12>**NOTE**<br> 13> The mini-system devices do not support the operation described in this topic. 14 15## Constraints 16 17- The range of the caller user ID is **0** to **99**, including **0** and **99**. 18- The APIs are available only for system applications. 19 20## Available APIs 21 22APIs with the **userId** parameter are provided as enhancement to existing APIs. 23 24When using these APIs, observe the following: 25 261. You can pass in [HUKS_TAG_AUTH_STORAGE_LEVEL](../../reference/apis-universal-keystore-kit/capi-native-huks-type-h.md#oh_huks_authstoragelevel) in **options** to specify the security level for the key stored. 272. If you do not pass [HUKS_TAG_AUTH_STORAGE_LEVEL](../../reference/apis-universal-keystore-kit/capi-native-huks-type-h.md#oh_huks_authstoragelevel) in **options**, this API uses the key in the CE storage area corresponding to the specified **userId** by default, which is equivalent to passing in [HUKS_AUTH_STORAGE_LEVEL_CE](../../reference/apis-universal-keystore-kit/capi-native-huks-type-h.md#oh_huks_authstoragelevel). 28 29The algorithm specifications and the usage of the APIs are the same as those of the APIs without **userId**. 30 31| API with userId| Description| API Without userId| 32| -------- | -------- | ----------| 33| [generateKeyItemAsUser](../../reference/apis-universal-keystore-kit/js-apis-huks-sys.md#huksgeneratekeyitemasuser) | Generates a key. | [generateKeyItem](huks-key-generation-arkts.md) | 34| [deleteKeyItemAsUser](../../reference/apis-universal-keystore-kit/js-apis-huks-sys.md#huksdeletekeyitemasuser) | Deletes a key. | [deleteKeyItem](huks-delete-key-arkts.md) | 35| [importKeyItemAsUser](../../reference/apis-universal-keystore-kit/js-apis-huks-sys.md#huksimportkeyitemasuser) | Imports a key in plaintext. | [importKeyItem](huks-import-key-in-plaintext-arkts.md) | 36| [importWrappedKeyItemAsUser](../../reference/apis-universal-keystore-kit/js-apis-huks-sys.md#huksimportwrappedkeyitemasuser) | Imports an encrypted key. | [importWrappedKeyItem](huks-import-wrapped-key-arkts.md) | 37| [exportKeyItemAsUser](../../reference/apis-universal-keystore-kit/js-apis-huks-sys.md#huksexportkeyitemasuser) | Exports a key. | [exportKeyItem](huks-export-key-arkts.md) | 38| [getKeyItemPropertiesAsUser](../../reference/apis-universal-keystore-kit/js-apis-huks-sys.md#huksgetkeyitempropertiesasuser) | Obtains key properties. | [getKeyItemProperties](huks-obtain-key-properties-arkts.md) | 39| [hasKeyItemAsUser](../../reference/apis-universal-keystore-kit/js-apis-huks-sys.md#hukshaskeyitemasuser) | Checks whether a key exists. | [hasKeyItem](huks-check-key-arkts.md) | 40| [initSessionAsUser](../../reference/apis-universal-keystore-kit/js-apis-huks-sys.md#huksinitsessionasuser) | Initializes a key session. | initSession in [encryption and decryption](huks-encryption-decryption-arkts.md), [signing and signature verification](huks-signing-signature-verification-arkts.md), [key agreement](huks-key-agreement-arkts.md), and [key derivation](huks-key-derivation-arkts.md) | 41| [attestKeyItemAsUser](../../reference/apis-universal-keystore-kit/js-apis-huks-sys.md#huksattestkeyitemasuser) | Performs non-anonymous key attestation. | [attestKeyItem](huks-key-attestation-arkts.md) | 42| [anonAttestKeyItemAsUser](../../reference/apis-universal-keystore-kit/js-apis-huks-sys.md#huksanonattestkeyitemasuser) | Performs anonymous key attestation. | [anonAttestKeyItem](huks-key-anon-attestation-arkts.md) | 43